Closed dereuromark closed 7 years ago
That would require generating a new box using https://github.com/alt3/cakebox-builder. I have no short term plans so a manual upgrade would be the quickest route atm.
For security reasons it soon becomes vital that the box ships with current defaults and mainly also php7.0+ (better 7.1) by default.
This is used for local development. What security reasons are there around upgrading this now?
In all honesty this PR could hypothetically introduce security issues but IMHO those are far-fetched as the intended usage is for (really local) LAN only and holds no ground as a must-upgrade-now argument. Besides that I see:
Lastly, if PHP gets touched it will no longer be single-version oriented but instead implement one of the many solutions out there supporting multiple PHP versions (the single design error we made when thinking up the box).
One more thing to hopefully prevent this from sounding to negative/unwilling. While adding the backup functionality I thought about adding a (new) bash upgrade script instead of creating a new box. IMO this would be the desired route since it would mean existing cakebox could keep using their existing boxes.
E.g. executed after some boolean switch in the yaml (e.g. autoUpdate
). This would then also be usable for upgrading/replacing PHP, updating sql, security patches, etc.
I just managed to do an in-box upgrade so this feature is surely coming now, PHP 7.1 included.
I will need some time to integrate this with cakebox provisioning but these are the steps if you want to do the upgrade manually;
## Remove this directory as it will prevent do-release-upgrade building the new kernel image
sudo rm /etc/udev/rules.d/70-persistent-net.rules/ -rf
## Run dist-upgrade to upgrade installed packages and build new kernel
## image as preparation for major version upgrade (--confold to prefer
## keeping existing confs to not break e.g. IP configuration)
sudo DEBIAN_FRONTEND='noninteractive' apt-get -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' dist-upgrade
## ============================================
## FYI software has already been upgraded here:
##
## lsb_release -a => 16.04.2 LTS
## php -v => php 7.1.3
## hhvm --version => hhvm 3.18.1
## nginx -v => nginx 1.11.9
## ============================================
## Remove no longer required packages and clean up apt
sudo apt-get autoremove --assume-yes
sudo apt-get clean --assume-yes
sudo apt-get autoclean --assume-yes
## Make sure release-upgrade (and java) don't block on required user-input
echo 'DPkg::options { "--force-confdef"; "--force-confmiss"; }' | sudo tee /etc/apt/apt.conf.d/local
## Upgrade to 16.04 LTS (not using DistUpgradeViewNonInteractive because of lacking console feedback)
sudo sh -c 'echo "y\ny\ny\ny\n" | DEBIAN_FRONTEND=noninteractive /usr/bin/do-release-upgrade'
## Cakebox specific cleanup:
sudo rm /etc/nginx/sites-available/default.dpkg-dist
sudo rm /etc/update-motd.d/10-help-text
sudo rm /etc/apt/apt.conf.d/50unattended-upgrades.ucf-dist
## ==================
## === snapshot =====
## ==================
## =========================================================
## Install php7.1-fpm and re-install now missing 7.1 modules
## =========================================================
sudo add-apt-repository ppa:ondrej/php --yes
sudo apt-get update
sudo apt-get autoremove --assume-yes
sudo apt-get clean --assume-yes
sudo apt-get autoclean --assume-yes
sudo apt-get install php7.1-fpm --assume-yes
sudo apt-get install php7.1-apc --assume-yes
sudo apt-get install php7.1-bcmath --assume-yes
sudo apt-get install php7.1-bz2 --assume-yes
sudo apt-get install php7.1-curl --assume-yes
sudo apt-get install php7.1-dba --assume-yes
sudo apt-get install php7.1-dom --assume-yes
sudo apt-get install php7.1-gd --assume-yes
sudo apt-get install php7.1-gearman --assume-yes
sudo apt-get install php7.1-geoip --assume-yes
sudo apt-get install php7.1-gmp --assume-yes
sudo apt-get install php7.1-imagick --assume-yes
sudo apt-get install php7.1-imap --assume-yes
sudo apt-get install php7.1-intl --assume-yes
sudo apt-get install php7.1-json --assume-yes
sudo apt-get install php7.1-mbstring --assume-yes
sudo apt-get install php7.1-mcrypt --assume-yes
sudo apt-get install php7.1-memcache --assume-yes
sudo apt-get install php7.1-memcached --assume-yes
sudo apt-get install php7.1-mysql --assume-yes
sudo apt-get install php7.1-mysqli --assume-yes
sudo apt-get install php7.1-readline --assume-yes
