[debian-lan-devel] Upgrade Debian-LAN to the latest git config space (Re: Was: When I shoot myself in the foot with a softupdate)

Julien Lambot jlambot at gmail.com
Sun Sep 22 21:46:49 UTC 2013 

Hi Andi
Working again on update (to prepare the real-one) here are the changes I
made to let it roll with "fai softupdate"

diff --git a/scripts/DNS_SERVER/10-zones b/scripts/DNS_SERVER/10-zones
index d69853c..51cd74d 100755 (executable)
--- a/scripts/DNS_SERVER/10-zones
+++ b/scripts/DNS_SERVER/10-zones
@@ -12,8 +12,10 @@ PREFIX2=`echo $SUBNET | cut -d "." --fields=2`
 FILE="/etc/bind/db.${PREFIX1}.${PREFIX2}"
 JOURNAL="/var/lib/bind/db.${PREFIX1}.${PREFIX2}.jnl"

-if [ -e $target$FILE ]; then
-    exit 0
+if [ ! "$FAI_ACTION" == "softupdate" ]; then
+    if [ -e $target$FILE ]; then
+        exit 0
+    fi
 fi

 ainsl /etc/bind/named.conf.local "include \"/etc/bind/localzones\";"
diff --git a/scripts/FAISERVER/10-config b/scripts/FAISERVER/10-config
index b8288ed..148261b 100755 (executable)
--- a/scripts/FAISERVER/10-config
+++ b/scripts/FAISERVER/10-config
@@ -4,7 +4,7 @@ set -e

 fcopy -r /etc/fai

-if [ "$FAI_ACTION" == "install" ] || [ "$CONVERT" == "true" ] ; then
+if [ "$FAI_ACTION" == "install" ] || [ "$CONVERT" == "true" ] || [
"$FAI_ACTION" == "softupdate" ]; then
     ## fetch template and insert 'number' of workstations:
     fcopy  /etc/rc.local
     sed -i "s/WS_RANGE/${WS_RANGE}/g" $target/etc/rc.local
diff --git a/scripts/FAISERVER/40-dhcp b/scripts/FAISERVER/40-dhcp
index e8b0750..6826397 100755 (executable)
--- a/scripts/FAISERVER/40-dhcp
+++ b/scripts/FAISERVER/40-dhcp
@@ -1,9 +1,10 @@
 #!/bin/bash

 set -e
-
-if [ -e $target/etc/dhcp/dhcpd.conf_orig ]; then
-    exit 0
+if [ ! "$FAI_ACTION" == "softupdate" ]; then
+   if [ -e $target/etc/dhcp/dhcpd.conf_orig ]; then
+       exit 0
+   fi
 fi

 ## Create keys for dynamic DNS update:
@@ -17,9 +18,11 @@ set -e
 DIR=\$(pwd)
 cd $DATADIR

-if ls Kdhcp_updater* 2> /dev/null ; then
-    echo "Key exists already, nothing done!"
-    exit 1
+if [ ! "$FAI_ACTION" == "softupdate" ]; then
+   if ls Kdhcp_updater* 2> /dev/null ; then
+       echo "Key exists already, nothing done!"
+       exit 1
+   fi
 fi

 KEYFILE=\$(dnssec-keygen -a HMAC-MD5 -b 128 -r /dev/urandom -n USER
DHCP_UPDATER).private


On Fri, Aug 23, 2013 at 1:36 PM, Julien Lambot <jlambot at gmail.com> wrote:

