[debian-edu-commits] [Debian Wiki] Update of "DebianEdu/Documentation/Bullseye/Upgrades" by WolfgangSchweer
Debian Wiki
wiki at debian.org
Mon Jan 18 20:48:11 GMT 2021
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Debian Wiki" for change notification.
The "DebianEdu/Documentation/Bullseye/Upgrades" page has been changed by WolfgangSchweer:
https://wiki.debian.org/DebianEdu/Documentation/Bullseye/Upgrades?action=diff&rev1=4&rev2=5
Comment:
upgrading a combined server is quite a challenge...
== Upgrades from Debian Edu Buster ==
- /!\ Be prepared: make sure you have tested the upgrade from Buster in a test environment or have backups ready to be able to go back.
+ /!\ Be prepared: make sure you have tested the upgrade from Buster in a test environment or have backups ready to be able to go back.
Please note that the following recipe applies to a default Debian Edu main server installation (desktop=xfce, profiles Main Server, Workstation, LTSP Server). (For a general overview concerning Buster to Bullseye upgrade, see:
https://www.debian.org/releases/bullseye/releasenotes)
@@ -45, +45 @@
apt clean
}}}
- * Make sure you have enough disk space. On both ''/usr'' and ''/var'' about 5 GiB free space will be needed temporarily. See the related [[DebianEdu/Documentation/Bullseye/HowTo/Administration|manual chapter]] for more information.
+ * To avoid a possible squid file permission pitfall, run
+ {{{
+ rm -f /etc/squid/conf.d/debian-edu.conf
+ }}}
- * Prepare and start the upgrade to Bullseye:
+ * Prepare and start the upgrade to Bullseye (new security entry):
{{{
sed -i 's/buster/bullseye/g' /etc/apt/sources.list
+ sed -i 's#/debian-security bullseye/updates# bullseye-security#g' /etc/apt/sources.list
export LC_ALL=C # optional (to get English output)
apt update
apt full-upgrade
- }}}
-
- * apt-list-changes: be prepared for a lot of NEWS to read; press <return> to scroll down, <q> to leave the pager. All information will be mailed to root so that you can read it again (using ''mailx'' or ''mutt'').
-
- * Read all debconf information carefully, choose 'keep your currently-installed version' unless stated differently below; in most cases hitting return will be fine.
- * restart services: Choose yes.
-
- * Apply and adjust configuration:
- {{{
- cf-agent -I -D installation
}}}
- * Get the new Debian Edu Bullseye artwork:
+ * apt-list-changes: be prepared for a lot of NEWS to read; press <return> to scroll down, <q> to leave the pager. All information will be mailed to root so that you can read it again (using ''mailx'' or ''mutt'').
+
+ * Read all debconf information carefully, choose 'keep the local version currently installed' unless stated differently below; in most cases hitting return will be fine.
+ * restart services: Choose yes.
+ * base-passwd: Choose yes.
+ * Samba server and utilities: Choose 'keep the local version currently installed'.
+ * Kerberos servers: Enter 'kerberos' and hit 'OK'.
+ * /etc/default/slapd: Choose N.
+ * openssh-server: Choose 'keep the local version currently installed'.
+ * /etc/cups/cups-files.conf: Choose N.
+ * /etc/munin/munin.conf: Choose N.
+
+ * Cleanup from no longer needed packages to don't break exiting Xfce setup:
{{{
- apt install debian-edu-artwork-bullseye
+ apt autoremove --purge
- }}}
+ }}}
+
+ * Apply and adjust configuration:
+ {{{
+ cf-agent -v -D di,installation
+ }}}
- * After reboot, do some more cleanup:
+ * Setup and configure the Icinga2 web interface:
+ * Run {{{apt install icinga2-ido-mysql}}}, always choose '''No''' if asked by debconf.
+ * Ignore an error message about the ''icingadb'' existence.
