Weblog entry #146 for simonw
See all weblog entries made by simonw.
#146
Sarge to Etch - Upgrade Number 2
Posted by simonw on Sat 17 Feb 2007 at 01:59
Having discovered that logcheck in Etch won't complain about my email user names with a "@" in from dovecot, I felt obliged to upgrade my email server early, especially since I need a newer PHP and MySQL for a little project....
Box is small "user mode linux" system, hosts a handful of websites, everything is in a 2GB filesystem. Runs Postfix/Postgrey/Dovecot/Squirrelmail for my own families email needs. Runs Postgres (for some email stuff). Runs MySQL, for website which is custom MySQL stuff. So a simple general purpose Sarge box.
1) Backup Usermode linux image before any major changes!
2) Remove any fluff so you don't waste time with it.
apt-get remove --purge mailman
Installed Deborphan, and removed stray packages.
apt-get clean
921MB free in "/"
cat /proc/version -> Linux version 2.4.26-3um
3) Check all listening services are as expected - no fluff
(netstat -anp).
4) Find out what is new
vi /etc/apt/source.list %s/sarge/etch/g
(I always use named releases in sources.list)
apt-get update
apt-get -s dist-upgrade suggests
334 upgraded, 83 newly installed, 11 to remove and 2 not upgraded.
Removal includes apache2 stuff being replaced with apache2.2 (Finally!).
5) Get on with it
apt-get --download-only dist-upgrade # Let us get everything local first
apt-get dist-upgrade
6) Note all the complaints and warnings as they happen.
Warning Xserver package might be missing (its a servers - what do I care)
Warning ProFTP config can't be upgraded (we use it for website uploads and anon ftp, I'll use vsftpd if it doesn't "just work").
MySQL wants an admin password.
May need courier-authlib-X X=postgresql ?!
Sysstat format change - lose old sysstat data.
phpmyadmin - wants admin user credentials created.
Libc update didn't detect Postgresql - even though it was running?!
No Postfix config upgrade!
Postfix added missing entries for master.cf anyway, which is the only difficult bit of Postfix config apart from those damned saslauthd settings.
No to Apache config update (might be safe to accept?)
Webserver start failed (again)
Ditto PHP ini files for php4 and apache2 (kept current)
Ditto Dovecot
Fail2Ban -- see /usr/share/doc/fail2ban/News.Debian.gz
logcheck
Accept new versions as the manual additions were covered by new changes
Saslauthd
Kept current - as lots of Postfix changes in there.
SquirrelMail
Kept current filters file.
7) Take stock
Postfix SMTP Auth is dead (saslauthd issue?)
Dovecot is dead (config file issue)
Apache is running fine
sshd is running fine (the UML was remote)
Proftpd is running fine
Postfix is running fine
MySQL is running fine
8) Start the fix up
Stop Postfix (since it is in a funny state)
Add "soft_bounce = yes" to /etc/postfix/main.cf
(could and should have done this before upgrade!).
Copied the old /etc/dovecot/dovecot.conf file out, and the copy dpkg saved into place, and made consistent changes. Basically the "IMAP" and "POP" settings are now in their own sections, and I just needed to copy the setting that were global into the IMAP protocol section. Not difficult, but something to prepare and pretest in a commercial support setting.
The Postfix SASLAUTH stuff was FUBARed, but Postfix can now use Dovecot for auth, so rather than fight to fix the new saslauthd settings I followed the URL below to make dovecot the auth provider for Postfix. This is simpler than the saslauthd settings. I think it makes sense for all email auth settings to be in one place, so I will look at using the Dovecot LDA at some point as well, now I have Etch, so that all email location and authentication data is kept in Dovecots configuration, and Postfix just handles the exchange of email with other mail servers (which is what it is best at!), and accepting it from end users who authorize with their dovecot credentials.
http://www.postfix.org/SASL_README.html#versions
apt-get remove --purge sasl2-bin # Yea - less stuff
Start and test Postfix (Don't forget to remove soft_bounce when happy).
"netstat -anp" - nothing unexpected listening to the outside world!
9) Now to start using Etch's new software!
apt-get install php5 libapache2-mod-php5
apt-get remove --purge php4 # and other php4 packages
apt-get install phpmyadmin # removed by previous php4 removal?!
I probably ought to reboot now to make sure the UML is happy.
Conclusions
625MB available
apt-get clean
835MB available
So about 300MB for the upgrade, and about 100MB fatter afterwards, the "apt-get clean" was just to see what it would do, I'd usually keep all the packages local after such a big update.
There were none trivial changes to Postfix, and Dovecot configs, but otherwise the upgrade was straight forward. Although I'm conscious always that these upgrades tend to leave one with less than ideal config files, since life is too short to diff, and merge, every new config file setting. I was able to simplify the configuration, because Postfix, and Dovecot, are more advanced in Etch, than Sarge, so I am already reaping some dividend from the upgrade (oh and the logcheck emails have diminished as expected).
Whole exercise, including download time, research, and documentation, took nearly 5 hours, but I did find time to do some reading, play games, etc, whilst it was downloading and installing. It is unclear how much of that was downtime for the web server. Email was effectively down for most of the period. Clearly the download time doesn't need to impact on the down time, since it is all downloaded before it is applied. With a test server to prepare Postfix, and Dovecot configs, and more powerful box (not a UML instance), the absolute downtime could probably be kept down to 30 minutes or so (less for the websites). Certainly I think it can be kept acceptably low for my employers commercial webhosting, so we can copy the live data to the backup server, and then upgrade the live server in situ, once all the web applications are tested to work in Etch (Arghh.....). Which makes for a simple upgrade path, and we won't have to switch service between the live and backup servers.
