[debian-edu-commits] [Debian Wiki] Update of "DebianEdu/Documentation/Bookworm/Maintenance" by WolfgangSchweer

Debian Wiki wiki at debian.org
Sun Aug 29 23:11:03 BST 2021


Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Debian Wiki" for change notification.

The "DebianEdu/Documentation/Bookworm/Maintenance" page has been changed by WolfgangSchweer:
https://wiki.debian.org/DebianEdu/Documentation/Bookworm/Maintenance

Comment:
initial content (copy from the bullseye page w/ some adjustments)

New page:
<<Anchor(Maintenance)>>
= Maintenance =
<<TableOfContents(2)>>

== Updating the software ==

This section explains how to use {{{apt full-upgrade}}}.

Using {{{apt}}} is really simply. To update a system you need to execute two commands on the command line as root: {{{apt update}}} (which updates the lists of available packages) and {{{apt full-upgrade}}} (which upgrades the packages for which an upgrade is available).

It is also a good idea to upgrade using the C locale to get English output which in cases of problems is more likely to produce results in search engines.

{{{
LC_ALL=C apt full-upgrade -y
}}}

After upgrading the {{{debian-edu-config}}} package, changed Cfengine configuration files might be available. Run {{{ls -ltr /etc/cfengine3/debian-edu/}}} to check if this is the case. To apply the changes, run {{{LC_ALL=C cf-agent -D installation}}}.

It is important to run {{{debian-edu-ltsp-install --diskless_workstation yes}}} after LTSP server upgrades to keep the SquashFS image for diskless clients in sync.

After a point release upgrade of a system with ''Main Server'' or ''LTSP Server'' profile, {{{debian-edu-pxeinstall}}} needs to be run to update the PXE installation environment.

It is also a good idea to install {{{cron-apt}}} and {{{apt-listchanges}}} and configure them to send mail to an address you are reading.

{{{cron-apt}}} will notify you once a day via email about any packages that can be upgraded. It does not install these upgrades, but does download them (usually in the night), so you don't have to wait for the download when you do {{{apt full-upgrade}}}.
## what does it do that you can't get more easily these days with "APT::Periodic::..." lines in an /etc/apt/apt.conf.d file?

Automatic installation of updates can be done easily if desired, it just needs the {{{unattended-upgrades}}} package to be installed and configured as described on [[https://wiki.debian.org/UnattendedUpgrades|wiki.debian.org/UnattendedUpgrades]].

{{{apt-listchanges}}} can send new changelog entries to you via email, or alternatively display them in the terminal when running {{{apt}}}.

=== Keep yourself informed about security updates ===

Running {{{cron-apt}}} as described above is a good way to learn when security updates are available for installed packages.
Another way to stay informed about security updates is to subscribe to the [[https://lists.debian.org/debian-security-announce/|Debian security-announce mailinglist]], which has the benefit of also telling you what the security update is about. The downside (compared to {{{cron-apt}}}) is that it also includes information about updates for packages which aren't installed.

== Backup Management ==
For backup management point your browser to https://www/slbackup-php. Please note that you need to access this site via SSL, since you have to enter the root password there. If you try to access this site without using SSL it will fail.<<BR>> 
/!\ Note: the site will only work if you temporarily allow SSH root login on the backup server, which is the main server (tjener.intern) by default).

By default, backups of {{{/skole/tjener/home0}}}, {{{/etc/}}}, {{{/root/.svk}}} and LDAP are stored in the /skole/backup/ directory which is managed as separate partition by LVM. If you only want to have spare copies of things (in case you delete them) this setup should be fine for you.

/!\ Be aware that this backup scheme doesn't protect you from failing hard drives.

If you want to back up your data to an external server, a tape device or another hard drive you'll have to modify the existing configuration a bit.

If you want to restore a complete folder, your best option is to use the command-line:

{{{
$ sudo rdiff-backup -r <date>  \
   /skole/backup/tjener/skole/tjener/home0/user \
   /skole/tjener/home0/user_<date>
}}}

This will leave the content from {{{/skole/tjener/home0/user}}} for {{{<date>}}} in the folder {{{/skole/tjener/home0/user_<date>}}}

If you want to restore a single file, then you should be able to select the file (and the version) from the web interface, and download only that file.

If you want to get rid of older backups, choose "Maintenance" in the menu on the backup page and select the oldest snapshot to keep:

{{attachment:slbackup-php_maintenance.png|slbackup-php Maintenance|width=1024}}

== Server Monitoring ==

=== Munin ===

The Munin trend reporting system is available from [[https://www/munin/]].  It provides system status measurement graphs on a daily, weekly, monthly and yearly basis, and provides the system administrator with help when looking for bottlenecks and the source of system problems.

