welcome: please sign in

The following 372 words could not be found in the dictionary of 7 words (including 7 LocalSpellingWords) and are highlighted below:
about   access   accident   accounts   across   active   adamc   add   Add   adding   addsite   admin   advantage   Affected   afs   after   After   ago   all   All   Alternatively   amd64   an   and   another   any   anyway   appear   appears   apt   are   as   at   audit   automatically   backports   Backup   backup   Basic   be   because   been   before   benefit   better   bit   both   built   but   by   can   case   Caveats   ch   changes   check   Clean   Cleanup   Clinton   clinton   cluster   compared   completed   configuration   Configuration   Configure   confirmed   conflict   connection   connects   console   continues   copied   copy   counterparts   created   currently   data   Data   database   date   days   db   debian   Deleuze   deleuze   departed   deprecated   Disable   dist   dkms   do   docelic   docs   does   doing   Doing   done   downtime   dpkg   drops   Ds   dubious   earlier   Early   easiest   Ebadi   effectively   ejabberd   else   en   enough   Ensure   ensure   environment   essential   etch   everything   exit   fault   few   files   firewall   For   for   free   Fritz   fritz   from   From   Full   get   good   guide   had   handle   handy   has   have   having   hcoop   hopper   hours   html   htoc18   http   idea   if   ignoring   image   Immediately   implementation   Important   in   Information   Install   Installation   installation   installed   instead   Interruption   is   issue   issues   it   Jabber   just   keep   kerberos   Kernel   kernel   kvm   last   leave   lenny   Lenny   libnss   list   lists   little   local   Locally   locally   localuser   Locate   locked   locking   log   login   losing   Luckily   machine   machines   Machines   mail   Make   making   may   members   migrate   minutes   Mitigation   mnesia   module   modules   more   moved   much   must   net   network   new   no   non   Not   not   Note   notes   nothing   now   obsolete   of   On   on   Once   one   Only   only   Open   openafs   org   other   out   owned   package   packages   pam   partial   password   permit   physical   place   Plans   point   pointing   port   postgresql   Pre   Preliminaries   Preparation   Preparations   Prevent   preventing   process   propagation   provide   Purge   queued   read   Read   Reboot   Reconfigure   records   regularly   release   Release   releases   relied   remember   Remove   remsite   required   right   rkd   room   root   rules   Run   running   same   sane   Sanitize   says   scanned   scheduled   screen   seems   Service   session   Setup   shadowfax   should   since   Since   site   so   Software   something   sources   space   Squeeze   squeeze   ssh   sshd   stable   start   Steps   still   stuff   su   sure   Synchronize   tables   take   Tasks   tentatively   than   that   The   the   their   them   There   this   This   those   time   to   tolerance   udev   uncomment   unix   Up   update   updating   upgrade   Upgrade   Upgrades   upgrading   Upgrading   upon   us   use   used   useless   user   users   using   value   version   versions   vicepa   volume   Volumes   volumes   vos   was   way   we   well   which   while   who   will   with   won   work   works   worry   worth   wrapper   www  

Clear message
Edit

FritzSqueezeUpgrade

Plans for upgrading Fritz to Debian Squeeze

Upgrade was completed 2011-07-17

1. Preliminaries

Release Note Information of Upgrading From Lenny.

1.1. Pre-Install Cleanup Tasks

1.1.1. Sanitize NSS Configuration

DONE

1.1.2. Reconfigure PAM

This may be better to do after the installation.

Configure sshd and login to use pam_localuser instead of pam_unix to ensure only local users can login ignoring the NSS configuration (right now non-local users can't login using just pam_unix, but this is an accident of the implementation of libnss-afs and not something that should be relied upon).

1.2. Pre-Install Software Upgrades

1.2.1. Jabber

The same version of ejabberd must be used across a cluster, and the easiest way to migrate the installation to another machine is to do it with a running cluster. Luckily, deleuze is running the version from etch-backports which is the same version in lenny.

1.2.1.1. DONE

  1. Install ejabberd from lenny on fritz

  2. Add firewall rules to permit connects to/from deleuze on port 4369 (check deleuze` as well)

  3. Add fritz to the mnesia cluster

  4. Add XMPP SRV records to provide both deleuze and fritz

  5. Ensure everything works ~24 hours
  6. Remove XMPP SRV records pointing to deleuze

  7. Ensure everything continues to work for ~72 hours (DNS propagation &c)

  8. Disable ejabberd on deleuze

After upgrading fritz to squeeze the ejabberd guide says it will automatically handle updating the mnesia tables. Once this is all done it may be a good idea to add hopper to the ejabberd cluster for a bit of fault tolerance.

2. Installation environment

On All Machines

  1. su to root, start a screen session (preventing partial upgrade issues if the network connection drops)

  2. Open a physical console root login just in case

After the upgrade remember to log out of the kvm root console on the other machines.

3. Installation Steps

3.1. Early Preparations

3.2. Backup Important Data

3.3. Upgrade Kernel and udev

  1. Install new kernel image and openafs-module-dkms

  2. Install udev

  3. Reboot

3.4. Basic Upgrade

  1. apt-get upgrade

  2. Reboot?

3.5. Full Upgrade

  1. apt-get dist-upgrade

  2. Reboot?

3.6. Clean Up

  1. Make sure the other machines are still sane after losing volume access for a while.

4. Caveats

4.1. pam_unix_session locking all login access

Not an issue

This bit us on hopper. ClintonEbadi has confirmed this is not in use--it appears hopper's PAM configuration was copied from another machine that had been running etch earlier and used deprecated modules.

4.2. Locally built packages

Not an issue

ClintonEbadi scanned the currently installed packages and we are using the backports versions of afs and kerberos with nothing else locally built.

5. Service Interruption Mitigation

5.1. Read Only Volumes on Deleuze

Not Doing This (the time required is not worth a few minutes of afs downtime at this point)

Since we have openafs we may as well take advantage of it by adding deleuze's vicepa as a site for user.$USER volumes. There does not appear to be enough room for mail.$USER volumes so we won't worry about those (mail will still be queued and having a read only copy of mail volumes is of dubious value).

5.1.1. Preparation

A few days before the upgrade:

Immediately before upgrading:

5.1.2. Clean Up

For all user volumes vos remsite deleuze vicepa user.$USER to free space for the backup. Alternatively, since the backup will be moved to fritz anyway, leave them in place. There seems to be little benefit to doing so since deleuze does not have much space compared to fritz and we have nothing in place to regularly vos release volumes making them effectively useless.

FritzSqueezeUpgrade (last edited 2011-07-18 02:25:47 by ClintonEbadi)