Houppi! Debian Squeeze est sortie le 6 février 2011! Ça veut dire qu'on va tout mettre à jour les serveurs dans les prochains mois! Voici des notes et références pour la mise à jour.

Upgrade process

Note that this is a shorter form of the release notes process. Also note that this list is explicitly primarily targeted at server platforms and might not apply to desktops. For example, we follow the minimal downtime upgrade procedure.

Pre-upgrade

  1. inform users
  2. check to make sure the backup job will not start while the upgrade takes place!
  3. check backups on backup server
  4. backup configuration:
    • Premièrement, installer debconf-utils:
        apt-get install debconf-utils
    ensuite:
    • tar cfz /var/backups/pre-squeeze-backup.tgz /etc /var/lib/dpkg /var/lib/aptitude/pkgstates
      dpkg --get-selections "*" > /var/backups/dpkg-selections-pre-squeeze.txt
  5. have a rescue option (boot off older kernel, the lenny rescue option, or a live cd)
  6. Put servers in maintenance in Nagios.

Checking system

  1. Disable puppet so it won't overwrite apt's config while we upgrade:
    • puppetd --disable
  2. Check for pinned (on hold) packages, and possibly disable:
    • mv /etc/apt/preferences /etc/apt/preferences.old
  3. Check for held packages and possibly upgrade:
    • dpkg --get-selections | grep hold
  4. Run any pending upgrade (run aptitude and hit g)

  5. Check for broken packages:
    • dpkg --audit
  6. Check if the machine is running LDAP, compare with a server you are sure is running LDAP:
    • ping auth.koumbit.net
      id
      view /etc/libnss-ldap.conf
      view /etc/ldap/ldap.conf

If the machine is running LDAP, review this warning about LDAP support and see if we're affected. Try to mitigate and update our documentation accordingly (either removing this note or adding a proper note below).

Preparing sources.list

  1. This mostly means changing lenny to squeeze

    • In vim: :%s/lenny/squeeze/cg.

      With sed: sed -i.orig 's/lenny/squeeze/g' /etc/apt/sources.list

    • (!) Note that the sources.list may point to archives now, in which case you need to replace the lines with

      • deb     http://debian.mirror.iweb.ca/debian/ squeeze main contrib non-free
        deb-src http://debian.mirror.iweb.ca/debian/ squeeze main contrib non-free
        
        deb     http://security.debian.org/ squeeze/updates main contrib non-free
        deb-src http://security.debian.org/ squeeze/updates main contrib non-free
        the original lenny sources are:
        deb http://archive.debian.org/debian lenny main non-free contrib

      (!) Also note that in some cases, additional sources are defined in /etc/apt/sources.list.d and that you should review these sources to ensure they are still relevant.

  2. Remove proposed-updates from sources.list

  3. Remove lenny-backports from sources.list

  4. Change sources that use the volatile server to squeeze-updates on the main debian repositories see announcement

Upgrading the packages

  1. Make sure the serial console works
  2. Run in screen
  3. Run in script:
    • script -t 2>~/upgrade-squeeze -a ~/upgrade-squeeze.script
  4. Update the package list:
    • apt-get update
  5. Check disk space:
  6. Download packages:
    • apt-get -d upgrade
  7. Warn users of potential downtime, if relevant
    • look at the list of packages downloaded above to see if any key service may be disrupted

  8. Minimal upgrade run:
    • apt-get upgrade
      • Q&A:

        • remove systat old files
        • services to restart: go go
        • install new /etc/console-tools/config file

        • keep backupninja.conf

        • keep /etc/cron-apt/config

        • keep /etc/mysql/my.cnf

        • replace /etc/dbconfig-common/config with new version
        • keep /etc/puppet/puppet.conf

        • keep /etc/cron.daily/apticron

        • keep /etc/apticron/apticron.conf

        • keep /etc/nagios/nrpe.cfg

  9. Install a new kernel and udev
    • apt-get install linux-image-2.6-686 # 32 bit, < 4GB ram
      apt-get install linux-image-2.6-686-bigmem # 32 bit, > 4GB ram
      apt-get install linux-image-2.6-amd64 # 64 bit

      obviously: not necessary in a vserver

      For Xen dom0s:
      apt-get install linux-image-2.6-xen-686 udev

      Sometimes, the kernel install may complain that some firmware will not be available in the new install. This means you need to install the firmware from the non-free source. Make sure you have the "non-free" section in sources.list and install "firmware-linux-nonfree" (to verify that this package actually contains the missing file, you can use "apt-file search" to find the package that contains the required file)

      For Linux-VServer:
      apt-get install linux-image-2.6.32-5-vserver-amd64 udev
      Questions communes:
      • Faut-il mettre à jour les identifiants des partitions dans la configuration du système ? oui