> Hello Andy
>
> The upgrade went (nearly) without issues on the lab.
> Main concerns (for the tests I've made until now) are ldap certificates
> Therefore, I reverted to the previous version of the configuration (within
> /etc/ldap/ssl/...) and clients can connect.
> The only main bug remaining is nslcd which, despites my tries, still
> doesn't bind the server (seems the certificate isn't valid)
> Although on the server I can successfully bind the server through TLS.
>
> Thereby, I modified some server side scripts with a "FAI_ACTION =
> Softupdate" clause in order to be able to update a running config. They
> seems to work OK.
>
> I'm still busy with issues on clients sides.
> Some packages were added (like e.g.: alsa-utils which is required to keep
> mixer settings,...)
> Further testings of the client environment will be made in order to:
> - access possible CIFS shared printers (I had issues with the current
> stable ghostscript version).
> - give the GNOME desktop more taste of ubuntu, as my users are, well, a
> little foolish :) But they would like calendar integration and such wistles
> and bells.
>
> Sorry for this late and short report. I will give more detailed info asap.
>
> Greetings
>
> Julien
>
>
>
>
> On Thu, Jul 25, 2013 at 9:04 AM, Andreas B. Mundt <andi.mundt at web.de>wrote:
>
>> Hello Julien,
>>
>> On Fri, Jul 12, 2013 at 05:42:46PM +0200, Julien Lambot wrote:
>>
>> > I'm working on the update of debian-lan version 0.12
>> > The release that I installed was the one available around end of April.
>> >
>>
>> I 'upgraded' my system (installed May 11) here and it seems to work
>> fine.  I made some notes about the steps.  You might have to modify
>> some steps depending on your setup, but the general way should be the
>> same.  Please do not hesitate to ask if something is unclear.
>>
>> Best regards and good luck,
>>
>>      Andi
>>
>>
>> ------------- HowTo upgrade to latest git ---------------
>>
>> Log into the mainserver, and then:
>>
>> cd /srv/fai/config/
>>
>> First make sure you save the latest local modifications of the
>> config space, use:
>>
>>        git status
>>        git diff
>>        git commit
>>
>> Then, overwrite the old stuff with the latest contents in git:
>> (Use 'git clone git://git.debian.org/git/collab-maint/debian-lan' in
>> /tmp for example).
>>
>>       cp -r /path/to/debian-lan/fai/config/* /srv/fai/config/
>>
>> Now check what has been modified, step by step, modify files if needed:
>>
>>     git status class/
>>     git diff class/
>>
>> Add/modify in SERVER_A.var the following lines:
>>     MAINSERVER_IPADDR="10.0.0.1"
>>     GATEWAY="10.0.0.1"
>>
>> Same for all subrirectories.  If you would like to keep a file, use:
>>      git checkout --  files/etc/apt/sources.list/CLIENT_A
>> files/etc/apt/sources.list/SERVER_A
>>      git checkout -- package_config/EDU
>>      git checkout -- package_config/PROXY
>>
>> Then add all new files to the index:
>> git add class/GATEWAY_A.var class/ROAMING.var debconf/GATEWAY_A
>> disk_config/GATEWAY_A disk_config/ROAMING
>> files/etc/apt/sources.list/GATEWAY_A files/etc/motd/GATEWAY_A
>> files/etc/sssd/ files/usr/share/ package_config/FIREWALL
>> package_config/GATEWAY_A package_config/ROAMING
>> scripts/DNS_SERVER/30-forwarders scripts/FIREWALL/ scripts/GATEWAY_A/
>> scripts/ROAMING/
>>
>> Remove deprecated file:
>>        git rm debconf/DESKTOP
>>
>> Check all remaining modifications and commit all:
>>       git commit -a
>>
>> Check your modifications to debian-lan repository:
>>       diff -ru /path/to/debian-lan/fai/config/ . |less
>>
>> If all is fine, run
>>       fai -vN softupdate
>>
>> Check if all it went fine so far:
>>       less /var/log/fai/mainserver/softupdate-20130724_100547/fai.log
>>
>> ==========================================
>> Now enable the firewall, new DHCP and new DNS.  First, check
>> configurations in /etc/:
>>       etckeeper vcs status
>>
>> Make sure that all modifications are commited, to go back if something
>> fails.
>> After that, modify the if ...; .... ; fi at the beginning to enable
>> the following scripts:
>>
>>      git status
>> #       modified:   scripts/DNS_SERVER/10-zones
>> #       modified:   scripts/FAISERVER/40-dhcp
>> #       modified:   scripts/FAISERVER/10-config
>> #       modified:   scripts/FIREWALL/10-config
>>
>> Now run again:
>>       fai -vN softupdate
>>
>> ## Check modifications (already commited, so figure out the relevant
>> commit from the log):
>>        etckeeper vcs log
>>    --> etckeeper vcs diff 807ee94ecce17d8fb
>>
>> ## Reset config space:
>> cd /srv/fai/config/
>> git reset --hard
>>
>> ## Check firewall interfaces (external/internal):
>> less /etc/shorewall/params
>>
>> ## Check DNS:
>> Copy MACs from dhcpd.conf_orig (or earlier git commit) to the new
>> dhcpd.conf
>>
>> ## Recreate chroots:
>>    rm -r /srv/fai/nfsroot
>>    rm -r /opt/live
>>    rm /srv/tftp/fai/pxelinux.cfg/diskless.tmpl
>>    /etc/rc.local
>>
>> That's it, reboot and check if anything still works fine!
>> Here, it seems to have worked fine.
>>
>> ------------------
>>
>>
>>
>>
>> _______________________________________________
>> debian-lan-devel mailing list
>> debian-lan-devel at lists.alioth.debian.org
>> http://lists.alioth.debian.org/mailman/listinfo/debian-lan-devel
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/debian-lan-devel/attachments/20130922/01b76c73/attachment.html>

More information about the debian-lan-devel mailing list