[debian-lan-devel] keeping up to date

Andreas B. Mundt andi.mundt at web.de
Thu Feb 19 18:41:15 UTC 2015 

Hi,

On Wed, Feb 18, 2015 at 11:48:26PM +0000, Boylan, Ross wrote:
> Does Debian-LAN or FAI offer any tools to keep the different systems
> up to date with security and other fixes?

There are many ways to do that:  Either use something like the
'unattended-upgrades' package.  This is IIRC the default for security
updates.  Or use the 'fai softupdate' mechanism [1] for example in a
cron job.  Finally, you can log in as root from the mainserver
without password and execute any command like 'apt-get update &&
apt-get upgrade'.  A simple script does whatever you want
automatically.

> How about larger jumps, like wheezy->jessie?

For the clients, I would recommend to install again.  Probably it's
possible to just do a dist-upgrade, but you might need some cleanup
afterwards.  Running another FAI installation is probably less work.

The mainserver on the other hand is a rather customized machine, but
it contains all data and keys which you probably want to continue to
use.  I would dist-upgrade the machine and fix all issues that turn
up afterwards.  If you want to use new features from the latest
release, you need to figure out how to implement them.  This should be
possible from the fai config space (some stuff is done only when
installing/converting, but you can enable that manually).

There is no  guaranteed and tested way and some know-how is probably
necessary, as there are so many possibilities.  Debian-LAN tries to
use all mechanisms available in Debian to make upgrades work.  It only
adds as few as possible 'glue' to prepare the composed system.  When I
did the upgrade from squeeze->wheezy it worked pretty well -- however,
for a machine providing as many services as the mainserver does, it's
almost guaranteed that something breaks and some cleanup and a few
fixes are unavoidable.

It should also be possible to export all data (mostly LDAP, which
contains the KDC database) and the home directories and import that on
a new installation.  Like using the backup but dropping all that on a
new setup.  But I've never done that.

Finally you could only upgrade the clients but keep the server at a
LTS release [2].  But I also did not test that.


> In case anyone is curious, I'm exploring Debian LAN as a way to
  virtualize the services running on a single machine.  Right now I'm
  mostly trying to learn about Kerberos and LDAP.

Ah OK, interesting.  I think Debian-LAN is a good example how to set
that up.  Depending on size and reliability demands you would split
the services on several (and perhaps redundant) machines.

Regards,

        Andi


[1] http://fai-project.org/fai-guide/_anchor_id_advanced_xreflabel_advanced_advanced_fai.html
    11.2. Using FAI for updates
[2] https://wiki.debian.org/LTS

More information about the debian-lan-devel mailing list