Le Wiki Koumbit
Houppi! Debian Squeeze est sortie le 6 février 2011! Ça veut dire qu'on va tout mettre à jour les serveurs dans les prochains mois! Voici des notes et références pour la mise à jour.
Upgrade process
Note that this is a shorter form of the release notes process. Also note that this list is explicitly primarily targeted at server platforms and might not apply to desktops. For example, we follow the minimal downtime upgrade procedure.
Pre-upgrade
- inform users
- check to make sure the backup job will not start while the upgrade takes place!
- check backups on backup server
- backup configuration:
- Premièrement, installer debconf-utils:
apt-get install debconf-utils
tar cfz /var/backups/pre-squeeze-backup.tgz /etc /var/lib/dpkg /var/lib/aptitude/pkgstates dpkg --get-selections "*" > /var/backups/dpkg-selections-pre-squeeze.txt
- Premièrement, installer debconf-utils:
- have a rescue option (boot off older kernel, the lenny rescue option, or a live cd)
- Put servers in maintenance in Nagios.
Checking system
- Disable puppet so it won't overwrite apt's config while we upgrade:
puppetd --disable
- Check for pinned (on hold) packages, and possibly disable:
mv /etc/apt/preferences /etc/apt/preferences.old
- Check for held packages and possibly upgrade:
dpkg --get-selections | grep hold
Run any pending upgrade (run aptitude and hit g)
- Check for broken packages:
dpkg --audit
- Check if the machine is running LDAP, compare with a server you are sure is running LDAP:
ping auth.koumbit.net id view /etc/libnss-ldap.conf view /etc/ldap/ldap.conf
If the machine is running LDAP, review this warning about LDAP support and see if we're affected. Try to mitigate and update our documentation accordingly (either removing this note or adding a proper note below).
Preparing sources.list
This mostly means changing lenny to squeeze
In vim: :%s/lenny/squeeze/cg.
With sed: sed -i.orig 's/lenny/squeeze/g' /etc/apt/sources.list
Note that the sources.list may point to archives now, in which case you need to replace the lines with deb http://debian.mirror.iweb.ca/debian/ squeeze main contrib non-free deb-src http://debian.mirror.iweb.ca/debian/ squeeze main contrib non-free deb http://security.debian.org/ squeeze/updates main contrib non-free deb-src http://security.debian.org/ squeeze/updates main contrib non-free
the original lenny sources are:deb http://archive.debian.org/debian lenny main non-free contrib
Also note that in some cases, additional sources are defined in /etc/apt/sources.list.d and that you should review these sources to ensure they are still relevant.
Remove proposed-updates from sources.list
Remove lenny-backports from sources.list
Change sources that use the volatile server to squeeze-updates on the main debian repositories see announcement
Upgrading the packages
- Make sure the serial console works
This is especially important for squeeze as devices are renumbered, which may cause boot failures
- Run in screen
- Run in script:
script -t 2>~/upgrade-squeeze -a ~/upgrade-squeeze.script
- Update the package list:
apt-get update
- Check disk space:
apt-get -o APT::Get::Trivial-Only=true dist-upgrade
See those tips to claim back disk space if missing
- Download packages:
apt-get -d upgrade
- Warn users of potential downtime, if relevant
look at the list of packages downloaded above to see if any key service may be disrupted
- Minimal upgrade run:
apt-get upgrade
Q&A:
- remove systat old files
- services to restart: go go
install new /etc/console-tools/config file
keep backupninja.conf
keep /etc/cron-apt/config
keep /etc/mysql/my.cnf
- replace /etc/dbconfig-common/config with new version
keep /etc/puppet/puppet.conf
keep /etc/cron.daily/apticron
keep /etc/apticron/apticron.conf
keep /etc/nagios/nrpe.cfg
- Install a new kernel and udev
apt-get install linux-image-2.6-686 # 32 bit, < 4GB ram apt-get install linux-image-2.6-686-bigmem # 32 bit, > 4GB ram apt-get install linux-image-2.6-amd64 # 64 bit
For Xen dom0s:obviously: not necessary in a vserver
apt-get install linux-image-2.6-xen-686 udev
For Linux-VServer:Sometimes, the kernel install may complain that some firmware will not be available in the new install. This means you need to install the firmware from the non-free source. Make sure you have the "non-free" section in sources.list and install "firmware-linux-nonfree" (to verify that this package actually contains the missing file, you can use "apt-file search" to find the package that contains the required file)
apt-get install linux-image-2.6.32-5-vserver-amd64 udev
Questions communes:Faut-il mettre à jour les identifiants des partitions dans la configuration du système ? oui
écriture dans /etc/fstab, /etc/udev/rules.d/70-persistent-cd.rules: oui
- Reboot
obviously: not necessary in a vserver
- Download packages:
apt-get -d dist-upgrade
- Warn users of downtime
- Upgrade the rest of the system:
apt-get dist-upgrade
grub chain loading in menu.lst: Yes
sysv-rc: Migrate legacy boot sequencing to dependency-based sequencing? Yes
apache2.conf: review and replace
munin-node.conf: keep
grub-pc: setting for the serial console: console=tty0 console=ttyS0,115200n8
plugin-conf.d/munin-node: install
- use dash as the default shell: yes
- trust new certificate authorities: yes
- Rerun grub if it wasn't ran
- Re-enable puppet and see if it doesn't break anything:
puppetd --enable puppetd -t
Things to do after the upgrade
- update the wiki documentation to reflect the new release!
