Upgrading your webservers from Ubuntu Bionic to Ubuntu Focal
Last updated: July 15th 2020
In this article we will go through your options for upgrading your webserver to the latest version of Ubuntu.
The "old" Ubuntu Bionic is a Long Term Support release, which is officially supported until 2023, while Ubuntu Focal is supported til 2025. This essentially means that at the time of writing (2020) you have lots of time to do the upgrade, or you can even skip this version of Ubuntu entirely and go for the next Ubuntu LTS release in 2022.
The (probably) easiest way:
Just migrate your website
Here we will just be creating a new server based on a Ubuntu Focal image and migrate our website / app data as we would do when moving between any two servers.
- You have access to control DNS for any domains that point to your server
- You don't need to, or it would be easy to migrate core components or special server configuration
Usually this approach is the easiest. You will have to judge what is right for you.
Set up a new Ubuntu Focal server and copy your data
With Webdock it is easy to get a fresh LAMP (Apache) or LEMP (Nginx) webserver based on Ubuntu Focal. Simply create a server, and you are ready to go.
Usually it is easy to migrate a standard website. Your configuration may differ, so this guide may not be right for you, but in general the steps are:
Pro hackers might do it this way:
- SSH in to your server and go to /var/www/html
mysqldump -u USER -pPASSWORD DATABASENAME > mydb.sql
zip -r mysite.zip .
- Now SSH in to your new server and go to /var/www/html
- Unzip all your data
unzip mysite.zip; rm ./mysite.zip;
- Set correct ownership of files
chown -R www-data:www-data .
- Import your database
mysql -u USER -pPASSWORD DATABASENAME < mydb.sqlRemember this is the username and password on the NEW server.
- Remember to delete the sql dump
- Update your website config with the new database name, user and password
- Now point your DNS records to your new server, set your server identity and re-generate SSL certificates
Simply download your files using FTP and export your DB data using PHPMyadmin and then transfer it to your new server. This will be a lot slower than the method above.
Remember to update your website configuration to use the new database credentials, point over your DNS to the new server and re-generate SSL certificates.
The riskier / harder way: Upgrade your system
This guide works for Webdock LAMP/LEMP server stacks. Your results may vary.
With Webdock it is easy to do this in a safe manner. What you would do is make a new snapshot of your existing webserver. Next you would create a new server based on this image. Now you have a staging server on which you can run the upgrade and make sure everything works.
Next you can re-do the steps on your live system if you feel brave, or you can simply take a new snapshot of your staging server and use that to restore your live server. If you have done everything correctly, you should now see no more than ~2-5 seconds of downtime while your live server reboots after being restored.
Start the upgrade
All commands shown here are run as root. If you are logged in as a non-root sudo user, then simply run "sudo su" to become root, or prepend sudo before each command shown below.
We are opening port 1022 as when you are doing the upgrade over SSH the upgrade tool will open an emergency SSH connection on that port in case anything goes wrong.
apt update; apt upgrade -y; apt install update-manager-core -y; ufw allow 1022; do-release-upgrade -d;
Once the first point release of Ubuntu Focal has been released, you should omit the -d switch to do-release-upgrade as otherwise you may get an error and it will refuse to start the upgrade.
If during the upgrade you are prompted about what to do about config files, e.g. for nginx/apache or php-fpm, just hit enter / accept defaults (keep existing configuration)
If you get the message
# do-release-upgrade -d Checking for a new Ubuntu release Please install all available updates for your release before upgrading.
# apt-get dist-upgrade
And reboot, followed by
# do-release-upgrade -d
In order to start the upgrade
Answer the questions on-screen
... If you continue, an additional ssh daemon will be started at port '1022'. Do you want to continue? Continue [yN] <--y
... Starting additional sshd To make recovery in case of failure easier, an additional sshd will be started on port '1022'. If anything goes wrong with the running ssh you can still connect to the additional one. If you run a firewall, you may need to temporarily open this port. As this is potentially dangerous it's not done automatically. You can open the port with e.g.: 'iptables -I INPUT -p tcp --dport 1022 -j ACCEPT' To continue please press [ENTER] <--ENTER
... Third party sources disabled Some third party entries in your sources.list were disabled. You can re-enable them after the upgrade with the 'software-properties' tool or your package manager. To continue please press [ENTER] <--ENTER
Here you can hit d to see which packages will be removed from the system. It is generally a good idea to do so, so you know what you might need to re-install later. Hit q to return to the upgrade.
