Differences between revisions 7 and 8
Revision 7 as of 2021-02-03 20:50:41
Size: 8152
Editor: ?WolfgangSchweer
Comment: typo fix, minor change
Revision 8 as of 2021-04-06 23:44:34
Size: 8208
Editor: HolgerLevsen
Comment: improve wording
Deletions are marked like this. Additions are marked like this.
Line 12: Line 12:
Upgrading Debian from one distribution to the next is generally rather easy. For Debian Edu this is unfortunately not yet true as we modify configuration files in ways we shouldn't. (See Debian bug DebianBug:311188 for more information.) Upgrading is still possible but may require some work. Upgrading Debian from one distribution to the next is generally rather easy. For Debian Edu this is unfortunately a bit more complicated as we modify configuration files in ways we shouldn't. However we have documented the needed steps below.
(See Debian bug DebianBug:311188 for more information how Debian Edu should modify configuration files.)

Upgrades

/!\ Before reading this upgrade guide, please note that live updates to your production servers are carried out at your own risk. Debian Edu/Skolelinux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

Please read this chapter and the New features in Bullseye chapter of this manual completely before attempting to upgrade.

General notes on upgrading

Upgrading Debian from one distribution to the next is generally rather easy. For Debian Edu this is unfortunately a bit more complicated as we modify configuration files in ways we shouldn't. However we have documented the needed steps below. (See Debian bug 311188 for more information how Debian Edu should modify configuration files.)

In general, upgrading the servers is more difficult than the workstations and the main-server is the most difficult to upgrade.

If you want to be sure that after the upgrade everything works as before, you should test the upgrade on a test system or systems configured the same way as your production machines. There you can test the upgrade without risk and see if everything works as it should.

Make sure to also read the information about the current Debian Stable release in its installation manual.

It may also be wise to wait a bit and keep running Oldstable for a few weeks longer, so that others can test the upgrade and document any problems they experience. The Oldstable release of Debian Edu will receive continued support for some time after the next Stable release, but when Debian ceases support for Oldstable, Debian Edu will necessarily do the same.

Upgrades from Debian Edu Buster

/!\ Be prepared: make sure you have tested the upgrade from Buster in a test environment or have backups ready to be able to go back.

Please note that the following recipe applies to a default Debian Edu main server installation (desktop=xfce, profiles Main Server, Workstation, LTSP Server). (For a general overview concerning Buster to Bullseye upgrade, see: https://www.debian.org/releases/bullseye/releasenotes)

Don't use X, use a virtual console, log in as root.

If apt finishes with an error, try to fix it and/or run apt -f install and then apt -y full-upgrade once again.

Upgrading the main server

  • Start by making sure the current system is up-to-date:

apt update
apt full-upgrade
  • Cleanup the package cache:

apt clean
  • To avoid a possible squid file permission pitfall, run

rm -f /etc/squid/conf.d/debian-edu.conf
  • Prepare and start the upgrade to Bullseye (new security entry):

sed -i 's/buster/bullseye/g' /etc/apt/sources.list
sed -i 's#/debian-security bullseye/updates# bullseye-security#g' /etc/apt/sources.list
export LC_ALL=C        # optional (to get English output)
apt update
apt full-upgrade
  • apt-list-changes: be prepared for a lot of NEWS to read; press <return> to scroll down, <q> to leave the pager. All information will be mailed to root so that you can read it again (using mailx or mutt).

  • Read all debconf information carefully, choose 'keep the local version currently installed' unless stated differently below; in most cases hitting return will be fine.
    • restart services: Choose yes.
    • base-passwd: Choose yes.
    • Samba server and utilities: Choose 'keep the local version currently installed'.
    • Kerberos servers: Enter 'kerberos' and hit 'OK'.
    • /etc/default/slapd: Choose N.
    • openssh-server: Choose 'keep the local version currently installed'.
    • /etc/cups/cups-files.conf: Choose N.
    • /etc/munin/munin.conf: Choose N.
  • Apply and adjust configuration:

cf-agent -v -D di,installation
  • Setup and configure the Icinga2 web interface:
    • Run apt install icinga2-ido-mysql, always choose No if asked by debconf.

