It was brought to my attention that I erred in my announcement of the changed date of the kernel upgrade.  I posted it would be Friday August 24th, but the correct date is Friday August 26th.  A customer felt this was ambiguous since the 24th was on a Wednesday not Friday and asked me to clarify.

     For future reference, kernel upgrades and most major service interrupting maintenance takes place Fridays usually starting at 11PM.  The reason for this is to give the maximum amount of time before the business week to recover in the event of severe problems with the procedure in question.

     A kernel upgrade for all of eskimo.com’s services scheduled for August 17th at 11pm PDT has been postponed until August 24th because kernel 5.19.2 came out this Wednesday after I had already built and partially deployed 5.19.1.  5.19.1 contained only three very small fixes so did not require extensive testing but 5.19.2 contains far more significant changes and many so there is a much greater potential for instability to be introduced.  And one day is really too tight to deploy to all the machines so going to shoot for next Friday instead in order to give it time to soak and to deploy to all the machines.  5.19.0 has both performed extremely well and been stable so there is no real incentive to get this upgrade pushed out quickly.

     Nextcloud (https://nextcloud.eskimo.com) is repaired and up to the current stable release of 24.0.2.4.

     There were a three apps that were broken but not listed as incompatible.

     Nextcloud is down.  Something went horribly wrong during an update last night.  I tried to roll back to the previous version and it’s not working either.  It appears to be an issue with apps but I haven’t been able to isolate which yet and this is a painful and slow process.

     I am planning a kernel upgrade this Friday, August 19th, at 11pm Pacific Daylight Time (GMT-0700).

     This will affect all Eskimo North services, shell servers, e-mail, web hosting, other hosting, https://friendica.eskimo.com/, https://hubzilla.eskimo.com/, https://nextcloud.eskimo.com, https://yacy.eskimo.com/, and https://www.eskimo.com/.

     I do not expect the downtime for any one service to exceed ten minutes and the whole process should be completed by approximately 11:30PM.  I am expecting this to go reasonably smooth as 5.19.0 was very smooth and 5.19.1 only contained three very small fixes, one where a function was missing a return so if it did not return on some conditionals it could return with random results, and two that are bounds checks in the QEMU-KVM system that would not come into play unless something else went wrong.

     Fedora is now again accessible from the outside world.  The fail2ban folks have fixed fail2ban so that it works properly (if not a bit slowly) with python 3.11 used by Fedora.

     The kernel upgrade to 5.19.0 went amazingly smooth this evening with only one service (dovecot) not starting on one machine (mail) and that because a dovecot upgrade had overwritten my systemd start-up file so that it tried to start before all of the necessary file systems were mounted.

     There was also one virtual private server that failed to start two services but that was because the customer has an SSL certificate configured in but the certificate file was not present.

     Well I’ll have to give Comcast credit where credit is due.  They were out here five hours after the router failed with a working replacement.  So all good again, for now.  I think this is my 15th Comcast modem / router.

     I am taking outside access away from fedora until fail2ban can be made operational again.

     Fedora upgraded the python instance to 3.11 but fail2ban will not work with python greater than 3.10, so until this is fixed I am waking away access from the outside to prevent brute force password attacks.

     You can only access by logging in to one of the other shell servers and then from there ssh to fedora or from the web client.