Upgrade tool module

testing
v6

(Davide Principi) #1

NethServer 6 has a new BETA module: Upgrade tool!

As you may expect, it upgrades the running system to NethServer 7 with the so-called “in-place” or “live” upgrade procedure.

:warning: Why BETA? Because a live upgrade is dangerous and might lead to data loss: we must test it in controlled environments before using it in production!

The module has now a dedicated page in the Admin’s manual:

http://docs.nethserver.org/en/v6/upgrade_tool.html


Once installed from the Software Center it decides what kind of accounts provider the system requires.

A local AD accounts provider wants a green bridge interface:

Once the bridge interface has been defined the other parameters for AD are requested:

The local LDAP accounts provider does not require any additional information: only the “PREPARE UPGRADE” button is visible.

The free disk space is checked twice: before and after RPMs download. The first check is rounded up to avoid the second one to fail.

When the upgrade is ready to start two choices are available:

Refer to the manual page for more information!

This is an accelerated video of the upgrade procedure

See also:


Testing the NS6 to NS7 Migration tool
Development Updates - 11 December 2018
Upgrade paths to ns7
Testing the NS6 to NS7 Migration tool
Testing the NS6 to NS7 Migration tool
(Davide Principi) #2

There are a couple of ns6 bugs that we must be aware of and occur when a green Ethernet interface is enslaved as part of the green bridge:

  • If DHCP server listens on the enslaved interface it stops working
  • if the enslaved interface is used by a firewall zone definition Shorewall fails to start

Both bugs can be fixed in v6. The first one is already fixed in v7.

Edit,


(Alessio Fattorini) #3

Is there anyone who have tested @davidep’s effort? it would be great to collect some experience


(Alessio Fattorini) pinned globally #4

#5

I have a production vm mail server with LDAP and a few accounts with 10’s of thousands of emails, in fact, it’s my last operational v6,… I’d like to upgrade, particularly because of the improved spam filtering, but as anyone can understand there’ll be hours of verification post upgrade, the earliest I’ll be able to do so will be around our Thanksgiving time, but it’s definitely on the agenda.


(Davide Principi) #6

I recommend to double check the available docs,

http://docs.nethserver.org/en/v6/upgrade_tool.html

It is a work-in-progress, check its changelog too:

https://github.com/NethServer/docs/commits/v6/administrator-manual/en/upgrade_tool.rst

Keep an eye on open bugs too!


(Rob Bosch) #7

During the Ambassador hangout we had today, the migration tool created by @davidep was discussed. Davide gave some more background info and during this discussion we came to questions like: what will happen if you have a NethServer6 server running with 1 or more modules/packages that are not available through servermanager.
There are many community modules or even only installation howto’s for several applications. The big question will be, WHAT IF… you have an application running on NethServer6 and you wnt to migrate to NethServer 7. What will the tool do with the application.
The only sensible thing is: TEST it before you do a life migration.

In order to get some more insight on what modules and applications can be migrated successfully I would like to ask you all to try migrations of NethServer6 to NethServer7 running different modules and applications and report back if the migration succeeds and if not, what problems you run into.

I do understand that probably most of us already run NethServer7, but in the near future we will face something similar for moving from NethServer7 to NethServer8. Every experience with the current migration tool is important to be able to create a tool for NS7 to NS8 too.

When testing, please update to NS6 latest patchlevel and tell what kind of module(s) and application(s) you have running.


(Michael Träumner) #8

I think if some people have tested we should create a list with working and non working apps.


(Rob Bosch) #9

I already started testing. First the obvious scenario(s):
plain NS6.10, fully updated and run the migration tool. This worked like a charm (not surprisingly… :wink: )
Next thing will be adding the NS6 account provider and add some modules from software center. Since this has been tested by Davide, I expect that to work too. For me these are only options to get familiar with the migration tool behavior.
Then I will add a few other applications that are not listed in software center, and see how things behave then.
Anyone who wants to test a specific scenario, please do so!