      • écriture dans /etc/fstab, /etc/udev/rules.d/70-persistent-cd.rules: oui

  10. Reboot
    • obviously: not necessary in a vserver

  11. Download packages:
    • apt-get -d dist-upgrade
  12. Warn users of downtime
  13. Upgrade the rest of the system:
    • apt-get dist-upgrade
    • grub chain loading in menu.lst: Yes

    • sysv-rc: Migrate legacy boot sequencing to dependency-based sequencing? Yes

    • apache2.conf: review and replace

    • munin-node.conf: keep

    • grub-pc: setting for the serial console: console=tty0 console=ttyS0,115200n8

    • plugin-conf.d/munin-node: install

    • use dash as the default shell: yes
    • trust new certificate authorities: yes
  14. Rerun grub if it wasn't ran
  15. Re-enable puppet and see if it doesn't break anything:
    • puppetd --enable
      puppetd -t

Things to do after the upgrade

  1. update the wiki documentation to reflect the new release!
  2. Update to grub 2:

    • upgrade-from-grub-legacy
    • Don't forget to reboot the server again after grub2 is setup correctly to make sure that it will restart cleanly
    • (!) obviously: not necessary in a vserver

    • make sure the following line is present in /etc/default/grub:

      • GRUB_TERMINAL=serial
        GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
    • see ConsoleSérieGuide for more information

  3. Do one last reboot to make sure the server reboots properly, if that wasn't done in the above steps
  4. Switch from linux-vserver to lxc (Squeeze is the last release supporting LinuxVservers)

  5. Remove obsolete packages

    • apt-get autoremove --purge
  6. Cleanup dummy packages:
    • deborphan --guess-dummy
  7. Empty apt cache
    • apt-get clean
  8. IpChange

  9. Vérfier qu'il y a assez d'espace restant pour que les backups aient lieux.
  10. Vérifier les stats du serveur sur http://stats.koumbit.net

Problèmes rencontrés

sysv-rc

Quand il y a des vieux paquets, ça empêche l'utilisation de la nouvelle version des scripts d'Init.

Voir

http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot

MySQL

Jérôme dit qu'il faut faire attention avec ça.

  1. l'upgrade se fait a moitie...
    • il a dut faire apt-get install mysql-server-5.1 apres l'upgrade.
      • moi itou -- SeBas 2012-01-14 23:21:52

  2. il faut rouler un script d'upgrade
    • mysql_upgrade --defaults-file=/etc/mysql/debian.cnf --verbose
    • voici l'erreur que j'ai eu qui m'a donné l'indice
          [ERROR] Column count of mysql.db is wrong. Expected 22, found 20. Created with MySQL 50051, now running 50149. Please use mysql_upgrade to fix this error.
  3. Il peut être nécessaire de faire un "repare" de toutes les tables de tous les bases de données, si la commande ci-haut ne fonctionne pas, essayer:
    • mysql_check --defaults-file=/etc/mysql/debian.cnf -r -a

Alternc

  1. Vérifier que la patch pour Mailman est présente. voir VirtualMailman

mailman

Il est important de vider le répertoire /var/lib/mailman/bin/show_qfiles AVANT la mise à jour, sinon vous allez recevoir ce message.

Configuring mailman ├───────────────────────────
 │ The directory /var/lib/mailman/qfiles contains files. It needs to
   be empty for the upgrade to work properly. You can try to handle them by:               
 │  - Stop new messages from coming in (at the MTA level).                                                                                                   
 │  - Start a mailman queue runner: /etc/init.d/mailman start                                                                                                
 │  - Let it run until all messages are handled.                                                                                                             
 │    If they don't all get handled in a timely manner, look at the logs                                                                                     
 │    to try to understand why and solve the cause.                                                                                                          
 │  - Stop it: /etc/init.d/mailman stop                                                                                                                      
 │  - Retry the upgrade.                                                                                                                                     
 │  - Let messages come in again.                                                                                                                            
 │ You can also decide to simply remove the files, which will make Mailman forget
   about (and lose) the corresponding emails.                                 
 │ If these files correspond to shunted messages, you have to either delete them or unshunt them (with 
 | /var/lib/mailman/bin/unshunt). Shunted messages are messages 
 | on which Mailman has already abandoned any further processing because   │
 │ of an error condition, but that are kept for admin  review. You can use
   /var/lib/mailman/bin/show_qfiles to 
   examine the contents of the     queues.
 │ If these files correspond to shunted messages, you have to either delete them or unshunt them (with /var/lib/mailman/bin/unshunt). Shunted messages are me
 │ of an error condition, but that are kept for admin review. You can use /var/lib/mailman/bin/show_qfiles 
   to examine the contents of the queues.            
 │ You have the option to continue installation regardless of this problem, at the risk of losing the messages in question or breaking your Mailman setup.   
                                                                                                                                                        
 │ Old queue files present                                                                           

bind

On peut se retrouver avec ce message d'erreur

WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)

Allons lire /usr/share/doc/bind9/README.Debian.gz pour la solution :)

webalizer

Il y a un bug dans la nouvelle version de webalizer comme rapporté ici http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532123

la solution rapide est d'ajouter la ligne suivante au fichier /etc/webalizer/webalizer.conf