The list of machines being monitored using Munin is generated automatically, based on the list of hosts reporting to sitesummary.  All hosts with the package munin-node installed are registered for Munin monitoring.  It will normally take one day from a machine being installed until Munin monitoring starts, because of the order the cron jobs are executed.  To speed up the process, run {{{sitesummary-update-munin}}} as root on the sitesummary server (normally the main
server).  This will update the {{{/etc/munin/munin.conf}}} file.

The set of measurements being collected is automatically generated on each machine using the {{{munin-node-configure}}} program which probes the plugins available from {{{/usr/share/munin/plugins/}}} and symlinks the relevant ones to {{{/etc/munin/plugins/}}}.

Information about Munin is available from https://munin-monitoring.org/.

=== Icinga ===

Icinga system and service monitoring is available from [[https://www/icingaweb2/]]. The set of machines and services being monitored is automatically generated using information collected by the sitesummary system. The machines with the profile Main-server and LTSP-server receive full monitoring, while workstations and thin clients receive simple monitoring. To enable full monitoring on a workstation, install the {{{nagios-nrpe-server}}} package on the workstation.

By default Icinga does not send email. This can be changed by replacing {{{notify-by-nothing}}} with {{{host-notify-by-email}}} and {{{notify-by-email}}} in the file {{{/etc/icinga/sitesummary-template-contacts.cfg}}}.

The Icinga configuration file used is {{{/etc/icinga/sitesummary.cfg}}}.  The sitesummary cron job generates {{{/var/lib/sitesummary/icinga-generated.cfg}}} with the list of hosts and services to monitor.

Extra Icinga checks can be put in the file {{{/var/lib/sitesummary/icinga-generated.cfg.post}}} to get them included in the generated file.

Information about Icinga is available from https://www.icinga.com/ or in the {{{icinga-doc}}} package.

==== Common Icinga warnings and how to handle them ====

Here are instructions on how to handle the most common Icinga warnings.

===== DISK CRITICAL - free space: /usr 309 MB (5% inode=47%): =====

The partition (/usr/ in the example) is too full.  There are in general two ways to handle this: (1) remove some files or (2) increase the size of the partition.  If the partition is /var/, purging the APT cache by calling {{{apt clean}}} might remove some files.  If there is more room available in the LVM volume group, running the program {{{debian-edu-fsautoresize}}} to extend the partitions might help.  To run this program automatically every hour, the host in question can be added to the {{{fsautoresize-hosts}}} netgroup.

===== APT CRITICAL: 13 packages available for upgrade (13 critical updates). =====

New package are available for upgrades.  The critical ones are normally security fixes.  To upgrade, run 'apt upgrade && apt full-upgrade' as root in a terminal or log in via SSH to do the same.

If you do not want to manually upgrade packages and trust Debian to do a good job with new versions, you can configure {{{unattended-upgrades}}} to automatically upgrade all new packages every night.  This will not upgrade the LTSP chroots.

===== WARNING - Reboot required : running kernel = 2.6.32-37.81.0, installed kernel = 2.6.32-38.83.0  =====

The running kernel is older than the newest installed kernel, and a reboot is required to activate the newest installed kernel.  This is normally fairly urgent, as new kernels normally show up in Debian Edu to fix security issues.

===== WARNING: CUPS queue size - 61 =====

The printer queues in CUPS have a lot of jobs pending.  This is most likely because of a unavailable printer.  Disabled print queues are enabled every hour on hosts that are member of the {{{cups-queue-autoreenable-hosts}}} netgroup, so for such hosts no manual action should be required.  The print queues are emptied every night on hosts that are member of the {{{cups-queue-autoflush-hosts}}} netgroup.  If a host have a lot of jobs in their queue, consider adding this host to one or both of these netgroups.

=== Sitesummary ===

Sitesummary is used to collect information from each computer and submit it to the central server.  The information collected is available in {{{/var/lib/sitesummary/entries/}}}. Scripts in {{{/usr/lib/sitesummary/}}} are available to generate reports.

A simple report from Sitesummary without any details is available from [[https://www/sitesummary/]].

Some documentation on sitesummary is available from https://wiki.debian.org/DebianEdu/HowTo/SiteSummary

== More information about Debian Edu customisations ==

More information about Debian Edu customisations useful for system administrators can be found in the [[DebianEdu/Documentation/Bookworm/HowTo/Administration|Administration Howto chapter]] and in the [[DebianEdu/Documentation/Bookworm/HowTo/AdvancedAdministration|Advanced administration Howto chapter]]

CategoryPermalink



More information about the debian-edu-commits mailing list