sudo apt-get install php7.1-redis --assume-yes
sudo apt-get install php7.1-soap --assume-yes
sudo apt-get install php7.1-sqlite3 --assume-yes
sudo apt-get install php7.1-xdebug --assume-yes
sudo apt-get install php7.1-xmlwriter --assume-yes
sudo apt-get install php7.1-zip --assume-yes
##sudo apt-get install php7.1-zlib --assume-yes
## Replace php5-fpm in all existing nginx vhosts and cakebox vhost-command templates
sudo find /etc/nginx/sites-available/ -type f -exec sed -i 's/php5-fpm/php\/php7.1-fpm/g' {} +
sudo find /cakebox/console/src/Template/bake/ -type f -exec sed -i 's/php5-fpm/php\/php7.1-fpm/g' {} +
## Add launchpad ppa to source.list before installing nodejs 7
cd /tmp
curl -sL https://deb.nodesource.com/setup_7.x | sudo -E bash -
sudo apt-get install -y nodejs
## Re-install java (1.8)
sudo add-apt-repository ppa:webupd8team/java --yes
sudo apt-get update
echo "oracle-java8-installer shared/accepted-oracle-license-v1-1 select true" | sudo debconf-set-selections
sudo apt-get install oracle-java8-installer --assume-yes
## Remove temporary workaround to prevent user-input blocking
sudo rm /etc/apt/apt.conf.d/local
## Restart services to make sure cakebox dashboard keeps functioning
sudo service php7.1-fpm restart
sudo service nginx restart
## All done, new kernel becomes active after vm after vm reboot
## This step is optional and done running ` `vagrant reload` on local machine.
## After reboot, the following command should show kernel 4.4.0-66
uname -r
Input needed: any php modules you would like to see added to this current cakebox-installed-list:
sudo apt-get install php7.1-apc --assume-yes
sudo apt-get install php7.1-bcmath --assume-yes
sudo apt-get install php7.1-bz2 --assume-yes
sudo apt-get install php7.1-curl --assume-yes
sudo apt-get install php7.1-dba --assume-yes
sudo apt-get install php7.1-dom --assume-yes
sudo apt-get install php7.1-gd --assume-yes
sudo apt-get install php7.1-gearman --assume-yes
sudo apt-get install php7.1-geoip --assume-yes
sudo apt-get install php7.1-gmp --assume-yes
sudo apt-get install php7.1-imagick --assume-yes
sudo apt-get install php7.1-imap --assume-yes
sudo apt-get install php7.1-intl --assume-yes
sudo apt-get install php7.1-json --assume-yes
sudo apt-get install php7.1-mbstring --assume-yes
sudo apt-get install php7.1-mcrypt --assume-yes
sudo apt-get install php7.1-memcache --assume-yes
sudo apt-get install php7.1-memcached --assume-yes
sudo apt-get install php7.1-mysql --assume-yes
sudo apt-get install php7.1-mysqli --assume-yes
sudo apt-get install php7.1-readline --assume-yes
sudo apt-get install php7.1-redis --assume-yes
sudo apt-get install php7.1-soap --assume-yes
sudo apt-get install php7.1-sqlite3 --assume-yes
sudo apt-get install php7.1-xdebug --assume-yes
sudo apt-get install php7.1-xmlwriter --assume-yes
sudo apt-get install php7.1-zip --assume-yes
sudo apt-get install php7.1-zlib --assume-yes
Looks pretty good What I always have to install (for all the frontend things):
Right, I might just pop node in there as well (if it's not too complicated).
node's in there too, see the todo-list
Assistance appreciated as I seem to be a bit in a bit of a race-condition pickle here after upgrading to php 7.1.
Seems CakeboxExecute.php still makes heavy use of conflicting Cake\Utility\String breaking vagrant provisioning;
==> default: PHP Fatal error: Cannot use Cake\Utility\String as String because String' is a special class name in /cakebox/console/src/Lib/CakeboxExecute.php on line 11
Those should directly be replacable with Text:: calls I would say.
Let me see if updating the console prior to upgrading solves things, thanks
I just upgraded my production vm using the merged upgrade script.
Due to the complexity of the upgrade I chose to :
/cakebox/bash/ubuntu-16.sh
to perform the in-box upgradevagrant snapshot push
git pull
vagrant reload --provision
/cakebox/bash/ubuntu-16.sh
vagrant reload
All information regarding the upgrade can be found in:
/var/log/apt/term.log
: all apt removals, installations and cleanups/var/log/dist-upgrade/*
: all logging related to the 16.04 version upgradeIf things go wrong simply restore the pre-upgrade state of your box by running `vagrant snapshot pop
on your local machine.
Feel free to test. BTW I updated the cakebox-console repo to CakePHP 3.4 so there might be some bugs in the dashboard and application. Fixes would be welcome. E.g.
Confirmation that the daily backups are functioning as expected would be welcome too: #76
Any way to have 16 by default already?