Box is small "user mode linux" system, hosts a handful of websites, everything is in a 2GB filesystem. Runs Postfix/Postgrey/Dovecot/Squirrelmail for my own families email needs. Runs Postgres (for some email stuff). Runs MySQL, for website which is custom MySQL stuff. So a simple general purpose Sarge box.
1) Backup Usermode linux image before any major changes!
2) Remove any fluff so you don't waste time with it.
apt-get remove --purge mailman
Installed Deborphan, and removed stray packages.
apt-get clean
921MB free in "/"
cat /proc/version -> Linux version 2.4.26-3um
3) Check all listening services are as expected - no fluff
(netstat -anp).
4) Find out what is new
vi /etc/apt/source.list %s/sarge/etch/g
(I always use named releases in sources.list)
apt-get update
apt-get -s dist-upgrade suggests
334 upgraded, 83 newly installed, 11 to remove and 2 not upgraded.
Removal includes apache2 stuff being replaced with apache2.2 (Finally!).
5) Get on with it
apt-get --download-only dist-upgrade # Let us get everything local first
apt-get dist-upgrade
6) Note all the complaints and warnings as they happen.
Warning Xserver package might be missing (its a servers - what do I care)
Warning ProFTP config can't be upgraded (we use it for website uploads and anon ftp, I'll use vsftpd if it doesn't "just work").
MySQL wants an admin password.
May need courier-authlib-X X=postgresql ?!
Sysstat format change - lose old sysstat data.
phpmyadmin - wants admin user credentials created.
Libc update didn't detect Postgresql - even though it was running?!
No Postfix config upgrade!
Postfix added missing entries for master.cf anyway, which is the only difficult bit of Postfix config apart from those damned saslauthd settings.
No to Apache config update (might be safe to accept?)
Webserver start failed (again)
Ditto PHP ini files for php4 and apache2 (kept current)
Ditto Dovecot
Fail2Ban -- see /usr/share/doc/fail2ban/News.Debian.gz
logcheck
Accept new versions as the manual additions were covered by new changes
Saslauthd
Kept current - as lots of Postfix changes in there.
SquirrelMail
Kept current filters file.
7) Take stock
Postfix SMTP Auth is dead (saslauthd issue?)
Dovecot is dead (config file issue)
Apache is running fine
sshd is running fine (the UML was remote)
Proftpd is running fine
Postfix is running fine
MySQL is running fine
8) Start the fix up
Stop Postfix (since it is in a funny state)
Add "soft_bounce = yes" to /etc/postfix/main.cf
(could and should have done this before upgrade!).
Copied the old /etc/dovecot/dovecot.conf file out, and the copy dpkg saved into place, and made consistent changes. Basically the "IMAP" and "POP" settings are now in their own sections, and I just needed to copy the setting that were global into the IMAP protocol section. Not difficult, but something to prepare and pretest in a commercial support setting.
The Postfix SASLAUTH stuff was FUBARed, but Postfix can now use Dovecot for auth, so rather than fight to fix the new saslauthd settings I followed the URL below to make dovecot the auth provider for Postfix. This is simpler than the saslauthd settings. I think it makes sense for all email auth settings to be in one place, so I will look at using the Dovecot LDA at some point as well, now I have Etch, so that all email location and authentication data is kept in Dovecots configuration, and Postfix just handles the exchange of email with other mail servers (which is what it is best at!), and accepting it from end users who authorize with their dovecot credentials.
http://www.postfix.org/SASL_README.html#versions
apt-get remove --purge sasl2-bin # Yea - less stuff
Start and test Postfix (Don't forget to remove soft_bounce when happy).
"netstat -anp" - nothing unexpected listening to the outside world!
9) Now to start using Etch's new software!
apt-get install php5 libapache2-mod-php5
apt-get remove --purge php4 # and other php4 packages
apt-get install phpmyadmin # removed by previous php4 removal?!
I probably ought to reboot now to make sure the UML is happy.
Conclusions
625MB available
apt-get clean
835MB available
So about 300MB for the upgrade, and about 100MB fatter afterwards, the "apt-get clean" was just to see what it would do, I'd usually keep all the packages local after such a big update.
There were none trivial changes to Postfix, and Dovecot configs, but otherwise the upgrade was straight forward. Although I'm conscious always that these upgrades tend to leave one with less than ideal config files, since life is too short to diff, and merge, every new config file setting. I was able to simplify the configuration, because Postfix, and Dovecot, are more advanced in Etch, than Sarge, so I am already reaping some dividend from the upgrade (oh and the logcheck emails have diminished as expected).
Whole exercise, including download time, research, and documentation, took nearly 5 hours, but I did find time to do some reading, play games, etc, whilst it was downloading and installing. It is unclear how much of that was downtime for the web server. Email was effectively down for most of the period. Clearly the download time doesn't need to impact on the down time, since it is all downloaded before it is applied. With a test server to prepare Postfix, and Dovecot configs, and more powerful box (not a UML instance), the absolute downtime could probably be kept down to 30 minutes or so (less for the websites). Certainly I think it can be kept acceptably low for my employers commercial webhosting, so we can copy the live data to the backup server, and then upgrade the live server in situ, once all the web applications are tested to work in Etch (Arghh.....). Which makes for a simple upgrade path, and we won't have to switch service between the live and backup servers.