    • Ignore an error message about the icingadb existence.

    • Run /usr/share/tools/edu-icinga-setup

  • Get the new Debian Edu Homeworld artwork:

apt install debian-edu-artwork-homeworld
apt purge debian-edu-artwork-buster      # unless Buster artwork should be kept as an alternative
  • Cope with new LTSP and related changes, run:

rm -f /etc/default/tftpd-hpa        # to remove no longer needed modifications
rm -rf /var/lib/tftpboot            # to remove no longer used tftp base directory
dpkg-reconfigure -p low tftpd-hpa   # first prompt: keep ''tftp'' as system account, second: change TFTP root directory to ''/srv/tftp''
                                    # third: keep address and port, last one: enter ''--secure'' as additional option 
service tftpd-hpa restart
rm -rf /opt/ltsp                    # cleanup old LTSP base directory
# The next steps will need quite some execution time.
debian-edu-ltsp-install --arch amd64 --diskless_workstation no thin_type bare   # if 64-Bit thin client support is wanted
debian-edu-ltsp-install --arch i386 --diskless_workstation no thin_type bare    # if 32-Bit thin client support is wanted
debian-edu-ltsp-install --diskless_workstation yes   # to create diskless workstation image from the server's file system
debian-edu-pxeinstall                                # to add PXE installation files and related iPXE menu items 
  • Cope with move to iPXE - modify DHCP settings in LDAP, e.g. using an editor like ldapvi. Make sure, DHCP related entries match those contained in the /etc/ldap/gosa-server.ldif file. Entries concerned are:

    • 60 cn=dhcp,cn=tjener,ou=servers,ou=systems,dc=skole,dc=skolelinux,dc=no
    • 81 cn=intern,cn=dhcp,cn=tjener,ou=servers,ou=systems,dc=skole,dc=skolelinux,dc=no
    • 83 cn=subnet00.intern,cn=dhcp,cn=tjener,ou=servers,ou=systems,dc=skole,dc=skolelinux,dc=no
    • 85 cn=subnet01.intern,cn=dhcp,cn=tjener,ou=servers,ou=systems,dc=skole,dc=skolelinux,dc=no
  • Cope with GOsa changes - use new gosa.conf, fix LDAP access:
    • cp /etc/gosa/gosa.conf /etc/gosa/gosa.conf.buster # backup
    • cp /usr/share/debian-edu-config/gosa.conf.template /etc/gosa/gosa.conf # new gosa.conf file
    • Search for adminPassword and snapshotAdminPassword in /etc/gosa/gosa.conf and replace $GOSAPWD with the random password found in /etc/gosa/gosa.conf.orig for those entries.
    • rm /etc/gosa/gosa.secrets
    • Run gosa-encrypt-passwords

    • Run service apache2 restart

  • Cope with Kerberos encryption type changes:
    • cp /etc/krb5kdc/kdc.conf_non-edu /etc/krb5kdc/kdc.conf
    • sed -i 's/#supported_enctypes/supported_enctypes/' /etc/krb5kdc/kdc.conf
    • Run service krb5-admin-kdc restart

  • Cope with Samba changes:
    • Add first user's Samba account: smbpasswd -a <first username>. Once users change their password, the related Samba account will be created.

  • Check if the upgraded system works:

Reboot; log in as first user and test

  • if the GOsa² gui is working,
  • if one is able to connect LTSP clients and workstations,
  • if one can add/remove a netgroup membership of a system,
  • if one can send and receive internal email,
  • if one can manage printers,
  • and if other site specific things are working.

Upgrading a workstation

Do all the basic things like on the main-server and without doing the things not needed. If not yet done, configure the machine to use Kerberos for mounting home directories, see the getting started chapter for details.

Upgrades from older Debian Edu / Skolelinux installations (before Buster)

To upgrade from any older release, you will need to upgrade to the Buster based Debian Edu release first, before you can follow the instructions provided above. Instructions are given in the Manual for Debian Edu Buster about how to upgrade to Buster from the previous release, Stretch. Likewise the Stretch manual describes how to upgrade from Jessie.

CategoryPermalink