FritzSqueezeUpgrade102011-07-18 02:25:47ClintonEbadiupgrade done!92011-07-13 19:48:55ClintonEbadiupdate upgrade notes on completed tasks82011-03-05 10:04:02ClintonEbadimake sure another login method works for fritz72011-03-05 09:56:12ClintonEbadino local packages to report!62011-03-05 09:48:40ClintonEbadiupgrade ejabberd before upgrading fritz52011-03-02 08:48:10ClintonEbadipam stuff42011-03-02 08:41:12ClintonEbadiFixi the NSS setup on fritz before upgrade32011-02-28 21:44:32ClintonEbadipreventing full /afs/hcoop.net outage during upgrade22011-02-25 10:30:29ClintonEbadi12011-02-25 10:22:05ClintonEbadivery basic notes on fritz lenny -> squeeze upgradePlans for upgrading Fritz to Debian Squeeze Upgrade was completed 2011-07-17 PreliminariesRelease Note Information of Upgrading From Lenny. Pre-Install Cleanup TasksSanitize NSS ConfigurationDONE Synchronize the UIDs of locally created users with their counterparts in AFS Affected users docelic_admin
rkd_admin
clinton_admin
adamc_admin
shadowfax_admin
Ensure ssh and console login for root
works and keep the password handy in case all _admin
accounts are locked out because of the UID changes. Locate and update any files owned by an obsolete UID to the new UID Setup libnss-afs
(afs files
) Reconfigure PAMThis may be better to do after the installation. Configure sshd
and login
to use pam_localuser
instead of pam_unix
to ensure only local users can login ignoring the NSS configuration (right now non-local users can't login using just pam_unix
, but this is an accident of the implementation of libnss-afs
and not something that should be relied upon). Pre-Install Software UpgradesJabberThe same version of ejabberd
must be used across a cluster, and the easiest way to migrate the installation to another machine is to do it with a running cluster. Luckily, deleuze
is running the version from etch-backports
which is the same version in lenny
. DONEInstall ejabberd
from lenny
on fritz
Add firewall rules to permit connects to/from deleuze
on port 4369 (check
deleuze` as well) Add fritz
to the mnesia cluster Add XMPP SRV records to provide both deleuze
and fritz
Ensure everything works ~24 hours Remove XMPP SRV records pointing to deleuze
Ensure everything continues to work for ~72 hours (DNS propagation &c) Disable ejabberd
on deleuze
After upgrading fritz
to squeeze
the ejabberd guide says it will automatically handle updating the mnesia
tables. Once this is all done it may be a good idea to add hopper
to the ejabberd
cluster for a bit of fault tolerance. Installation environmentOn All Machines su
to root, start a screen
session (preventing partial upgrade issues if the network connection drops) Open a physical console root login just in case After the upgrade remember to log out of the kvm root console on the other machines. Installation StepsEarly Preparationsdpkg --audit
Remove lenny
and lenny-backports
from sources.list
apt-get update
Run apt-get upgrade
and ensure no essential packages conflict (e.g. postgresql-8.1
) Backup Important Dataejabberd
mnesia database Debian stuff (package lists, ..., ?) Upgrade Kernel and udevInstall new kernel image and openafs-module-dkms
Install udev
Reboot Basic Upgradeapt-get upgrade
Reboot? Full Upgradeapt-get dist-upgrade
Reboot? Clean UpMake sure the other machines are still sane after losing volume access for a while. Caveatspam_unix_session locking all login accessNot an issue This bit us on hopper. ClintonEbadi has confirmed this is not in use--it appears hopper
's PAM configuration was copied from another machine that had been running etch
earlier and used deprecated modules. Locally built packagesNot an issue ClintonEbadi scanned the currently installed packages and we are using the backports versions of afs and kerberos with nothing else locally built. Service Interruption MitigationRead Only Volumes on DeleuzeNot Doing This (the time required is not worth a few minutes of afs downtime at this point) Since we have openafs we may as well take advantage of it by adding deleuze's vicepa
as a site for user.$USER
volumes. There does not appear to be enough room for mail.$USER
volumes so we won't worry about those (mail will still be queued and having a read only copy of mail volumes is of dubious value). PreparationA few days before the upgrade: Prevent backup from running (uncomment exit 0
in hcoop-backup-wrapper
) before scheduled upgrade date Purge last backup data Purge db.$USER
volumes Purge {user,mail}.$USER.d
volumes for members who departed more than (tentatively) 90 ago For all active user.$USER
volumes: vos addsite deleuze vicepa user.$USER
Immediately before upgrading: For all active user.$USER
volumes: vos release user.$USER
Clean UpFor all user volumes vos remsite deleuze vicepa user.$USER
to free space for the backup. Alternatively, since the backup will be moved to fritz anyway, leave them in place. There seems to be little benefit to doing so since deleuze does not have much space compared to fritz and we have nothing in place to regularly vos release
volumes making them effectively useless.