search

wincent / masochist

⛓ Website infrastructure for over-engineers
MIT License
78 stars 26 forks source link

Migrate to "Amazon Linux 2" (before 2021) #136

Closed wincent closed 2 years ago

wincent commented 5 years ago

Seeing as it looks like the Amazon Linux AMI isn't going to get any more updates:

~Deadline for this is June 30, 2020, according to this post.~

Looks like security fixes will continue to made available until end of 2020:

Q. Will AWS support Amazon Linux AMI going forward?

Yes. To facilitate migration to Amazon Linux 2, AWS will provide security updates for the last version of Amazon Linux and container image until December 31, 2020.

And "maintenance support" until June 30, 2023:

Beyond December 31, 2020, the Amazon Linux AMI will enter a new maintenance support period that extends to June 30, 2023.

During this maintenance support period:

  • The Amazon Linux AMI will only receive critical and important security updates for a reduced set of packages.
  • It will no longer be guaranteed to support new EC2 platform capabilities, or new AWS features.

Supported packages will include:

  • The Linux kernel,
  • Low-level system libraries such as glibc and openssl,
  • Popular packages that are still in a supported state in their upstream sources, such as MySQL and PHP.

We will provide a detailed list of supported and unsupported packages in future posts.

Potentially useful: https://aws.amazon.com/about-aws/whats-new/2019/03/announcing_the_amazon_linux_2_preupgrade_assistant/

Probably want to take the opportunity to simplify as much as possible in the move; eg. might be able to drop gitweb installation (seeing as with mirrors at multiple hosting sites it just seems like an unnecessary source of potential security holes). I think I still want to keep the Git repos and git-daemon as well. It is useful to have a canonical source.

wincent commented 4 years ago

Upgrade assistant:

sudo yum install -y preupgrade-assistant preupgrade-assistant-al1toal2
sudo preupg

On both machines we get output like the following (excerpted):

Result table with checks and their results for 'main contents':
--------------------------------------------------
|Grub 2                       |notapplicable     |
|mysql to mariadb             |notapplicable     |
|Extras provide packages      |informational     |
|Release Lock                 |informational     |
|SoName drift                 |informational     |
|Python Native Packages       |needs_inspection  |
--------------------------------------------------
The tarball with results is stored in '/root/preupgrade-results/preupg_results-200417141552.tar.gz' .
The latest assessment is stored in the '/root/preupgrade' directory.
Summary information:
We have found some potential risks.
Read the full report file '/root/preupgrade/result.html' for more details.
Please ensure you have backed up your system and/or data
before doing a system upgrade to prevent loss of data in
case the upgrade fails and full re-install of the system
from installation media is needed.

Mostly doesn't say anything interesting, except perhaps this (zenyatta):

CleanShot 2020-04-17 at 16 23 12@2x

And this (masochist):

CleanShot 2020-04-17 at 16 24 19@2x

wincent commented 2 years ago

I already did this and forgot to close it. Of course, now Amazon has announced Amazon Linux 2022. I'll create a separate ticket for that.