Non-standard upgrade/maintennance for containerized.
March 08, 2022, 07:37:09 am
For various reasons that are not important here, I run elkarte in a podman container. This particular container is a php-nginx setup , with php 7.4, and latest nginx. Using Caddy 2 as a reverse proxy, and for automatic certificates. The platform fits into other things I am doing with the server(s), and is a primary consideration. Nevertheless this setup has some gotcha's. I don't have ftp on the platform, so there is no mechanism to download and install packages through the elkarte admin mechanism. I can ssh into the container, and I can manually download and unzip files, alter permissions, etc. I am currently running 1.1.5, and would very much like to urgently upgrade to 1.1.8 (via each intermediary release, presumably). If I download a patch (1.1.6) I can't seem to trigger an upgrade (permissions? database schema?). If I download the install package, i have to install a complete instance, and set it up, and I don't see an obvious mechanism to get it to reflect the existing site. Currently the container I am using is /webdevops/php-nginx:7.4-alpine. At what point between 1.1.5 and 1.1.8 can, or should, i upgrade this to php8? Clearly, this is not as intended, but I would appreciate any advice as to a possible mechanism to investigate to best achieve upgrades. Additionally my existing site, for historical reasons does not conform to a secure site. It has mixed content from other sources. I think because of the members use of external images. I can make them stop that, but i would appreciate any pointers as to what to look for, so as to achieve conformance, and how that might impact what I need to do on the server (increase storage space, and image size, so that pictures can be uploaded locally before being used?). I've had a look around, and there are various hints to some of this, but i would appreciate opinion based on currently where things are. I'd also like to remove bbcode, and use markdown, and change my historical mysql (mariadb) database for postgres (which containerizes more elegantly, and I can provision via an operator for HA). Thanks in advance for your comments.
Re: Non-standard upgrade/maintennance for containerized.
Reply #2 – March 08, 2022, 10:59:05 am
What I am thinking to do, based on your reply, is the following: Spin up a php8-nginx container, copy the existing files into it, unzip 1.1.8 in the directory, run the installer against the (backed up) database. Then I can point to that container with my reverse-proxy, and run the installer. Should that work? Are there any file permission changes I need to consider? If I wanted to install the image-proxy, can that be done manually, or will I need to install an ftp server and connect to that via the package management? I have no experience with ftp servers (except years ago when provided by a hosting company). What should I be looking for? The containers I'm using are alpine, to stay low resource. in principle I could use something else (and swap later). In installing the image-proxy, can it correct existing problems? Do I need to increase, or otherwise modify, settings in elkarte to accommodate it? Thank you very much for your quick and helpful answer.
Re: Non-standard upgrade/maintennance for containerized.
Reply #3 – March 08, 2022, 11:39:30 am
Sounds like that will work. Again as long as you have not installed addons or made your own file tweaks, simply copying the 1.1.8 files over your existing install is the fastest way to go. Then run update which will make any db adaptions needed (I honestly do not remember if there were any from 1.1.5) You should be able to simply copy the image proxy zip to your packages directory and go from there. I'm not sure why you are seeing permission issues. With Nginx I'm assuming you are running php-fpm, so in its web pool config it should be set to the uid/gid of the actual web site files. That way 755 on dir and 644 on files will be fine and PHP will be able to do what it needs to do permission wise. I'm not sure what ftp options you have on Alpine, I do run that as well in my containers but have not had the need to set FTP up in them. If you do, don't bother with any TLS since as I said the FTP client in ElkArte will not be able to use that.
Re: Non-standard upgrade/maintennance for containerized.
Reply #4 – March 08, 2022, 12:01:02 pm
Thank you very much. I'll give that a go.
Re: Non-standard upgrade/maintennance for containerized.
Reply #5 – March 11, 2022, 05:06:49 am
I'm working some more on this, but coming across other problems that may be related to my environment of choice. I don't recall how email works on the forum (it obviously doesn't in my setup). I would like to try to get it working for password retrieval and the suchlike. I haven't been able to find any obvious information or guidance. Within this containerised environment, is there anything I can do to get email send working for these purposes? What might I need? I have a suitable email provider, but I need somewhere to set up the forum to use that account! I have had this working years ago, under a different setup, but I just can't remember how, or see what I need to do. Any pointers would be much appreciated.
Re: Non-standard upgrade/maintennance for containerized.
Reply #7 – March 11, 2022, 06:44:44 am
That's where it is! Thank you!
Re: Non-standard upgrade/maintennance for containerized.
Reply #8 – March 13, 2022, 01:17:28 pm
The upgrade process I suggested didn't work for me. The upgrade script wouldn't run under php8, so I went for running the upgrade under 7.4 and then I was planning to upgrade the container to php8. The database amendments seemed to run (took four hours!), but the upgrade script hung after that (I could see in the container logs that the database changes had been made). Any attempt to access the site put me back to the upgrade script. Which wouldn't run. I could delete the install directory, and then access the site, but the theme was all borked. I attempted to install the bare install package, but couldn't run the upgrade script, without an ftp server. So after around 6 hours, I'm pretty much back where I started, running the backup site on 1.1.5.
Re: Non-standard upgrade/maintennance for containerized.
Reply #9 – March 29, 2022, 06:48:32 am
I've tried various ways of containerizing an ftp server, to access elkarte's html directory...but there are various levels of permission problems that means this is not a productive avenue to pursue. Is it actually possible to run an upgrade of elkarte (I'm starting from 1.15), without having a functioning ftp server? My current guess is not.
Re: Non-standard upgrade/maintennance for containerized.
Reply #10 – March 29, 2022, 09:17:09 am
You can try running the individual patch files 1.1.5->1.1.6->1.1.7 etc You can upload those with the package manager and see if they will install, it all depends on what permissions PHP has in your directories. I'll assume you can SSH into the constrainer as root or do sudo -s and then simply chmod files and directories to 777 for the upgrade and then set them back to 644 and 755 or whatever they need to be for your setup (if you need to)