Unterschiede zwischen den Revisionen 10 und 14 (über 4 Versionen hinweg)
Revision 10 vom 2015-07-24 06:49:50
Größe: 3239
Kommentar:
Revision 14 vom 2015-07-24 07:12:39
Größe: 4899
Kommentar:
Gelöschter Text ist auf diese Art markiert. Hinzugefügter Text ist auf diese Art markiert.
Zeile 4: Zeile 4:

== Preparations ==

  * Perform a manual dump of your LDAP database (in case things fail on the way):{{{
root@tjener:~# slapcat > /root/slapcat-$(date +%Y%m%d%H%M%S).ldif
}}}
  * Backup the complete TJENER system (so that you can completely restore the old state from backup, if needed).
  * Backup the {{{/etc/}}} configuration files and have them at hand when fixing various service settings once packages have been upgraded to Debian jessie state.
Zeile 73: Zeile 81:

Two steps are required to get this issue fixed:

  * Fix {{{/etc/gosa/gosa.secrets}}} with this command{{{
root@tjener:~# sed -e 's/GOSA_KEY/GOSAKEY/g' -i /etc/gosa.secrets
}}}
  * Fix {{{/etc/gosa/gosa.conf}}} manually after upgrade. In your new (i.e., jessie'ish) {{{gosa.conf}}} file you are likely to find {{{$GOSAPWD}}} as {{{adminPassword}}} and {{{snapshotAdminPassword}}} values. This, of course is wrong, the {{{$GOSAPWD}}} variable is only used while boot-strapping the Debian Edu mainserver at installation time. Steps to get this variable replaced by the original hashed password string:
    * Get {{{/etc/gosa/gosa.conf}}} from your earlier taken configuration backup
    * Search for the string "adminPassword" in the configuration and obtain the hash referenced there as a value
    * Replace {{{$GOSAPWD}}} by that hash:{{{
root@tjener:~# sed -e 's/$GOSAPWD/<put-your-pw-hash-here/g' -i /etc/gosa/gosa.conf
}}}
  * Don't forget to restart Apache2 (as {{{/etc/gosa/gosa.secrets}}} gets pulled in into the Apache2 runtime configuration).
  * Test GOsa² access:
    * Open this URL in your webbrowser: {{{https://www/gosa/}}}
    * Login with any of your LDAP accounts

Upgrade des Debian Edu Haupt-Servers (TJENER) von Debian Edu squeeze nach Debian Edu jessie

Preparations

  • Perform a manual dump of your LDAP database (in case things fail on the way):

    root@tjener:~# slapcat > /root/slapcat-$(date +%Y%m%d%H%M%S).ldif
  • Backup the complete TJENER system (so that you can completely restore the old state from backup, if needed).
  • Backup the /etc/ configuration files and have them at hand when fixing various service settings once packages have been upgraded to Debian jessie state.

Package Upgrades

to Debian (Edu) wheezy

  • Update /etc/apt/sources.list and individual configurations in /etc/apt/sources.list.d/, so that packages for Debian wheezy will get installed with next upgrade / dist-upgrade.

  • Run upgrade and dist-upgrade in two steps

    root@tjener:~# apt-get upgrade
    root@tjener:~# apt-get dist-upgrade
  • Reboot into the new Debian wheezy system, ignore if some services are broken / non-functional.

to Debian (Edu) jessie

  • Update /etc/apt/sources.list and individual configurations in /etc/apt/sources.list.d/, so that packages for Debian jessie will get installed with next upgrade / dist-upgrade.

  • Run upgrade and dist-upgrade in two steps

    root@tjener:~# apt-get upgrade
    root@tjener:~# apt-get dist-upgrade
  • Reboot into the new Debian jessie system, ignore if some services are broken / non-functional.

Possible mistakes

  • Don't forget the reboot into the Debian wheezy system, because you will run into troubles when upgrading the udev package from wheezy to jessie if still running the 2.6.32 Linux kernel from Debian squeeze.

Fixing the TJENER setup after package upgrade

The Debian Edu mainserver is not easily upgradable, because the mainserver installation process in Debian Edu does many modifications to the plain Debian system.

Fix DNS server (bind9)

During the upgrade process, the DNS server configuration (synced into text files from LDAP) gets lost. You need to rebuild the DNS server configuration files from LDAP manually.

  • Add

    10.0.2.2 ldap.intern
    to /etc/hosts temporarily.
  • Add

    BIND_DATA="/etc/bind"

    at the end of /etc/default/ldap2zone.

  • Rebuild the DNS configuration (in /etc/bind) via ldap2bind command:

    root@tjener:~# su - bind
    bind@tjener:~$ PATH=/sbin:/bin:/usr/sbin:/usr/bin /usr/sbin/ldap2bind

Fix Apache2 Setup

The next step is getting the Apache2 setup fixed, so you can regain access to GOsa² installed on TJENER:

  • Remove dangling symlinks in /etc/apache2/sites-enabled related to Debian Edu

    root@tjener:~# rm -f /etc/apache2/sites-enabled/debian-edu-*default
  • Create proper symlinks (having a trainling .conf in the symlink name via the a2ensite utility:

    root@tjener:~# a2ensite debian-edu-default
    root@tjener:~# a2ensite debian-edu-ssl-default
  • Don't forget to restart Apache2:

    root@tjener:~# invoke-rc.d apache2 restart

Fix GOsa² binding to LDAP

Once Apache2 is up-and-running again, you may want to access GOsa² to check if your LDAP tree is still in shape after upgrade (it surely will be). However, access GOsa² results in this message after a fresh squeeze to jessie Upgrade:

<b>Schwerer Fehler</b>
Fehler beim Verbinden mit dem LDAP-Server: Could not bind to cn=gosa-admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no (während der Arbeit auf LDAP-Server 'ldap://ldap.intern')

Bitte beheben Sie obigen Fehler und laden die Seite neu. 

Two steps are required to get this issue fixed:

  • Fix /etc/gosa/gosa.secrets with this command

    root@tjener:~# sed -e 's/GOSA_KEY/GOSAKEY/g' -i /etc/gosa.secrets
  • Fix /etc/gosa/gosa.conf manually after upgrade. In your new (i.e., jessie'ish) gosa.conf file you are likely to find $GOSAPWD as adminPassword and snapshotAdminPassword values. This, of course is wrong, the $GOSAPWD variable is only used while boot-strapping the Debian Edu mainserver at installation time. Steps to get this variable replaced by the original hashed password string:

    • Get /etc/gosa/gosa.conf from your earlier taken configuration backup

    • Search for the string "adminPassword" in the configuration and obtain the hash referenced there as a value
    • Replace $GOSAPWD by that hash:

      root@tjener:~# sed -e 's/$GOSAPWD/<put-your-pw-hash-here/g' -i /etc/gosa/gosa.conf
  • Don't forget to restart Apache2 (as /etc/gosa/gosa.secrets gets pulled in into the Apache2 runtime configuration).

  • Test GOsa² access:
    • Open this URL in your webbrowser: https://www/gosa/

    • Login with any of your LDAP accounts

IT-Zukunft Schule: Technik/Installation/VM/HauptServerTjener/Squeeze2Jessie (zuletzt geändert am 2016-01-10 02:04:39 durch MikeGabriel)