= Upgrade des Debian Edu Haupt-Servers (TJENER) von Debian Edu squeeze nach Debian Edu jessie = <> == Preparations == * Perform a manual dump of your LDAP database (in case things fail on the way):{{{ root@tjener:~# slapcat > /root/slapcat-$(date +%Y%m%d%H%M%S).ldif }}} * Backup the complete TJENER system (so that you can completely restore the old state from backup, if needed). * Backup the {{{/etc/}}} configuration files and have them at hand when fixing various service settings once packages have been upgraded to Debian jessie state. == Package Upgrades == === to Debian (Edu) wheezy === * Update {{{/etc/apt/sources.list}}} and individual configurations in {{{/etc/apt/sources.list.d/}}}, so that packages for Debian wheezy will get installed with next upgrade / dist-upgrade. * Run upgrade and dist-upgrade in two steps{{{ root@tjener:~# apt-get upgrade root@tjener:~# apt-get dist-upgrade }}} * Reboot into the new Debian wheezy system, ignore if some services are broken / non-functional. === to Debian (Edu) jessie === * Update {{{/etc/apt/sources.list}}} and individual configurations in {{{/etc/apt/sources.list.d/}}}, so that packages for Debian jessie will get installed with next upgrade / dist-upgrade. * Run upgrade and dist-upgrade in two steps{{{ root@tjener:~# apt-get upgrade root@tjener:~# apt-get dist-upgrade }}} * Reboot into the new Debian jessie system, ignore if some services are broken / non-functional. === Possible mistakes === * Don't forget the reboot into the Debian wheezy system, because you will run into troubles when upgrading the {{{udev}}} package from wheezy to jessie if still running the 2.6.32 Linux kernel from Debian squeeze. == Fixing the TJENER setup after package upgrade == The Debian Edu mainserver is not easily upgradable, because the mainserver installation process in Debian Edu does many modifications to the plain Debian system. === Fix DNS server (bind9) === During the upgrade process, the DNS server configuration (synced into text files from LDAP) gets lost. You need to rebuild the DNS server configuration files from LDAP manually. * Add{{{ 10.0.2.2 ldap.intern}}}to /etc/hosts temporarily. * Add{{{ BIND_DATA="/etc/bind"}}}at the end of {{{/etc/default/ldap2zone}}}. * Rebuild the DNS configuration (in {{{/etc/bind}}}) via {{{ldap2bind}}} command:{{{ root@tjener:~# su - bind bind@tjener:~$ PATH=/sbin:/bin:/usr/sbin:/usr/bin /usr/sbin/ldap2bind }}} === Fix Apache2 Setup === The next step is getting the Apache2 setup fixed, so you can regain access to GOsa² installed on TJENER: * Remove dangling symlinks in {{{/etc/apache2/sites-enabled}}} related to Debian Edu{{{ root@tjener:~# rm -f /etc/apache2/sites-enabled/debian-edu-*default }}} * Create proper symlinks (having a trainling {{{.conf}}} in the symlink name via the {{{a2ensite}}} utility:{{{ root@tjener:~# a2ensite debian-edu-default root@tjener:~# a2ensite debian-edu-ssl-default }}} * Don't forget to restart Apache2:{{{ root@tjener:~# invoke-rc.d apache2 restart }}} === Fix GOsa² binding to LDAP === Once Apache2 is up-and-running again, you may want to access GOsa² to check if your LDAP tree is still in shape after upgrade (it surely will be). However, access GOsa² results in this message after a fresh squeeze to jessie Upgrade: {{{ Schwerer Fehler Fehler beim Verbinden mit dem LDAP-Server: Could not bind to cn=gosa-admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no (während der Arbeit auf LDAP-Server 'ldap://ldap.intern') Bitte beheben Sie obigen Fehler und laden die Seite neu. }}} Two steps are required to get this issue fixed: * Fix {{{/etc/gosa/gosa.secrets}}} with this command{{{ root@tjener:~# sed -e 's/GOSA_KEY/GOSAKEY/g' -i /etc/gosa.secrets }}} * Fix {{{/etc/gosa/gosa.conf}}} manually after upgrade. In your new (i.e., jessie'ish) {{{gosa.conf}}} file you are likely to find {{{$GOSAPWD}}} as {{{adminPassword}}} and {{{snapshotAdminPassword}}} values. This, of course is wrong, the {{{$GOSAPWD}}} variable is only used while boot-strapping the Debian Edu mainserver at installation time. Steps to get this variable replaced by the original hashed password string: * Get {{{/etc/gosa/gosa.conf}}} from your earlier taken configuration backup * Search for the string "adminPassword" in the configuration and obtain the hash referenced there as a value * Replace {{{$GOSAPWD}}} by that hash:{{{ root@tjener:~# sed -e 's/$GOSAPWD/