[debian-lan-devel] When I shoot myself in the foot with a softupdate

Andreas B. Mundt andi.mundt at web.de
Thu May 30 17:19:13 UTC 2013 

Hi Julien,

On Thu, May 30, 2013 at 06:21:54PM +0200, Julien Lambot wrote:

> Just a little report on a
> fai -Nv softupdate done on workstation after updating /srv/fai/config on
> the server and adding a CUSTOM class.
>
> TLS was broken, nlscd couldn't connect the server anymore.
> I will go fix that later but I would like to know if I can do a softupdate
> on the server to the latest release without major risks?

To avoid major risks critical configurations like DNS, DHCP and
rc.local are not modified on a softupdate.  However, this means you'll
also miss the latest developments in that area.

> Next time, I will get my pants on and try that on my test environment first.
>
> Andreas,
> Is there something I can do to work on smoothing updates? If yes, how? What
> would be the best procedure?
> (note; I need to work a bit on git to better handle configuration changes)

I would clone the latest git version to a local directory on the
server and check with:

       diff -ur cloned/config/space /srv/fai/config/

what has changed.  I usually use

       diff -qr cloned/condig/space /srv/fai/config/

to check the modified files, and all files I have not customized
myself, I copy to /srv/fai/config/ .  Then it should be fine to run a
softupdate.

However, not all modifications will end up in use by running
fai-softupdate.  So new features need to be added by hand in some
cases.  This might be the modification of /etc/rc.local which makes
the roaming profile available in the PXE menu.  To make it available,
you could try to modify 'scripts/FAISERVER/10-config' to run also on
softupdates.  After that, you need to re-run '/etc/rc.local' and make
sure it recreates the PXE menu. Either, you modify '/etc/rc.local' to
do the work with the chroots already in place or you remove the
chroots /opt/live and /srv/fai/nfsroot/live and then run the script.

If you would like to use dynamic DNS updates you also need some manual
modifications, this time you need to make
'scripts/DNS_SERVER/10-zones' and 'scripts/FAISERVER/40-dhcp' to do
their jobs again.  Note that this will overwrite all the changes added
to the DHCP configuration, so take care!  Perhaps it's simpler to make
another installation on a VM and compare the files which have been
modified (Bind and dhcpd configurations).

A very nice tool to visualize commits is 'gitk'.  You can check
what modifications happened on the mainserver with 'etckeeper vcs
diff' for example (you might want to commit all stuff before you make
the manual update to see the difference and make going back easy).

I hope that with the features that have been implemented now we are
kind of ready at least for wheezy and I do not plan to make further
invasive changes for the time being.  It's kind of unfortunate now
that you need to make this manually (however, only if you would like
to use the new stuff, if not, just leave it as it is).

If you feel this is all too risky, I can offer to write down the steps
when I'll do the procedure described on my system, probably next
week.  For me it's probably much easier, because I did the coding and
if something fails I probably immediately know why and how to fix it
again ...

Best regards,

     Andi

More information about the debian-lan-devel mailing list