While we have been a bit silent on the platform side of things on the changelog, we haven’t been standing still. In the past four months we have been busy with making the Hypernode product available on Debian 12, codenamed Bookworm. The last time we updated the Linux distribution was in 2020, when we announced the Debian 10 release, codenamed Buster.
A month ago we announced the sunsetting of Node.js versions 6 and 10. A week after that, we started booting new Hypernodes on Debian Bookworm. We currently have over 200 Hypernodes running on our Debian Bookworm distribution.
This changelog is not to announce the upgrade for all existing Hypernodes (you’ll receive information on that later), but rather about what Debian Bookworm has to offer. We also won’t go into every change of this upgrade, but here are some highlights.
Upstream changes
Going from Debian 10 to 12, we introduce updated packages from 2 major Debian versions. To find out what changed from 10 to 12, check out these release notes from Debian:
Kernel 6.1
Debian Bookworm ships the LTS Linux kernel version 6.1, which is a big upgrade from 4.19 on Debian Buster.
Benefits from this upgrade include better stability, better performance (especially on our latest Jackal plans) and improved security.
We had to adapt to cgroups v2 becoming the default and changed the limited.slice we used to control the memory usage by user-related processes (shell, nginx, php-fpm and mysql). Our OOM monitor had to be refitted for cgroups v2, while we also changed the way the limited.slice was managed. On Debian Buster we sheltered app processes under the limited.slice using libcgroups. On Debian Bookworm, we don’t need to do that, because all app processes are now automatically placed under user.slice/user-1000.slice, while we configure static processes (like nginx, php-fpm, mysql, etc) under user.slice/user-limited.slice. We can now provide more fine grained control over the user processes in a future-proof way.
Another change we warmly heartedly welcomed is the wireguard implementation in the kernel. On Debian Buster servers in a cluster, we had to make use of the wireguard kernel modules instead. While in general this worked fine, it was quite finicky to install properly on a large scale. With wireguard now built into the kernel, our configuration code has simplified a lot and turns out more stable as well.
Nginx 1.22
Nginx has been updated from 1.18 to 1.22. The update mainly revolves around OpenSSL 3.0 support, HTTP/2 improvements and general security / bug fixes. That’s not bad, because Nginx has proven to be a very stable, reliable, high-performing proxy for HTTP(S) traffic.
Podman
On Debian Buster we had a beta feature called rootless Docker. In essence it’s Docker, but without super privileges.
On Debian Bookworm we decided to replace rootless Docker with Podman. Podman is an open-source container manager, built from the ground up to be used in a rootless way. We much prefer this approach, because it allows us to keep the platform secure, while providing a very user-friendly container manager to our users.
Podman can be invoked with the docker alias command. It can also be invoked by Docker Compose if necessary, while containers can also be defined in a more modern way, namely Quadlets (we even provide a conversion tool called podlet, to transition from Docker Compose to Quadlets).
So in essence we turned the closed beta feature of rootless Docker in to a generally available feature with Podman.
Python 2 removal
Debian Bookworm dropped the packaging of Python 2. While we were mostly already using Python 3 on Debian Buster, we were still relying on quite some Python 2 components. All remaining components are now converted to Python 3 counterparts, so on Hypernode we don’t need Python 2 anymore.
Some of our users make use of Python on Hypernode and some of them might have been using Python 2 all the time (on Debian Buster, /usr/bin/python was Python 2). This might break some tools for our users, so please be aware of that.
In the meantime, Python 3 has been updated from 3.7 to 3.11. Python 3.11 is so good that Lex Fridman even made a clip about it!
Node.js 6 and 10 removal
We dropped support for Node.js 6 and 10. These Node.js versions are very old and so is the packaging for these packages.
While dropping old Node.js versions, we did add a newer Node.js version, 20!
Varnish 7
Debian Bookworm ships with Varnish 7 by default, so we made that version available as well! You can change it in the control panel or through the command-line interface with:
app@abcdef-example-magweb-cmbl:~$ hypernode-systemctl settings varnish_version 7.x Operation was successful and is being processed. Please allow a few minutes for the settings to be applied. Run 'livelog' to see the progress.
RabbitMQ 3.10
We use the default RabbitMQ version from Debian, so it has been updated from 3.8 to 3.10.
Miscellaneous changes
- htop has been updated, it now has an IO tab, which can be useful to find out which process is doing a lot of IO.
- btop has been added, which is a densely-packed, feature-rich alternative to htop. It can provide some useful insights, we’re pretty excited about it, while we also still like to use htop!
- mwscan has been removed, because it was based on Python 2. We now install and recommend using ecomscan from Sansec, which is the company behind mwscan!
- Git has been updated from 2.20 to 2.39.
- Supervisor has been updated from 3.3.5 to 4.2.5.
- cURL (and libcurl) has been updated from 7.64 to 7.88.
- OpenSSL has been updated from 1.1 to 3.0
- systemd has been updated from 241 to 252.