Upgrades
Contents
Before reading this upgrade guide, please note that live updates to your production servers are carried out at your own risk. Debian Edu/Skolelinux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
Please read this chapter and the New features in Buster chapter of this manual completely before attempting to upgrade.
General notes on upgrading
Upgrading Debian from one distribution to the next is generally rather easy. For Debian Edu this is unfortunately not yet true as we modify configuration files in ways we shouldn't. (See Debian bug 311188 for more information.) Upgrading is still possible but may require some work.
In general, upgrading the servers is more difficult than the workstations and the main-server is the most difficult to upgrade. The diskless machines are easy, as their chroot environment can be deleted and recreated, if you haven't modified it. If you have, the chroot is basically a workstation chroot anyway, so rather easy to upgrade.
If you want to be sure that after the upgrade everything works as before, you should test the upgrade on a test system or systems configured the same way as your production machines. There you can test the upgrade without risk and see if everything works as it should.
Make sure to also read the information about the current Debian Stable release in its installation manual.
It may also be wise to wait a bit and keep running Oldstable for a few weeks longer, so that others can test the upgrade and document any problems they experience. The Oldstable release of Debian Edu will receive continued support for some time after the next Stable release, but when Debian ceases support for Oldstable, Debian Edu will necessarily do the same.
Upgrades from Debian Edu Stretch
Be prepared: make sure you have tested the upgrade from Stretch in a test environment or have backups ready to be able to go back.
Please note that the following recipe applies to a default Debian Edu main server installation (desktop=xfce, profiles Main Server, Workstation, LTSP Server). (For a general overview concerning stretch to buster upgrade, see: https://www.debian.org/releases/buster/releasenotes)
Don't use X, use a virtual console, log in as root.
If apt finishes with an error, try to fix it and/or run apt -f install and then apt -y full-upgrade once again.
Upgrading the main server
- Start by making sure the current system is up-to-date:
apt update apt full-upgrade
- Cleanup the package cache:
apt clean
Make sure you have enough disk space. On both /usr and /var about 5 GiB free space will be needed temporarily. See the related manual chapter for more information.
- Prepare and start the upgrade to Buster:
sed -i 's/stretch/buster/g' /etc/apt/sources.list export LC_ALL=C # optional (to get English output) apt update apt purge atftpd # needed because tftpd will be installed apt install libcurl4 # needed to replace libcurl3 apt install apache2 # needed first to avoid additional work later on apt full-upgrade
apt-list-changes: be prepared for a lot of NEWS to read; press <return> to scroll down, <q> to leave the pager. All information will be mailed to root so that you can read it again (using mailx or mutt).
- Read all debconf information carefully, choose 'keep your currently-installed version' unless stated differently below; in most cases hitting return will be fine.
- restart services: Choose yes.
- ntp: Choose N.
- smb
- dovecot
- grub
- Apply and adjust configuration:
cf-agent -I -D installation
- Get the new Debian Edu Buster artwork:
apt install debian-edu-artwork-buster
- Enable PHP 7.3 support:
apt purge php7.0* a2enmod php7.3 a2enconf php7.3-cgi service apache2 restart
- Adjust GOsa² access (changed encryption method):
- backup /etc/gosa/gosa.conf.orig
replace the long (hashed) password in /etc/gosa/gosa.conf with the short (random) password from /etc/gosa/gosa.conf.orig (for both adminPassword and snapshotAdminPassword)
- remove /etc/gosa/gosa.secrets
run gosa-encrypt-passwords
run service apache2 reload
- After reboot, do some more cleanup:
apt purge linux-image-4.9.0-* apt purge linux-headers-4.9.0-* apt --purge autoremove
- Check if the upgraded system works:
Reboot; log in as first user and test
- if the GOsa² gui is working,
- if one is able to connect LTSP clients and workstations,
- if one can add/remove a netgroup membership of a system,
- if one can send and receive internal email,
- if one can manage printers,
- and if other site specific things are working.
Upgrading a workstation
Do all the basic things like on the main-server and without doing the things not needed.
Upgrading LTSP chroots
Make sure you have enough disk space. LTSP uses Network Block Device (NBD). The NBD image file size is about 4 GiB (default installation). If the image is updated, another 4 GiB for a temporary file are needed.
Also please note that the default LTSP architecture was i386 for Stretch. See below how to create a chroot for 64-bit-PCs (amd64).
ltsp-chroot -m -a i386 apt update ltsp-chroot -m -a i386 apt -y full-upgrade sed -i 's/stretch/buster/g' /opt/ltsp/i386/etc/apt/sources.list ltsp-chroot -m -a i386 apt update ltsp-chroot -m -a i386 apt -y full-upgrade ltsp-chroot -m -a i386 apt -f install ltsp-chroot -m -a i386 apt -y full-upgrade
- Cleaning up:
ltsp-chroot -m -a i386 apt --purge autoremove
- Update LTSP support on the server side:
ltsp-update-kernels ltsp-update-sshkeys ltsp-update-image
To save disk space, ltsp-update-image -n could be used instead; see man ltsp-update-image.
Recreating an LTSP chroot
On the LTSP server(s) the LTSP chroot could also be recreated. The new chroot will still support both thin-clients and diskless workstations. Please note: As of Buster, the LTSP chroot arch defaults to the one used for the server side.
Remove /opt/ltsp/i386 (or /opt/ltsp/amd64, depending on your setup). If you have enough diskspace, consider backing it up.
See ltsp-build-client --help and ltsp-build-client --extra-help for more information about options. The file /etc/ltsp/ltsp-build-client.conf contains some useful (commented) options.
Recreate the chroot by running ltsp-build-client as root.
Add additional LTSP chroot to support 64-bit-PC clients
At least 20 GiB additional disk space on /opt is required.
- Run "ltsp-build-client --arch amd64" to create chroot and NBD image.
Use "ldapvi -ZD '(cn=admin)'" to replace i386 with amd64 (dhcp statements in LDAP for one dedicated network).
- Run "service isc-dhcp-server restart".
- Edit /etc/debian-edu/pxeinstall.conf (set ltsparch=amd64).
- Run 'debian-edu-pxeinstall' to regenerate the PXE menu.
- Run 'service nbd-service restart' to serve the new NBD file.
Upgrades from older Debian Edu / Skolelinux installations (before Stretch)
To upgrade from any older release, you will need to upgrade to the Stretch based Debian Edu release first, before you can follow the instructions provided above. Instructions are given in the Manual for Debian Edu Stretch about how to upgrade to Stretch from the previous release, Jessie. Likewise the Jessie manual describes how to upgrade from Wheezy.