Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Debian upgrades of Tails nodes

:warning: This page documents what i recall from the upgrade procedure which, as far as i know, was undocumented until the moment of writing. It may be incomplete and we may do something different for the bookwormtrixie upgrades (see tpo/tpa/team#42071).

  1. Update the profile::tails::apt class to account for the new version.
  2. For each node:
    1. Check that services are not currently running a non-interruptible task. For example jenkins workers should not be currently running a task. Disconnect the worker to avoid it getting a new task assigned during the upgrade.
    2. Start a tmux or screen session on the host where the upgrade will be happening.
    3. Set profile::tails::apt::codename in hiera for the node with the codename of the new debian version, commit, push.
    4. Run Puppet once so the distro codename is updated.
    5. Run apt full-upgrade and apt autopurge manually.
    6. Run Puppet in the node until it converges.
    7. Reboot the machine.
    8. Check that everything works fine.
  3. Once all nodes have been upgraded, update the $codename parameter in the profile::tails::apt class and remove the per-node configuration in hiera.