BTW testing using proxmox and a fully updated template for NS6.10 is a pleasure to work with…


(Alessio Fattorini) #10

What about a wiki post with a list of tested app and a :white_check_mark: ?


(Michael Träumner) #11

This is a good idea I think


(Davide Principi) split this topic #12

3 posts were split to a new topic: Access only by NETBIOS\user


(Davide Principi) #13

There is a new Upgrade tool beta 2 version available from nethserver-testing (6.10)

There are some packages to update: http://dev.nethserver.org/projects/nethserver/issues?query_id=27

After installing the Upgrade tool run:

yum --enablerepo=nethserver-testing update

Then proceed with the Prepare step as usual.

See also https://github.com/NethServer/dev/issues/5640


(Davide Principi) #14

New release is coming: I’m testing the ns6 upgrade tool against 7.6


(Davide Principi) #15

The upgrade tool “beta 2” has been released in ns 6.10 repositories


#16

This weekend I fired off the upgrade on a production 6.9 mail and web server.
I would rate it at 98%+ successful, enough that I kept in online @ 7.6.1810 final.
Root dir had only 44mb available, had to remove 12 kernels to fire upgrade.
Since it was a web server with file server, it required adding an interface for the samba dc upgrade… that required some thought because I already have a NS DC on the local network but on another subnet. Not really an issue.
That also killed access to a created share that was hosting a deprecated website. I haven’t worked that out yet, low priority.
The upgrade did knock out 10% of the users passwords… set them back to unset, as if newly created, once a password was set, access to mail was reacquired.
Some 50% of mail filters created with roundcube were broken.
Spam and Virus filters were fine but it wipe out my list of banned files… annoying, I haven’t a copy and I had about 30 file extension in the list.
Backups were successful though restore hasn’t been tested, it appears the data is available for restore, I use vm copies distributed around as well.
Still has messed up time in the dashboard for the cron that came with the last backup update.
Statistics are fine.
Only fail/error found was for the ntop db, I had removed ntop because it wasn’t being used and its db file was getting up to 6GB.
I call it a success and nobody in that office noticed today so there ya go.


#17

@davidep

Regarding the share on this upgraded server… I can’t access it from win10 non-joined or ubuntu non-joined, win10 will not even show the shares but ubuntu does list the shares in nautilus, I created another share, I can’t access that one either from any clients.
Both the shares, the one created before the upgrade and the one I created as a test after the upgrade, post several reboots… are being created by root, instead of administrator@domain. That doesn’t seem right, the group is correct, but the owner is root on the upgraded server. I also realized the administrator password wasn’t set, I set a pwd, even rebooted the server, but shares are still created as owned by root.


(Federico Ballarini) #18

Hi @fasttech
After upgrade have you check initialization with command systemd-analyze ?
If it was ok, how are you trying to access to shares?

I’ve updated 5 servers from 6.10 to 7.5 and then 7.6 and I haven’t got any problem with non-joined computers.
You can access to share with NETBIOS\username or username@ad.domain.ext and user password.
You shouldn’t have problem.

For website access, you can try to migrate folder to a Virtual Host (and then if u have to access files from external network without VPN you can connect Nextcloud to SMB share and connect with it).

I suggest you also to re-set permissions on shares with server manager.


#19

Well I see it’s not an issue of root ownership. The other 7.6 server on the other subnet is also creating shares as root and I can access those from the same clients, not sure how the original shares on the other server were created as administrator since I’m always logging in as root on these.


(Davide Principi) #20

I agree. Please look also at http://docs.nethserver.org/en/v7/shared_folder.html#administrative-access to allow members of Domain Admins to impersonate “root” over SMB connections. Once they’re granted file ownership they have full control over them.

See also

http://docs.nethserver.org/en/v7/shared_folder.html#change-resource-permissions-from-windows-clients

Apart from typing the user name as described by @federico.ballarini and the manual, how do you access the share?

 \\192.168.1.2\sharename

or

 \\myserver\sharename 

I suggest to try the latter. Check that “myserver” actually resolves to “192.168.1.2”.

Also ensure that “myserver” is listed in klist -k output as “host/myserver@ADREALM”…