[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Upgrade combined server (wheezy -> jessie)

Hi Wolfgang,

thanks for your report and instructions and also for summarizing them today!

On Montag, 2. März 2015, Wolfgang Schweer wrote:
> To test if Windows clients would work, a stock wheezy workstation with
> additional Samba disguise was used. After 'smbpasswd -e Administrator'
> on tjener and 'rpc net join -S tjener -U administrator' on the
> workstation the system showed up in the GOsa² gui as windows-workstation.
> Loggging in and accessing the home directory (libpam-mount, cifs) worked
> as well.

> > To be continued.
> Various tests later, here's the updated recipe including instructions
> how to migrate from squid to squid3, how to deal with changes
> concerning cups and how to clean up the system.
> So far, I haven't found anything that doesn't work, but it needs
> testing, confirmation and review by others before the wiki chapter
> https://wiki.debian.org/DebianEdu/Documentation/Jessie/Upgrades
> can be updated.

I'll comment inline. If I dont comment it basically means "this is good, 
please put this in the manual."

the main summary is: please also file many short bugs about specific issues.

> =====================================
> How to upgrade from wheezy to jessie.
> -------------------------------------
> Please note that the following instructions apply to a default
> Debian Edu main server installation (desktop=kde, profiles
> Main-Server, Workstation, Thin-Client-Server).
> (For a general overview concernig wheezy to jessie upgrade, see:
> https://www.debian.org/releases/testing/releasenotes)
> Don't use X, use a virtual console, log in as root.
> Read all debconf information carefully, choose 'keep the local
> version currently installed'; in most cases hitting return will
> be fine. Press 'q' to quit the apt-listchanges pager once
> you've read the information.
> Make sure the current system is up-to-date.
> -------------------------------------------
> apt-get update
> apt-get -y upgrade

so far, so very good.

> Remove diversion; debian-edu-config's postinst seems to do it too late.
> -----------------------------------------------------------------------
> dpkg-divert --remove /usr/share/pam-configs/krb5
> rm /usr/share/pam-configs/edu-krb5

this should also go in the manual and an important bug against debian-edu-
config should be filed about this issue.
> Avoid to mess up the Kerberos configuration via cfengine.
> ---------------------------------------------------------
> cp /etc/krb5.conf /etc/krb5.conf.backup
> Do the actual upgrade.
> ----------------------
> sed -i 's/wheezy/jessie/g' /etc/apt/sources.list
> apt-get update
> apt-get -y dist-upgrade
> apt-get -f install
> apt-get -y dist-upgrade

ok, though this is already covered in the manual..

> (Repeat the last two commands if dpkg exits with an error code.)

This is too bold IMHO. Better write something like "If apt-get finishes with 
an error, try to fix it and/or run the apt-get commands again, esp. apt-get 
install -f."

> Install squid3 as replacement for deprecated squid.
> ---------------------------------------------------
> apt-get -y install squid3
> service squid3 stop
> Apply debian-edu configuration (takes some time).
> -------------------------------------------------
> cfengine-debian-edu -D installation
> Replace squid with squid3, keep the cache; a new swap file will be
> generated and the cache index be rebuilt upon first squid3 start.
> ------------------------------------------------------------------
> service squid stop
> umount /var/spool/squid
> sed -i 's#/var/spool/squid#/var/spool/squid3#' /etc/fstab
> mount /var/spool/squid3
> service squid3 start
> apt-get -y purge squid squid-common

this should also go in the manual and a normal bug against debian-edu,debian-
edu-config (yes, against the two packages at once) should be filed about this 

also: is this really mandatory for jessie or just nice to have?

> Get back the right Kerberos file.
> ---------------------------------
> cp /etc/krb5.conf.backup /etc/krb5.conf

uhm, why?

> Make GOsa² work with new php version.
> -------------------------------------
> rm /etc/gosa/gosa.secrets

this also smells like an ugly workaround for a real problem. I strongly 
suspect a bug against gosa (and/or debian-edu*) is in order.

> cp /etc/gosa/gosa.conf.orig /etc/gosa/gosa.conf
> gosa-encrypt-passwords

or does this restore gosa.secrets?

> Install newly split out cups package needed for networked printing.
> -------------------------------------------------------------------
> apt-get -y install cups-browsed

this should go in the manual and an important bug should be filed against 

> Install additional package to make PXE work.
> --------------------------------------------
> apt-get -y install pxelinux

this should go in the manual and an important bug should be filed against 
> Update PXE configuration.
> -------------------------
> debian-edu-pxeinstall

I guess this is a followup fix and will go away once we fix the bug for real.
> Install missing packages; the package names were obtained using
> '/usr/lib/debian-edu-config/testsuite/taskpkgs | grep error:'
> after the step above.
> ---------------------------------------------------------------
> apt-get -y install browser-plugin-libreoffice gosa-plugin-netgroups \
> killer libnss-myhostname goplay icedtea-7-plugin tmispell-voikko

this should go in the manual and an important bug should be filed against 
> Cleaning up.
> ------------
> for i in $(dpkg -l|grep ^rc|cut -d' ' -f3);do dpkg -P $i;done

Not sure this should be there and if, it should be prepended by a warning that 
this will remove configuration files of removed packages and should only be 
used with care, eg by first looking at what it would remove...
> Check if the upgraded system works.
> -----------------------------------
> Reboot and test if it works like before:

this should be done before purging... (all these tests...)

> Log in as first user and test if the GOsa² gui is working, if you're
> able to connect LTSP clients and workstations, if you can add/remove
> a netgroup membership of a system, if you can send and receive
> internal email, if you can manage printers and maybe other site
> specific things. Use the testsuite scripts if you spot an error.
> ====================================================================
> Update LTSP chroot (default arch i386) as root.
> -----------------------------------------------
> sed -i '/jessie/ s/deb/#deb/g' /opt/ltsp/i386/etc/apt/sources.list
> ltsp-chroot -m apt-get update
> ltsp-chroot -m apt-get -y upgrade
> sed -i 's/wheezy/jessie/g' /opt/ltsp/i386/etc/apt/sources.list
> ltsp-chroot -m apt-get update
> ltsp-chroot -m apt-get -y dist-upgrade
> ltsp-chroot -m apt-get -f install
> ltsp-chroot -m apt-get -y dist-upgrade
> (Repeat the last two commands if dpkg still errors out.)
> Install missing packages in the LTSP chroot.
> --------------------------------------------
> ltsp-chroot -m apt-get -y install browser-plugin-libreoffice killer \
> libnss-myhostname goplay icedtea-7-plugin tmispell-voikko

this should go in the manual and an important bug should be filed against 

> Cleaning up.
> ------------
> ltsp-chroot -m apt-get --purge autoremove
> Update LTSP support on the server side.
> ---------------------------------------
> ltsp-update-kernels
> ltsp-update-sshkeys
> =======================================

this is fine :)

If/when bugs are filed, the number should be noted in the manual as well.

Thanks a lot for your work!


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: