20230526-0500-redmine-maintenance

README.rst

リリース手順再掲

• 旧Redmineをサービス停止（systemctlで止める）
• RDSスナップショット作成（aws console手動）
• 新RedmineのDB参照を本番に切り替え（Ansible実行）
• DNS切り替え（事前にTTLを下げておく）
• 軽く動作検証

手順詳細

• 旧Redmineをサービス停止（systemctlで止める）:

  sudo systemctl status redmine
  sudo systemctl stop redmine
  sudo systemctl status redmine  #  Active: inactive (dead)  となっていればOK
  
  sudo systemctl status redmine-fetch-changesets.timer
  sudo systemctl stop redmine-fetch-changesets.timer
  sudo systemctl status redmine-fetch-changesets.timer  #  Active: inactive (dead)  となっていればOK

• RDSスナップショット作成（aws console手動）
  • https://ap-northeast-1.console.aws.amazon.com/rds/home?region=ap-northeast-1#snapshots-list: で作成
  • ファイル名: t104069-backup-20230526
• 新RedmineのDB参照を本番に切り替え（Ansible実行）
  • inventories/production_aws/host_vars/bpredmine.yml の以下の値を現行本番の値で置き換え
    • redmine_database_username
    • redmine_database_password
    • redmine_database_database
  • Ansible実行でMigrationが走るかよく見る
• Route53 DNS切り替え（事前にTTLを下げておく）
  • project.beproud.jp. 60 IN A 203.152.213.166 既に60だった（60！？）
  • project2.beproud.jp がALBを向いているので、同じ設定にする
• 軽く動作検証
  • 日本語読み書き
  • メール通知
  • Slack通知

実施結果.rst

• 旧Redmineをサービス停止（systemctlで止める）:

  shimizukawa@project-redmine:~$ sudo systemctl status redmine
  * redmine.service - Beproud Redmine
  Loaded: loaded (/etc/systemd/system/redmine.service; enabled; vendor preset: enabled)
  Active: active (running) since Thu 2023-05-18 15:07:09 JST; 1 weeks 0 days ago
  Main PID: 2504 (ruby2.5)
      Tasks: 23 (limit: 2307)
  CGroup: /system.slice/redmine.service
          |-2504 unicorn master -c /var/www/src/config/unicorn.config.rb -E production
          |-2543 unicorn worker[0] -c /var/www/src/config/unicorn.config.rb -E production
          |-2546 unicorn worker[1] -c /var/www/src/config/unicorn.config.rb -E production
          |-2549 unicorn worker[2] -c /var/www/src/config/unicorn.config.rb -E production
          `-2555 unicorn worker[3] -c /var/www/src/config/unicorn.config.rb -E production
  
  May 18 15:07:09 project-redmine systemd[1]: Started Beproud Redmine.
  shimizukawa@project-redmine:~$ sudo systemctl stop redmine
  shimizukawa@project-redmine:~$ sudo systemctl status redmine
  * redmine.service - Beproud Redmine
  Loaded: loaded (/etc/systemd/system/redmine.service; enabled; vendor preset: enabled)
  Active: inactive (dead) since Fri 2023-05-26 05:04:30 JST; 4s ago
  Process: 2504 ExecStart=/usr/bin/bundle exec unicorn -c /var/www/src/config/unicorn.config.rb -E production (code=exited, status=0/SU
  Main PID: 2504 (code=exited, status=0/SUCCESS)
  
  May 18 15:07:09 project-redmine systemd[1]: Started Beproud Redmine.
  May 26 05:04:19 project-redmine systemd[1]: Stopping Beproud Redmine...
  May 26 05:04:30 project-redmine systemd[1]: Stopped Beproud Redmine.
  
  
  shimizukawa@project-redmine:~$ sudo systemctl status redmine-fetch-changesets.timer
  * redmine-fetch-changesets.timer - fetch_changesets
  Loaded: loaded (/etc/systemd/system/redmine-fetch-changesets.timer; enabled; vendor preset: enabled)
  Active: active (waiting) since Fri 2023-05-19 11:23:19 JST; 6 days ago
  Trigger: Fri 2023-05-26 05:10:00 JST; 4min 12s left
  
  May 19 11:23:19 project-redmine systemd[1]: Started fetch_changesets.
  shimizukawa@project-redmine:~$ sudo systemctl stop redmine-fetch-changesets.timer
  shimizukawa@project-redmine:~$ sudo systemctl status redmine-fetch-changesets.timer
  * redmine-fetch-changesets.timer - fetch_changesets
  Loaded: loaded (/etc/systemd/system/redmine-fetch-changesets.timer; enabled; vendor preset: enabled)
  Active: inactive (dead) since Fri 2023-05-26 05:05:54 JST; 8s ago
  Trigger: n/a
  
  May 19 11:23:19 project-redmine systemd[1]: Started fetch_changesets.
  May 26 05:05:54 project-redmine systemd[1]: Stopped fetch_changesets.