Update to grub 2:
upgrade-from-grub-legacy
- Don't forget to reboot the server again after grub2 is setup correctly to make sure that it will restart cleanly
- obviously: not necessary in a vserver
make sure the following line is present in /etc/default/grub:
GRUB_TERMINAL=serial GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
see ConsoleSérieGuide for more information
- Do one last reboot to make sure the server reboots properly, if that wasn't done in the above steps
Switch from linux-vserver to lxc (Squeeze is the last release supporting LinuxVservers)
Remove obsolete packages
apt-get autoremove --purge
- Cleanup dummy packages:
deborphan --guess-dummy
- Empty apt cache
apt-get clean
- Vérfier qu'il y a assez d'espace restant pour que les backups aient lieux.
Vérifier les stats du serveur sur http://stats.koumbit.net
Problèmes rencontrés
sysv-rc
Quand il y a des vieux paquets, ça empêche l'utilisation de la nouvelle version des scripts d'Init.
MySQL
Jérôme dit qu'il faut faire attention avec ça.
- l'upgrade se fait a moitie...
- il a dut faire apt-get install mysql-server-5.1 apres l'upgrade.
moi itou -- SeBas 2012-01-14 23:21:52
- il a dut faire apt-get install mysql-server-5.1 apres l'upgrade.
- il faut rouler un script d'upgrade
mysql_upgrade --defaults-file=/etc/mysql/debian.cnf --verbose
- voici l'erreur que j'ai eu qui m'a donné l'indice
[ERROR] Column count of mysql.db is wrong. Expected 22, found 20. Created with MySQL 50051, now running 50149. Please use mysql_upgrade to fix this error.
- Il peut être nécessaire de faire un "repare" de toutes les tables de tous les bases de données, si la commande ci-haut ne fonctionne pas, essayer:
mysql_check --defaults-file=/etc/mysql/debian.cnf -r -a
Alternc
Vérifier que la patch pour Mailman est présente. voir VirtualMailman
mailman
Il est important de vider le répertoire /var/lib/mailman/bin/show_qfiles AVANT la mise à jour, sinon vous allez recevoir ce message.
Configuring mailman ├───────────────────────────
│ The directory /var/lib/mailman/qfiles contains files. It needs to
be empty for the upgrade to work properly. You can try to handle them by:
│ - Stop new messages from coming in (at the MTA level).
│ - Start a mailman queue runner: /etc/init.d/mailman start
│ - Let it run until all messages are handled.
│ If they don't all get handled in a timely manner, look at the logs
│ to try to understand why and solve the cause.
│ - Stop it: /etc/init.d/mailman stop
│ - Retry the upgrade.
│ - Let messages come in again.
│ You can also decide to simply remove the files, which will make Mailman forget
about (and lose) the corresponding emails.
│ If these files correspond to shunted messages, you have to either delete them or unshunt them (with
| /var/lib/mailman/bin/unshunt). Shunted messages are messages
| on which Mailman has already abandoned any further processing because │
│ of an error condition, but that are kept for admin review. You can use
/var/lib/mailman/bin/show_qfiles to
examine the contents of the queues.
│ If these files correspond to shunted messages, you have to either delete them or unshunt them (with /var/lib/mailman/bin/unshunt). Shunted messages are me
│ of an error condition, but that are kept for admin review. You can use /var/lib/mailman/bin/show_qfiles
to examine the contents of the queues.
│ You have the option to continue installation regardless of this problem, at the risk of losing the messages in question or breaking your Mailman setup.
│ Old queue files present
bind
On peut se retrouver avec ce message d'erreur
WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)
Allons lire /usr/share/doc/bind9/README.Debian.gz pour la solution 
webalizer
Il y a un bug dans la nouvelle version de webalizer comme rapporté ici http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532123
la solution rapide est d'ajouter la ligne suivante au fichier /etc/webalizer/webalizer.conf
GeoIP no
Aegir
Assurance qualité: Qa-spider
Section incomplète
Préalable: Installation de Qa-Spider
- Réccupération de la liste des sites installés:
ls /var/aegir/plateformes/*/sites/ -1 | grep -v -e ":$" -e "^$" -e "all" -e "default" | sed -e "s|^|http://|" > liste_des_sites.txt
- Réccupération des snapshots (note: vous devez ajouter les arguments en fonction de votre environnement):
qa_spider -x -w liste_des_sites.txt
- Faire la mise-à-jour
- Vérification des sites avec la même commande que la première capture.
