Upgrades
Contents
Before reading this upgrade guide, please note that live updates to your production servers are carried out at your own risk. Debian Edu/Skolelinux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
Please read this chapter and the New features in Stretch chapter of this manual completely before attempting to upgrade.
General notes on upgrading
Upgrading Debian from one distribution to the next is generally rather easy. For Debian Edu this is unfortunately not yet true as we modify configuration files in ways we shouldn't. (See Debian bug 311188 for more information.) Upgrading is still possible but may require some work.
In general, upgrading the servers is more difficult than the workstations and the main-server is the most difficult to upgrade. The diskless machines are easy, as their chroot environment can be deleted and recreated, if you haven't modified it. If you have, the chroot is basically a workstation chroot anyway, so rather easy to upgrade.
If you want to be sure that after the upgrade everything works as before, you should test the upgrade on a test system or systems configured the same way as your production machines. There you can test the upgrade without risk and see if everything works as it should.
Make sure to also read the information about the current Debian Stable release in its installation manual.
It may also be wise to wait a bit and keep running Oldstable for a few weeks longer, so that others can test the upgrade and document any problems they experience. The Oldstable release of Debian Edu will receive continued support for some time after the next Stable release, but when Debian ceases support for Oldstable, Debian Edu will necessarily do the same.
Upgrades from Debian Edu Jessie
Be prepared: make sure you have tested the upgrade from Jessie in a test environment or have backups ready to be able to go back.
Please note that the following recipe applies to a default Debian Edu main server installation (desktop=kde, profiles Main Server, Workstation, LTSP Server). (For a general overview concerning jessie to stretch upgrade, see: https://www.debian.org/releases/stretch/releasenotes)
Don't use X, use a virtual console, log in as root.
Please note one difference between apt and apt-get in Stretch: By default apt-get keeps downloaded packages, apt removes them from the cache (after successful installation).
If apt finishes with an error, try to fix it and/or run apt -f install and then apt -y full-upgrade once again.
Upgrading the main server
- Start by making sure the current system is up-to-date:
apt update apt full-upgrade
- Cleanup the package cache:
apt-get clean
- Prepare and start the upgrade to Stretch:
# First, adjust for a changed profile name: sed -i 's/Thin-Client-Server/LTSP-Server/' /etc/debian-edu/config # Then it's best to use the new default mirror: sed -i 's/http.debian.net/deb.debian.org/g' /etc/apt/sources.list # Finally, replace jessie with stretch. sed -i 's/jessie/stretch/g' /etc/apt/sources.list apt update apt full-upgrade
apt-list-changes: be prepared for a lot of NEWS to read; press <return> to scroll down, <q> to leave the pager.
- Read all debconf information carefully, choose 'keep your currently-installed version' unless stated differently below; in most cases hitting return will be fine.
- You will see some prompts about package configurations:
- icinga-cgi: Provide icingaadmin's password (same as used for nagiosadmin).
Just in case several display managers are installed: display-manager: Choose lightdm.
Configuring Kerberos Authentication: Enter kerberos as hostname.
Configuring icinga-common: Use external commands with Icinga: Choose <Yes>.
tftp (etc/inetd.conf): Choose <Yes>. (See atftpd bug 789667)
- /etc/default/ldap2zone: Choose Y.
- /etc/gosa/gosa.conf: Choose N. (Never accept a new gosa.conf version!)
- Cope with the Squid3 to Squid renaming:
service squid stop # This usually takes some time! rm -rf /var/spool/squid umount /var/spool/squid3 sed -i 's#spool/squid3#spool/squid#' /etc/fstab mv /var/spool/squid3 /var/spool/squid mount -a rm /etc/squid3 -rf rm /etc/default/squid3 -rf
- Modify LDAP to use the fully qualified domain name (FQDN) for sudo:
ldapvi -ZD '(cn=admin)' (Enter root password.) Search for 'sudoHost :tjener', replace 'tjener' with 'tjener.intern' (Enter 'y' to modify the LDAP data base.)
- Apply and adjust configuration:
service autofs stop cfengine-debian-edu -D installation rm /etc/apache2/conf-enabled/nagios3.conf a2dismod userdir ln -s /etc/apache2/mods-available/userdir.load /etc/apache2/mods-available/debian-edu-userdir.load a2enmod debian-edu-userdir sed -i 's/udp4/udp/' /etc/inetd.conf # Debian Bug #789667 (atftpd) service squid start service apache2 restart
- Install renamed metapackages:
apt update apt install education-networked-common apt install education-ltsp-server # Only if profile 'LTSP-Server' is installed.
- Get the new Debian Edu Stretch artwork:
apt install debian-edu-artwork-softwaves
If the upgraded system fails to boot on qemu/kvm, see 844446. Changing the architecture away from Broadwell in QEMU might help.
- After reboot, do some more cleanup:
apt purge linux-image-3.16.0-4-amd64 apt purge debian-edu-artwork-lines # Only if not wanted as an alternative theme. dpkg -P php5-imagick # Package might not be installed in all cases. rm -rf /etc/php5
- Enable otherwise broken PHP 7.0 support:
a2enmod php7.0 service apache2 restart
- Check if the upgraded system works:
Reboot; log in as first user and test
- if the GOsa² gui is working,
- if one is able to connect LTSP clients and workstations,
- if one can add/remove a netgroup membership of a system,
- if one can send and receive internal email,
- if one can manage printers,
- and if other site specific things are working.
Upgrading a workstation
Do all the basic things like on the main-server and without doing the things not needed. And then do this in addition.
- To enable LDAP connection, renew the server certificate:
rm /etc/ldap/ssl/ldap-server-pubkey.pem service nslcd stop service fetch-ldap-cert restart service nslcd start
Upgrading LTSP chroots (default arch i386)
Make sure you have enough disk space. LTSP now uses Network Block Device (NBD). The NBD image file size is about 4 GiB (default installation). If the image is updated, another 4 GiB for a temporary file are needed.
ltsp-chroot -m -a i386 apt update ltsp-chroot -m -a i386 apt -y full-upgrade sed -i 's/jessie/stretch/g' /opt/ltsp/i386/etc/apt/sources.list ltsp-chroot -m -a i386 apt update ltsp-chroot -m -a i386 apt -y full-upgrade ltsp-chroot -m -a i386 apt -f install ltsp-chroot -m -a i386 apt -y full-upgrade
- Cleaning up:
ltsp-chroot -m -a i386 apt --purge autoremove
- Update LTSP support on the server side:
ltsp-update-kernels ltsp-update-sshkeys ltsp-update-image
To save disk space, ltsp-update-image -n could be used instead; see man ltsp-update-image.
Recreating an LTSP chroot
On the LTSP server(s) the LTSP chroot could also be recreated. The new chroot will still support both thin-clients and diskless workstations.
Remove /opt/ltsp/i386 (or /opt/ltsp/amd64, depending on your setup). If you have enough diskspace, consider backing it up.
Recreate the chroot by running debian-edu-ltsp --arch i386 (or debian-edu-ltsp --arch amd64) as root.
Upgrades from older Debian Edu / Skolelinux installations (before Jessie)
To upgrade from any older release, you will need to upgrade to the Jessie based Debian Edu release first, before you can follow the instructions provided above. Instructions are given in the Manual for Debian Edu Jessie about how to upgrade to Jessie from the previous release, Wheezy. Likewise the Wheezy manual describes how to upgrade from Squeeze.