GeoIP          no

Aegir

Assurance qualité: Qa-spider

Section incomplète

Préalable: Installation de Qa-Spider

  1. Réccupération de la liste des sites installés:

ls /var/aegir/plateformes/*/sites/ -1 | grep -v -e ":$" -e "^$" -e "all" -e "default" | sed -e "s|^|http://|" > liste_des_sites.txt
  1. Réccupération des snapshots (note: vous devez ajouter les arguments en fonction de votre environnement):

qa_spider -x -w liste_des_sites.txt
  1. Faire la mise-à-jour
  2. Vérification des sites avec la même commande que la première capture.

PostGrey

Le port d'écoute de postgrey est modifié.

Modifier /etc/postfix/main.cf pour utiliser le même port que /etc/default/postgrey.

(!) Ceci a été intégré à Puppet et ne devrait pas être un problème pour les mises à jour des serveurs utilisant la classe postfix::server::postgrey.

(!) Si postgrey ne démarre pas (sysfault) clairer /var/lib/postgrey/

Courier-imap et Courier-imap-ssl

Il semble y avoir un problème avec libfam0 dans squeeze. Donc pour ne pas avoir de problème il est mieux d'installer libgamin0:

sudo apt-get install libgamin0

Proftpd

Si jamais certain clients roulent 'proftpd', le package a été renommé 'proftpd-basic' et l'upgrade ne se fait pas automatiquement lors d'un dist-upgrade. La version lenny reste installée. Il faut donc forcer l'installation de la version de squeeze (celle-ci désinstallera la version de lenny):

sudo apt-get install profptd-basic

PHP5.2

Pour garder les paquets Debian pour php 5.2 sur une installation qui sera mise à jour, vous devez ajouter les lignes suivantes dans le fichier /etc/apt/preferences.

la commande pour voir la liste de package php5 installé

# aptitude -t lenny --disable-columns -F "%p" search ^php5|tr '\n' ' ' 

le contenu de /etc/apt/preferences

Package: libapache2-mod-php5 php-pear php5 php5-adodb php5-auth-pam php5-cgi php5-cli php5-common php5-curl php5-dbg php5-dev php5-ffmpeg php5-gd php5-geoip php5-gmp php5-gpib php5-idn php5-imagick php5-imap php5-interbase php5-json php5-lasso php5-ldap php5-librdf php5-mapscript php5-mcrypt php5-memcache php5-mhash php5-ming php5-mssql php5-mysql php5-odbc php5-pgsql php5-ps php5-pspell php5-radius php5-recode php5-sasl php5-snmp php5-sqlite php5-sqlrelay php5-suhosin php5-sybase php5-symfony php5-symfony1.0 php5-tidy php5-uuid php5-xapian php5-xcache php5-xdebug php5-xmlrpc php5-xsl php-apc
Pin: release a=lenny
Pin-Priority: 991

Ne pas oublier d'ajouter les packages libapache2-mod-php5, php-pear et php-apc dans la liste.

php5

Upgrades spécifiques

Upgrade status

Please use a more selective search term instead of search_term="category:CategoryServer -title:ServerList debian"

Stats de puppet

Comparer avec cette requête sur Puppet:

mysql> SELECT h.name AS host,v.value AS OS FROM hosts h INNER JOIN fact_values v ON v.host_id = h.id INNER JOIN fact_names n ON n.id = v.fact_name_id WHERE n.name = 'lsbdistcodename' ORDER BY h.name;

En date du 2011-11-29, on a:

mysql> select v.value as OS, count(h.name) as hosts from hosts h inner join fact_values v on v.host_id = h.id inner join fact_names n on n.id = v.fact_name_id where n.name = 'lsbdistcodename' group by v.value;
+---------+-------+
| OS      | hosts |
+---------+-------+
| etch    |     1 | 
| lenny   |    52 | 
| lucid   |    11 | 
| sid     |     1 | 
| squeeze |    34 | 
+---------+-------+
5 rows in set (0.00 sec)

En date du 2012-03-25 15:49:08, on a (ça progresse! plus de etch et moins de lenny!):

+---------+-------+
| OS      | hosts |
+---------+-------+
| lenny   |    37 | 
| lucid   |    11 | 
| n/a     |     1 | 
| squeeze |    61 | 
+---------+-------+

2012-05-14:

+---------+-------+
| OS      | hosts |
+---------+-------+
| lenny   |    34 |
| lucid   |    11 |
| n/a     |     1 |
| squeeze |    73 |
+---------+-------+

2012-12-07

+---------+-------+
| OS      | hosts |
+---------+-------+
| lenny   |     7 |
| precise |     1 |
| squeeze |    97 |
+---------+-------+

References


CategoryDebian

SqueezeUpgrade (last edited 2018-06-17 09:15:38 by gabriel)