Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade Nginx Plus Load Balancers to Ubuntu Jammy #5670

Open
4 of 6 tasks
kayiwa opened this issue Dec 30, 2024 · 0 comments
Open
4 of 6 tasks

Upgrade Nginx Plus Load Balancers to Ubuntu Jammy #5670

kayiwa opened this issue Dec 30, 2024 · 0 comments
Assignees
Labels
Operations pulls issues into the Operations ZenHub board

Comments

@kayiwa
Copy link
Member

kayiwa commented Dec 30, 2024

This ticket outlines the plan to upgrade our two Nginx Plus load balancers (lib-adc1 and lib-adc2) from Ubuntu Focal (20.04) to Ubuntu Jammy (22.04) with zero downtime.

Background:

Ubuntu Focal is nearing its end of life. Upgrading to Jammy will provide security updates and new features.
Nginx Plus is critical for our infrastructure, so the upgrade must be performed with zero downtime.
Goals:

Upgrade both lib-adc1 and lib-adc2 to Ubuntu Jammy.
Maintain high availability throughout the upgrade process.
Minimize any disruption to services.

Runbook details

We will use a blue-green deployment strategy to ensure zero downtime:

Provision new servers: Spin up two new servers (adc-prod1 and adc-prod2) with Ubuntu Jammy and the latest version of Nginx Plus.
Configure new load balancers: Replicate the configuration from lib-adc1 and lib-adc2 to adc-prod1 and adc-prod2, ensuring all settings, certificates, and configurations are identical.
Test new load balancers: Thoroughly test adc-prod1 and adc-prod2 to ensure they function correctly and handle traffic as expected.
Redirect traffic to new load balancers: Gradually redirect traffic from lib-adc1 and lib-adc2 to adc-prod1 and adc-prod2. This will be done using DNS changes, VRRP and keepalived in front of the load balancers.

Monitor: Closely monitor the new load balancers for any issues during the traffic transition.
Decommission old load balancers:

Once traffic is fully migrated and the new load balancers are stable, decommission lib-adc1 and lib-adc2.
Rollback Plan:

In case of any issues during the upgrade, we will immediately redirect traffic back to the original load balancers (lib-adc1 and lib-adc2).

Tasks:

  • Create new server instances (adc-prod1 and adc-prod2) with Ubuntu Jammy.
  • Install and configure Nginx Plus on adc-prod1 and adc-prod2.
  • Replicate configuration from lib-adc1/lib-adc2 to adc-prod1/adc-prod2.
  • Test adc-prod1 and adc-prod2
  • Decommission lib-adc1 and lib-adc2.
  • Revoke any unneeded SSL certificates (we currently have 8)
@kayiwa kayiwa self-assigned this Dec 30, 2024
@kayiwa kayiwa assigned aruiz1789 and unassigned kayiwa Dec 30, 2024
kayiwa added a commit that referenced this issue Dec 31, 2024
upstream nginx caches at `/var/cache/nginx` we move the location of our
caches here. This allows us to add new sites without having to first
create the path at `/data/nginx/<site_name>`

related #5670

closes #3714
@kayiwa kayiwa added post-incident created from a post-incident meeting and removed post-incident created from a post-incident meeting labels Dec 31, 2024
@acozine acozine added the Operations pulls issues into the Operations ZenHub board label Jan 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Operations pulls issues into the Operations ZenHub board
Projects
None yet
Development

No branches or pull requests

3 participants