+ * Run {{{/usr/share/tools/edu-icinga-setup}}}
+
+ * Get the new Debian Edu Homeworld artwork:
{{{
+ apt install debian-edu-artwork-homeworld
+ apt purge debian-edu-artwork-buster # unless Buster artwork should be kept as an alternative
- apt purge linux-image-4.19.0-*
- apt purge linux-headers-4.19.0-*
- apt --purge autoremove
}}}
+
+ * Cope with new LTSP and related changes, run:
+ {{{
+ rm -f /etc/default/tftpd-hpa # to remove no longer needed modifications
+ rm -rf /var/lib/tftpboot # to remove no longer used tftp base directory
+ dpkg-reconfigure -p low tftpd-hpa # first prompt: keep ''tftp' as system account, second: change TFTP root directory to ''/srv/tftp''
+ # third: keep address and port, last one: enter ''--secure'' as additional option
+ service tftpd-hpa restart
+ rm -rf /opt/ltsp # cleanup old LTSP base directory
+ # The next steps will need quite some execution time.
+ debian-edu-ltsp-install --arch amd64 --diskless_workstation no thin_type bare # if 64-Bit thin client support is wanted
+ debian-edu-ltsp-install --arch i386 --diskless_workstation no thin_type bare # if 32-Bit thin client support is wanted
+ debian-edu-ltsp-install --diskless_workstation yes # to create diskless workstation image from the server's file system
+ debian-edu-pxeinstall # to add PXE installation files add related iPXE menu items
+ }}}
+
+ * Cope with move to iPXE - modify DHCP settings in LDAP, e.g. using an editor like ldapvi. Make sure, DHCP related entries match those contained in the ''/etc/ldap/gosa-server.ldif'' file. Entries concerned are:
+ * 60 cn=dhcp,cn=tjener,ou=servers,ou=systems,dc=skole,dc=skolelinux,dc=no
+ * 81 cn=intern,cn=dhcp,cn=tjener,ou=servers,ou=systems,dc=skole,dc=skolelinux,dc=no
+ * 83 cn=subnet00.intern,cn=dhcp,cn=tjener,ou=servers,ou=systems,dc=skole,dc=skolelinux,dc=no
+ * 85 cn=subnet01.intern,cn=dhcp,cn=tjener,ou=servers,ou=systems,dc=skole,dc=skolelinux,dc=no
+
+ * Cope with GOsa changes - use new gosa.conf, fix LDAP access:
+ * cp /etc/gosa/gosa.conf /etc/gosa/gosa.conf.buster # backup
+ * cp /usr/share/debian-edu-config/gosa.conf.template /etc/gosa/gosa.conf # new gosa.conf file
+ * Search for adminPassword and snapshotAdminPassword in /etc/gosa/gosa.conf and replace $GOSAPWD with the random password found in /etc/gosa/gosa.conf.orig for those entries.
+ * rm /etc/gosa/gosa.secrets
+ * Run {{{gosa-encrypt-passwords}}}
+ * Run {{{service apache2 restart}}}
+
+ * Cope with Kerberos encryption type changes:
+ * cp /etc/krb5kdc/kdc.conf_non-edu /etc/krb5kdc/kdc.conf
+ * sed -i 's/#supported_enctypes/supported_enctypes/' /etc/krb5kdc/kdc.conf
+ * Run {{{service krb5-admin-kdc restart}}}
+
+ * Cope with Samba changes:
+ * Add first user's Samba account: {{{smbpasswd -a <first username>}}}. Once users change their password, the related Samba account will be created.
* Check if the upgraded system works:
Reboot; log in as first user and test
-
* if the GOsa² gui is working,
* if one is able to connect LTSP clients and workstations,
* if one can add/remove a netgroup membership of a system,
@@ -91, +142 @@
=== Upgrading a workstation ===
Do all the basic things like on the main-server and without doing the things not needed.
+ If not yet done, configure the machine to use Kerberos for mounting home directories, see the [[DebianEdu/Documentation/Bullseye/GettingStarted|getting started]] chapter for details.
== Upgrades from older Debian Edu / Skolelinux installations (before Buster) ==
More information about the debian-edu-commits
mailing list