Annvix Development Blog

Well, it is entirely possible to do a remote upgrade of an Annvix server using the upgrade script. I just did it for the church I attend (they have a backup server running Annvix) over the lunch hour. The server was 1.2-RELEASE when they left for lunch and was 2.0-CURRENT when they came back from lunch. And I didn’t leave the house (having said that, the server is 10 minutes away so if something did go wrong, I could go there and fix it). I’ve also noticed that I need to make the upgrade script a bit more robust because apt will report an error if an FTP session times out or it can’t retrieve a file (which happened), so I had to cut a few pieces out of the upgrade script that had already been done in order to properly finish the upgrade. Wasn’t difficult to do, just a bit of a PITA, so I think I’ll keep looping and ask if the user wants to continue anyways if an error like that is encountered.

I also went through all of my websites and set them up in vmware to test. Each site passed with flying colors without me having to update a thing, so the apache+php upgrade should work fine (of course, this depends on the web apps involved too). Keeping php-mysql intact paid off (instead of dropping it in favour of just using php-mysqli); there should be no php code changes for the mysql-enabled apps. Also, the mysql upgrade went well; I did dump and restore the databases and ran mysqlcheck on them and everything came out ok.

Courier-imap was a little more interesting, but still didn’t take much time. The old version didn’t have the userdb explicitly noted, but it worked, so I had to add “authuserdb” to the “authmodulelist” line in /etc/courier/authdaemonrc, but beyond that it worked without a hitch. POP3 and POP3S worked fine (I’m assuming IMAP and IMAPS will work as well but I didn’t test them; the big thing with those is the authentication). I still plan to try dovecot, however. Other than that one change to authdaemonrc (and making sure to install courier-authlib-userdb), I didn’t have to change a thing in the configs. I did have to run makeuserdb to regenerate the userdb (was getting a gdbm error), but I think that’s because my webserver is x86_64 and the vmware setup was i586.

The only web issue I encountered was with a php ical-based calendering app. For some reason if you just go to it without any arguments it defaults to 1969 instead of the current year. Not really sure why, but can easily be worked around by linking to it with the current date (nothing showed up in the logs). Keep in mind that the httpd.conf from 2.0 and the same from 2.2 are vastly different. I recommend making a copy of your old httpd.conf and merging in the changes to the new one. Also, if you use mod_security, keep in mind that mod_security2 is a little bit different, so you might want to keep mod_security for a quick upgrade and then look at migrating stuff to mod_security2 (keywords and such are completely different). I suppose it wouldn’t be too difficult to keep both around for the life of 2.x, but mod_security2 is supposedly the better of the two so migrating to it sooner rather than later, especially if you use it, might not be a bad idea.

All in all, I think the webserver upgrade should go nicely. Need to tweak a few little things in the upgrade script, but overall it went extremely well on both the webserver upgrade simulation and the remote upgrade of the church backup server.

In light of this, I fully intend to upgrade the webserver by the end of the week and then unless there is something critical that breaks, will be releasing 2.0-RELEASE next week.

One machine left to upgrade to 2.0 (which is the primary web server). Every other machine I run is now running 2.0-CURRENT; the last of the “big upgrades” (well, second-last) was done this afternoon (my LDAP/DNS/DHCP server for the LAN at home). Upgrade went smooth for the most part… a few changes were made to the upgrade script as a result of this one. A few notes:

The httpd.conf file is sufficiently different that you will want to use the new file not the old one. The old one will cause you grief as a few modules are missing (biggest culprit seems to be mod_access.so); it was easier and faster to start from scratch and merge in the few minor changes.

OpenLDAP seems to be compatible with data from the old version; I did do my slapcat first but didn’t need to remove the old database and slapadd the data; my authentication via LDAP worked without a hitch post-upgrade. There is one caveat, however. The new openldap will absolutely not run on a 2.4 kernel, so you will need to reboot before slapd doesn’t give you errors. Took me a bit to find that out (couldn’t figure out why slapd was dying when I tried to start it).

Samba wasn’t starting either, but that’s since been fixed in svn. For the record, removing the “guest” option to the passdb keyword made all the difference (otherwise smbd will segfault when you start it). Default configs have been updated, but you may need to change local configs.

Beyond that, the upgrade went flawless. I even did it “remotely”; the entire upgrade was done via ssh, rebooted, and it brought the system up properly into 2.0. Now, I’m not sure if I recommend a remote upgrade like that (seems awfully risky to me), but it looks as though it’s doable (how many other Linux distributions can boast that particular feat?).

Of course, please please *PLEASE* be sure to backup before you attempt an upgrade. Things like dumping mysql databases, openldap, etc. should be a must for everyone. I haven’t tried upgrading a running mysql-using system yet, but I think there it would make more sense to do a mysqldump and then import it post-upgrade (openldap was ok because both versions were 2.3.x so compatibility shouldn’t be such a big issue, but please slapcat first anyways). MySQL is going from 4.1.x to 5.0.x so I’d really recommend doing a dump, removing the old database, then creating it all fresh with an import. Likewise for postgresql.

Otherwise, it looks like the upgrade script held up quite nicely. This also means that if I don’t encounter any real problems over the next week, 2.0-RELEASE will most likely come out the first week of February.

You can now subscribe to RSS feeds for subversion by subscribing to:

packages, ports, and tools.

After having googlebot eat up over 40GB by spidering the subversion repository (which also resulted in amazingly high loads), I’ve moved the subversion repository to another system that won’t use the same bandwidth (and CPU) from the main server. So it’s back up now. At the same time I made a few changes to the repositories. I’ve decided that having two repositories (packages and unpackages) didn’t make sense, so I merged unpackages into packages (placing them in a /removed/releases/ tree). Also, for those who had write access to the repository, the URL has changed slightly; it’s now only available over SSL (I’m not sure if it was before). The URL itself will still work, although using svn.annvix.org is probably preferred.

I’m going to try and setup an RSS feed for new commits as well, which could be interesting. Other than that, the machine is a little less powerful than the server it used to be on, but has twice as much RAM so subversion should play quite nicely on it.

Not sure if anyone has noticed (googlebot sure hasn’t) but I’ve dropped the /index.php/ part from the annvix.org website (mediawiki). Looks a little nicer now (http://annvix.org/Home instead of http://annvix.org/index.php/Home). The latter still works, so links and stuff should be fine.

Oh, I’ve also had to take down svn.annvix.org as it was getting hammered by googlebot and was dragging the machine down a bit (load averages of 15.0 and higher)… not to mention sucking up my bandwidth (thanks google, my payment for this month will be higher I’m sure).

I plan to open it again soon, but it’ll be on a different (dedicated) machine at home here where the bandwidth is (presumably) more free than it is at the colo.

I’ve been working on an upgrade script and I think it’s working pretty good. Going to try it on a live system shortly (been trying it in vmware). Feel free to give it a go and let me know if you see anything wrong with it before we start using it to upgrade real systems. =)

1.2-to-2.0-upgrade.sh.

Please provide feedback on the dev@ mailing list if you give it a try.