• RDSスナップショット作成（aws console手動）
  • https://ap-northeast-1.console.aws.amazon.com/rds/home?region=ap-northeast-1#snapshots-list: で作成
  • ファイル名: t104069-backup-20230526

  • 実行結果:

    May 26, 2023, 05:07 (UTC+09:00) Creating manual cluster snapshot
    May 26, 2023, 05:11 (UTC+09:00) Manual cluster snapshot created

• 新RedmineのDB参照を本番に切り替え（Ansible実行）

  • inventories/production_aws/host_vars/bpredmine.yml の値を現行本番の値で置き換え

    https://github.com/beproud/bpredmine/commit/5aa8fec761b5c5b145e023df5435640a1f1f15fd

  • Ansible実行でMigrationが走るかよく見る:

    .venv/bin/ansible-playbook --vault-password-file=.vault_pass --diff -i inventories/production_aws site.yml -e redmine_migrate=true -e redmine_plugin_migrate=true
    
    
    Migrate database schemas
    Access denied for user 'redmine'@'172.20.1.194'

  • mysqlを入れてgrantする:

    ubuntu@ip-172-20-1-194:~$ sudo apt install mysql-client-core-8.0
    Reading package lists... Done
    Building dependency tree       
    Reading state information... Done
    The following NEW packages will be installed:
    mysql-client-core-8.0
    0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
    Need to get 5173 kB of archives.
    After this operation, 75.5 MB of additional disk space will be used.
    Get:1 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu focal-updates/main amd64 mysql-client-core-8.0 amd64 8.0.33-0ubuntu0.20.04.2 [5173 kB]
    Fetched 5173 kB in 0s (67.4 MB/s)              
    Selecting previously unselected package mysql-client-core-8.0.
    (Reading database ... 72725 files and directories currently installed.)
    Preparing to unpack .../mysql-cliGent-core-8.0_8.0.33-0ubuntu0.20.04.2_amd64.deb ...
    Unpacking mysql-client-core-8.0 (8.0.33-0ubuntu0.20.04.2) ...
    Setting up mysql-client-core-8.0 (8.0.33-0ubuntu0.20.04.2) ...
    Processing triggers for man-db (2.9.1-1) ...
    
    ubuntu@ip-172-20-1-194:~$ mysql -h bpinfra-project-db.cluster-cdjbunmw5xj0.ap-northeast-1.rds.amazonaws.com --ssl-mode=VERIFY_CA --ssl-ca /var/www/src/global-bundle.pem  -u root -p
    Enter password: 
    ERROR 1045 (28000): Access denied for user 'root'@'172.20.1.194' (using password: YES)
    
    mysql> select User,Host from mysql.user;
    +-----------------+-----------------+
    | User            | Host            |
    +-----------------+-----------------+
    | root            | %               |
    | redmine_awstest | 172.20.%        |
    | haro            | 172.20.3.%      |
    | haro_test       | 172.20.3.%      |
    | haro            | 203.152.213.161 |
    | haro_test       | 203.152.213.161 |
    | kintai          | 203.152.213.161 |
    | redmine         | 203.152.213.161 |
    | tommy           | 203.152.213.161 |
    | mysql.sys       | localhost       |
    | rdsadmin        | localhost       |
    +-----------------+-----------------+
    11 rows in set (0.00 sec)
    
    Access denied for user 'redmine'@'172.20.1.194' だから、
    'redmine'@'172.20.%' でいいかな
    
    mysql> grant all privileges on redmine.* to "redmine"@"172.20.%" identified by '<password';
    Query OK, 0 rows affected, 1 warning (0.03 sec)
    
    mysql> show grants for "redmine"@"172.20.%";
    +-------------------------------------------------------------+
    | Grants for redmine@172.20.%                                 |
    +-------------------------------------------------------------+
    | GRANT USAGE ON *.* TO 'redmine'@'172.20.%'                  |
    | GRANT ALL PRIVILEGES ON `redmine`.* TO 'redmine'@'172.20.%' |
    +-------------------------------------------------------------+
    2 rows in set (0.00 sec)
    
    よさそう
    
    $ mysql -h bpinfra-project-db.cluster-cdjbunmw5xj0.ap-northeast-1.rds.amazonaws.com --ssl-mode=VERIFY_CA --ssl-ca /var/www/src/global-bundle.pem -u redmine -p redmine
    Enter password: 
    Welcome to the MySQL monitor.  Commands end with ; or \g.
    Your MySQL connection id is 679483
    Server version: 5.7.12-log MySQL Community Server (GPL)
    
    Copyright (c) 2000, 2023, Oracle and/or its affiliates.
    
    Oracle is a registered trademark of Oracle Corporation and/or its
    affiliates. Other names may be trademarks of their respective
    owners.
    
    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
    
    mysql> 
    
    Ansible再実行
    通った
    
    TASK [redmine : Migrate database schemas] *********************************************************************************************
    [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may
    be insecure. For information on securing this, see https://docs.ansible.com/ansible-core/2.14/user_guide/become.html#risks-of-
    becoming-an-unprivileged-user
    changed: [bpredmine]
    
    何かが適用されたっぽい
    完了

• Route53 DNS切り替え（事前にTTLを下げておく）
  • project.beproud.jp. 60 IN A 203.152.213.166 既に60だった（60！？）
  • project2.beproud.jp がALBを向いているので、同じ設定にする
    • dualstack.project-1048236577.ap-northeast-1.elb.amazonaws.com. に向けた
• 軽く動作検証
  • 日本語読み書き -> OK
  • メール通知 -> OK
  • Slack通知 -> OK