PostGrey
Le port d'écoute de postgrey est modifié.
Modifier /etc/postfix/main.cf pour utiliser le même port que /etc/default/postgrey.
Ceci a été intégré à Puppet et ne devrait pas être un problème pour les mises à jour des serveurs utilisant la classe postfix::server::postgrey.
Si postgrey ne démarre pas (sysfault) clairer /var/lib/postgrey/
Courier-imap et Courier-imap-ssl
Il semble y avoir un problème avec libfam0 dans squeeze. Donc pour ne pas avoir de problème il est mieux d'installer libgamin0:
sudo apt-get install libgamin0
Proftpd
Si jamais certain clients roulent 'proftpd', le package a été renommé 'proftpd-basic' et l'upgrade ne se fait pas automatiquement lors d'un dist-upgrade. La version lenny reste installée. Il faut donc forcer l'installation de la version de squeeze (celle-ci désinstallera la version de lenny):
sudo apt-get install profptd-basic
PHP5.2
Pour garder les paquets Debian pour php 5.2 sur une installation qui sera mise à jour, vous devez ajouter les lignes suivantes dans le fichier /etc/apt/preferences.
la commande pour voir la liste de package php5 installé
# aptitude -t lenny --disable-columns -F "%p" search ^php5|tr '\n' ' '
le contenu de /etc/apt/preferences
Package: libapache2-mod-php5 php-pear php5 php5-adodb php5-auth-pam php5-cgi php5-cli php5-common php5-curl php5-dbg php5-dev php5-ffmpeg php5-gd php5-geoip php5-gmp php5-gpib php5-idn php5-imagick php5-imap php5-interbase php5-json php5-lasso php5-ldap php5-librdf php5-mapscript php5-mcrypt php5-memcache php5-mhash php5-ming php5-mssql php5-mysql php5-odbc php5-pgsql php5-ps php5-pspell php5-radius php5-recode php5-sasl php5-snmp php5-sqlite php5-sqlrelay php5-suhosin php5-sybase php5-symfony php5-symfony1.0 php5-tidy php5-uuid php5-xapian php5-xcache php5-xdebug php5-xmlrpc php5-xsl php-apc Pin: release a=lenny Pin-Priority: 991
Ne pas oublier d'ajouter les packages libapache2-mod-php5, php-pear et php-apc dans la liste.
php5
- Le cron chiale avec PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20090626/mhash.so'
rapport de bug chez debian http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593266#15
Upgrades spécifiques
rt.koumbit.net - done! went well and helped building a lot of the documentation here. about 5 minute downtime on Apache
Upgrade status
Please use a more selective search term instead of search_term="category:CategoryServer -title:ServerList debian"
Stats de puppet
Comparer avec cette requête sur Puppet:
mysql> SELECT h.name AS host,v.value AS OS FROM hosts h INNER JOIN fact_values v ON v.host_id = h.id INNER JOIN fact_names n ON n.id = v.fact_name_id WHERE n.name = 'lsbdistcodename' ORDER BY h.name;
En date du 2011-11-29, on a:
mysql> select v.value as OS, count(h.name) as hosts from hosts h inner join fact_values v on v.host_id = h.id inner join fact_names n on n.id = v.fact_name_id where n.name = 'lsbdistcodename' group by v.value; +---------+-------+ | OS | hosts | +---------+-------+ | etch | 1 | | lenny | 52 | | lucid | 11 | | sid | 1 | | squeeze | 34 | +---------+-------+ 5 rows in set (0.00 sec)
En date du 2012-03-25 15:49:08, on a (ça progresse! plus de etch et moins de lenny!):
+---------+-------+ | OS | hosts | +---------+-------+ | lenny | 37 | | lucid | 11 | | n/a | 1 | | squeeze | 61 | +---------+-------+
2012-05-14:
+---------+-------+ | OS | hosts | +---------+-------+ | lenny | 34 | | lucid | 11 | | n/a | 1 | | squeeze | 73 | +---------+-------+
2012-12-07
+---------+-------+ | OS | hosts | +---------+-------+ | lenny | 7 | | precise | 1 | | squeeze | 97 | +---------+-------+
References
Upgrade précédent: LennyUpgrade
http://wiki.debian.org/Lenny2SqueezeUpgrade (à faire? voir http://wiki.debian.org/Etch2LennyUpgrade pour les notes précédentes)
http://www.debian.org/releases/squeeze/i386/release-notes/ch-upgrading.en.html