Upgrading my Yunohost to 4.x

Following several pull requests from moutonjr - who by the way is way more effective than me at YNH packaging - on my restic_ynh repository I wanted to test it on …​ well …​ my test instance. The problem is that my instance was running YNH 3.x on debian stretch and I felt like it would be better to upgrade it before testing anything.

So I migrated the test instance, which was quite easy, and I could test the said pull request. I got a little carried away and thought I would do the same with my production instance, it shouldn’t be much more complicated right? Any sysadmin would laugh at those words…​

Test instance migration

I had some warnings from apt complaining that some sources were listed multiple times, so I fixed it before anything else. The culprit was a sury sources file that must have had been installed by a previous Nextcloud update. Anyway it was now useless so I ditched it. Another source file had the same line listed twice, I just deleted one of them.

The next step was updating the system and YNH applications.

yunohost tools update --system
yunohost tools upgrade --system
yunohost tools update --apps
yunohost tools upgrade --apps

That last step was a bit tedious as some applications required yunohost 4 to be updated, those would error out and block the update process for the remaining applications. I had to proceed by trial and error and specify the applications I wanted to update: yunohost tools upgrade --apps <app1> <app2> …​

Once this was done I had to run a last apt update && apt upgrade -y

Everything was set for the upgrade, it was the perfect time for me to make a snapshot of my virtual machine.

I proceeded with yunohost tools migrations migrate, read the disclaimer then yunohost tools migrations migrate --accept-disclaimer

Everything went right, the process took about three or four hours I think, didn’t pay too much attention.

After the migration everything was working but lufi and lutim. A quick look at the status of both services made me think that something had to be recompiled following the upgrade:

ListUtil.c: loadable library and perl binaries are mismatched

I chose the easiest path by reinstalling both applications since I do not store anything permanent in those. There must have been some cleaner way to handle this but I wasn’t feeling like looking for it.

The last thing I had to do was to upgrade those applications requiring Yunohost 4 with a new yunohost tools update --apps && yunohost tools upgrade --apps

Production instance migration

At this point I had already reached my goal: my test instance was up-to-date and my new restic package was installed and tested. All this took about half a day, but really less than half an hour if we don’t count the hours waiting for the migration to finish.

I had this great idea: do the same in production! What could go wrong?

Some little things here and there…​

The mail server

The worst problem for me following the upgrade was that I could not connect to the mail server. I tried with Thunderbird, with my android client (FairEmail) and with the web interface, all failed.

I know this is IMAP and I know it is handled by dovecot, so I went checking the service’s journal:

journalctl -u dovecot
# ...
# Error: Failed to initialize SSL server context: Can't load DH parameters:
# error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small

I went on checking the state of the service: systemctl status dovecot which told me how to generate a new DH key and set it up in the dovecot configuration and that is exactly what I did. Following that and a restart of both dovecot and sogo services, everything was working again.

I won’t go any further into the details, we will later see that I wasn’t supposed to do that.

I saw that in the meantime I had received several e-mails so that’s proof that my server was indeed still able to receive messages even though I could not retrieve them.

Lufi and Lutim

Nothing special there, same error than on the test instance, same solution, still not the best but I was still unwilling to look any further: reinstallation.

Mastodon

This was the big one. When connecting to the usual URL I get a Grafana page.

No way I could get lazy and do the same thing as lufi and lutim, I did not know how the application would react if I reinstall it, we’re talking about a federated social network with multiple connexions to other instances.

I had already had that problem in the past and had solved it quite easily with an update. So that’s what I tried…​

That was a big fat fail: I had launched the update at 8AM and when I checked at 6PM I saw that the update had failed and a restoration was running. The CPU load was off the charts and the system was swapping as hell, I decided to kill the process (Ctrl+C).

My instance had never been very fast but I had also never found it disturbingly slow. Nonetheless I upgraded the virtual machine from two to four CPUs.

New try, new fail, this time even quicker, which is quite logical since I had left the application in an unknown state when I killed the restoration process.

Since the restoration had not finished, the backup file was still in /home/yunohost.backup/tmp/ so I decided to use it:

yunohost backup restore mastodon-pre-upgrade1 --apps mastodon  # errored out since the app was already installed  (1)
yunohost app remove mastodon
yunohost backup restore mastodon-pre-upgrade1 --apps mastodon
1 We can list available local backups with yunohost backup list Apparently those are backups made automatically before any upgrade or with a manual backup such as yunohost backup create --apps <app>

It took several hours but it worked. Sadly, the app was still not working.

A yunohost service status tells me that mastodon-sidekiq and mastodon-web are stopped.

A systemctl status mastodon-sidekiq tells me amongst other things that gem nokogiri is missing.

Ok, so:

apt update && apt install mlocate  (1)
updatedb  (1)
locate mastodon | grep -i gemfile
# /var/www/mastodon/live/Gemfile
grep nokogiri /var/www/mastodon/live/Gemfile
# returns one line so I should be able to
# install the missing gem with this file
cd /var/www/mastodon/live
./bin/bundle install
# installs several gems
1 I rather use locate than find when I’m looking for files, furthermore when I don’t know where to look. I install it, since I know it will come in handy later on.

Since the missing gem and several others had been installed, I started the services that were failing:

systemctl restart mastodon-sidekiq
systemctl restart mastodon-web

Even though sidekiq did indeed restart, web was still reluctant.

systemctl status mastodon-web tells me that the port 3000 it wants to use is already taken.

netstat -tupanl | grep 3000 tells me the culprit is grafana. I try killing the process, no success. After a reboot everything works like a charm.

Now I’m thinking 'Nice, I am close to the goal, now that the application is working, I update it and everything will be fine'. I couldn’t be more wrong! I have a look at the error messages, something about a missing index, I am again facing a stuck restoration.

From what I read on the offical Mastodon repository this has nothing to do with Yunohost (the index thing). Whatever, I decide to restore the new pre-migration backup and take care of that later.

So now I do have a working mastodon but no up-to-date. To be continued…​

When reading that section I realized I should have run the bundle install command with the mastodon account instead of root. I don’t think it should be that much of an issue but still I ran a chown -R mastodon: /var/www/mastodon.

Yunohost diagnosis

As stipulated in the documentation, I should have run the diagnosis before anything else, it would have spared me some debugging and manual modifications. I’ll think about it next time :)

After the reboot for mastodon, the diagnosis lists lufi as failing, the logs say that the database was still starting. A simple systemctl start lufi fixed it, I will have to nofity the package maintainer about that.

I had other warnings about configuration files that had been hand modified and had to be regenerated:

  • nslcd

  • nsswitch.conf

  • dovecot.conf

  • sshd_config

For each one of them I checked the diff, backed up the file and regenerated it, all that using the commands given by the diagnosis tool.

The problem with nslcd and nsswitch.conf is a known bug listed in the migration process page.

For dovecot.conf it had to do with the modification I described earlier and another one I talked about in another post.

For sshd_config it was about the listening port that I had changed and some other changes made by the update.

I restarded nslcd and dovecot to take the changes into account but I changed the ssh listen port to my custom value before restarting it.

After some tests, the connection problem I talked about a while back reappeared, so I applied the same solution.

Post migration

I updated the applications that required Yunohost 4 and made sure to not list mastodon.

I still have to try to update mastodon, I’ll have a look at the suggested fixes from the issue open in the upstream repository. Unfortunately it has been opened since july and is still not solved.

Conclusion

I can’t even imagin the amount of work required to make such a migration work. Congrats and thanks to those that worked on it and I’m still a big fan of Yunohost :)