Fetching and installing the upgrade can take several hours. Once the download has finished, the process cannot be canceled. Continue [yN] Details [d] <--y
Next you will be asked whether services should be restarted automatically. It is safe to answer Yes here on Webdock stacks - but if you prefer to be prompted every time, then hit No
┌───────────────────────────────────────────────┤ Configuring libc6 ├───────────────────────────────────────────────┐ │ │ │ There are services installed on your system which need to be restarted when certain libraries, such as libpam, │ │ libc, and libssl, are upgraded. Since these restarts may cause interruptions of service for the system, you will │ │ normally be prompted on each upgrade for the list of services you wish to restart. You can choose this option │ │ to avoid being prompted; instead, all necessary restarts will be done for you automatically so you can avoid │ │ being asked questions on each library upgrade. │ │ │ │ Restart services during package upgrades without asking? │ │ │ │ <Yes> <No> │ │ │ └───────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
On the next prompt, just hit OK and then choose an LXD version to track, if you use nested LXD.
┌────────────────────────────────────────────────┤ Configuring lxd ├────────────────────────────────────────────────┐ │ │ │ Upgrade to the LXD snap │ │ │ │ Starting with LXD 3.1, all new releases of LXD are only available to Ubuntu users through the snap package. │ │ │ │ This package update will transition your system over to the snap by installing it and then running an automated │ │ migration tool. │ │ │ │ As part of this upgrade, all containers will briefly be shutdown and brought back up. Before continuing, make │ │ sure that you are ready for this downtime. │ │ │ │ <Ok> │ │ │ └───────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────┤ Configuring lxd ├────────────────────────────────────────────────┐ │ The LXD project puts out monthly feature releases which while backward compatible at an API and CLI level, will │ │ contain some behavior change and potentially require manual intervention during an upgrade. │ │ │ │ In addition to those, every 2 years a LTS release is made which comes with 5 years of support through frequent │ │ bugfix-only releases. │ │ │ │ The LXD team recommends you pick "4.0" for production environments and use "latest" if you're interested in │ │ getting the latest LXD features. │ │ │ │ LXD snap track │ │ │ │ latest │ │ 3.0 │ │ 4.0 │ │ │ │ │ │ <Ok> │ │ │ └───────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
If you have Redis installed, you will be asked this question:
Configuration file '/etc/redis/redis.conf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** redis.conf (Y/I/N/O/D/Z) [default=N] ? <-- ENTER
Here you want to install the package maintainer's version:
┌────────────────────────────────┤ Configuring unattended-upgrades ├────────────────────────────────┐ │ A new version (/etc/apt/apt.conf.d/50unattended-upgrades.ucftmp) of configuration file │ │ /etc/apt/apt.conf.d/50unattended-upgrades is available, but the version installed currently has │ │ been locally modified. │ │ │ │ What do you want to do about modified configuration file 50unattended-upgrades? │ │ │ │ install the package maintainer's version │ │ keep the local version currently installed │ │ show the differences between the versions │ │ show a side-by-side difference between the versions │ │ show a 3-way difference between available versions │ │ do a 3-way merge between available versions │ │ start a new shell to examine the situation │ │ │ │ │ │ <Ok>
Next, you can hit d to see which packages will be removed from the system. It is generally a good idea to do so, so you know what you might need to re-install later. Hit q to return to the upgrade.
Remove obsolete packages? 78 packages are going to be removed. Continue [yN] Details [d] <--y
Restart required To finish the upgrade, a restart is required. If you select 'y' the system will be restarted. Continue [yN] <--y
You will now be disconnected. You can ping your server to watch when it comes back up - a Webdock server should come up in -10 seconds.
After you reboot and perform a sudo command, you may immediately see something which looks like an error:
$ sudo su [sudo] password for admin: sudo: setrlimit(RLIMIT_CORE): Operation not permitted
This is not an error and does not stop sudo from doing its job. This is a cosmetic issue mostly, although it may interfere with shell scripts that rely en exit codes to work properly. This issue is already fixed in upstream sudo and will hit Focal Fossa within long. Read more here.
If you want to remove this message, the workaround to do so is to execute:
# echo "Set disable_coredump false" >> /etc/sudo.conf
Close the firewall port we opened earlier
ufw deny 1022
Your server is now upgraded!
Your server is now upgraded and you should test that everything works. If you encounter any problems or inaccuracies in this guide, please be in touch with Webdock Support.
We can upgrade your server for you
Be in touch with Webdock support and we will sort out a custom Service Level Agreement that works for you!