Hi List, I found out that our app using powerdns is woefully out of date. We are running v. 3.3.3. Ouch, EOL'd 2017. I understand from reading the auth upgrade notes and doc that the path to upgrade looks something like 3.3.3 > 3.4.2 > 4.0.0 > latest. But really, this is an upgrade in database schemas plus install/config of the latest pdns-auth server? I know I'm simplifying it here, highly.
A couple questions if anyone has had the pleasure of upgrading such an aging setup. I am just trying to short circuit going down some deep rabbit holes if there are already known issues I need to combat. 1. Will my existing authoritative nodes still run as they do today with the updated schemas? Looking at the changes, it appears they might, but, I'm not quite familiar enough with the inner workings of pdns-auth servers to know for sure. If there is a doc someone can point me to I would appreciate it. 2. We don't actually hit a primary powerdns api server. We write directly to the database the records we want. I find this less than ideal, and is a ticking time bomb for more issues. This is going to be a change in a future update is the plan. In the meantime, is keeping this method going to cause us any major issues? It looks like some of the db record types are changed from a generic field to something specific. I see this as a potential avenue of pain, but, I'm not sure what else there may be. 3. Here is my rough plan I have come up with so far. I have a lot of testing I need to do. We'll freeze record updates and do a change window, so we can update schemas, roll changes, test. - Build a fresh set of nameservers that is going to take over the existing ones, that are on a current os, running latest mariadb, and latest powerdns. This seems like the easy way to revert back should we need to so I'm not scrambling to deal with servers and software, but just rolling my database back. - Get those new nodes replicating off of our primary server. Up to this point, I expect pdns to not start or run yet. - Implement the new schema / roll any code updates for our side needed to play with the updated schemas. At this point the new nodes should be able to start. I'm hoping my old nodes are still running as normal to answer queries. - Switch our records to point to the new auth servers away from the old ones. This seems like the most graceful way to cut over without causing end users pain. - Never let our setup get this far out of date again, as this is much more complicated that I think it ought to be. What other obvious things am I missing? What else should I be looking at / better understanding? Any war stories / horror stories would also be appreciated in hopes of not repeating history. Any other suggestions besides making sure I have a good bottle of bourbon handy? Thanks in advance! Charlie
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
