<div dir="ltr"><div><div><br></div>Hi Andi<br></div>Working again on update (to prepare the real-one) here are the changes I made to let it roll with "fai softupdate"<br><br>diff --git a/scripts/DNS_SERVER/10-zones b/scripts/DNS_SERVER/10-zones<br>
index d69853c..51cd74d 100755 (executable)<br>--- a/scripts/DNS_SERVER/10-zones<br>+++ b/scripts/DNS_SERVER/10-zones<br>@@ -12,8 +12,10 @@ PREFIX2=`echo $SUBNET | cut -d "." --fields=2`<br> FILE="/etc/bind/db.${PREFIX1}.${PREFIX2}"<br>
JOURNAL="/var/lib/bind/db.${PREFIX1}.${PREFIX2}.jnl"<br> <br>-if [ -e $target$FILE ]; then<br>- exit 0<br>+if [ ! "$FAI_ACTION" == "softupdate" ]; then<br>+ if [ -e $target$FILE ]; then<br>
+ exit 0<br>+ fi<br> fi<br> <br> ainsl /etc/bind/named.conf.local "include \"/etc/bind/localzones\";"<br>diff --git a/scripts/FAISERVER/10-config b/scripts/FAISERVER/10-config<br>index b8288ed..148261b 100755 (executable)<br>
--- a/scripts/FAISERVER/10-config<br>+++ b/scripts/FAISERVER/10-config<br>@@ -4,7 +4,7 @@ set -e<br> <br> fcopy -r /etc/fai<br> <br>-if [ "$FAI_ACTION" == "install" ] || [ "$CONVERT" == "true" ] ; then<br>
+if [ "$FAI_ACTION" == "install" ] || [ "$CONVERT" == "true" ] || [ "$FAI_ACTION" == "softupdate" ]; then<br> ## fetch template and insert 'number' of workstations:<br>
fcopy /etc/rc.local<br> sed -i "s/WS_RANGE/${WS_RANGE}/g" $target/etc/rc.local<br>diff --git a/scripts/FAISERVER/40-dhcp b/scripts/FAISERVER/40-dhcp<br>index e8b0750..6826397 100755 (executable)<br>--- a/scripts/FAISERVER/40-dhcp<br>
+++ b/scripts/FAISERVER/40-dhcp<br>@@ -1,9 +1,10 @@<br> #!/bin/bash<br> <br> set -e<br>-<br>-if [ -e $target/etc/dhcp/dhcpd.conf_orig ]; then<br>- exit 0<br>+if [ ! "$FAI_ACTION" == "softupdate" ]; then<br>
+ if [ -e $target/etc/dhcp/dhcpd.conf_orig ]; then<br>+ exit 0<br>+ fi<br> fi<br> <br> ## Create keys for dynamic DNS update:<br>@@ -17,9 +18,11 @@ set -e<br> DIR=\$(pwd)<br> cd $DATADIR<br> <br>-if ls Kdhcp_updater* 2> /dev/null ; then<br>
- echo "Key exists already, nothing done!"<br>- exit 1<br>+if [ ! "$FAI_ACTION" == "softupdate" ]; then<br>+ if ls Kdhcp_updater* 2> /dev/null ; then<br>+ echo "Key exists already, nothing done!"<br>
+ exit 1<br>+ fi<br> fi<br> <br> KEYFILE=\$(dnssec-keygen -a HMAC-MD5 -b 128 -r /dev/urandom -n USER DHCP_UPDATER).private<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Aug 23, 2013 at 1:36 PM, Julien Lambot <span dir="ltr"><<a href="mailto:jlambot@gmail.com" target="_blank">jlambot@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>Hello Andy<br><br></div>The upgrade went (nearly) without issues on the lab.<br></div>
Main concerns (for the tests I've made until now) are ldap certificates<br></div><div>Therefore, I reverted to the previous version of the configuration (within /etc/ldap/ssl/...) and clients can connect.<br>
The only main bug remaining is nslcd which, despites my tries, still doesn't bind the server (seems the certificate isn't valid)<br></div><div>Although on the server I can successfully bind the server through TLS.<br>
<br></div><div>Thereby, I modified some server side scripts with a "FAI_ACTION = Softupdate" clause in order to be able to update a running config. They seems to work OK.<br><br></div><div>I'm still busy with issues on clients sides.<br>
</div><div>Some packages were added (like e.g.: alsa-utils which is required to keep mixer settings,...)<br></div><div>Further testings of the client environment will be made in order to:<br>- access possible CIFS shared printers (I had issues with the current stable ghostscript version).<br>
</div><div>- give the GNOME desktop more taste of ubuntu, as my users are, well, a little foolish :) But they would like calendar integration and such wistles and bells.<br><br></div><div>Sorry for this late and short report. I will give more detailed info asap.<br>
<br></div><div>Greetings<span class="HOEnZb"><font color="#888888"><br><br>Julien<br></font></span></div><div><br></div></div><br>
</div><div class="gmail_extra"><br><br><div class="gmail_quote"><div class="im">On Thu, Jul 25, 2013 at 9:04 AM, Andreas B. Mundt <span dir="ltr"><<a href="mailto:andi.mundt@web.de" target="_blank">andi.mundt@web.de</a>></span> wrote:<br>
</div><div><div class="h5"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello Julien,<br>
<br>
On Fri, Jul 12, 2013 at 05:42:46PM +0200, Julien Lambot wrote:<br>
<br>
> I'm working on the update of debian-lan version 0.12<br>
> The release that I installed was the one available around end of April.<br>
><br>
<br>
I 'upgraded' my system (installed May 11) here and it seems to work<br>
fine. I made some notes about the steps. You might have to modify<br>
some steps depending on your setup, but the general way should be the<br>
same. Please do not hesitate to ask if something is unclear.<br>
<br>
Best regards and good luck,<br>
<br>
Andi<br>
<br>
<br>
------------- HowTo upgrade to latest git ---------------<br>
<br>
Log into the mainserver, and then:<br>
<br>
cd /srv/fai/config/<br>
<br>
First make sure you save the latest local modifications of the<br>
config space, use:<br>
<br>
git status<br>
git diff<br>
git commit<br>
<br>
Then, overwrite the old stuff with the latest contents in git:<br>
(Use 'git clone git://<a href="http://git.debian.org/git/collab-maint/debian-lan" target="_blank">git.debian.org/git/collab-maint/debian-lan</a>' in<br>
/tmp for example).<br>
<br>
cp -r /path/to/debian-lan/fai/config/* /srv/fai/config/<br>
<br>
Now check what has been modified, step by step, modify files if needed:<br>
<br>
git status class/<br>
git diff class/<br>
<br>
Add/modify in SERVER_A.var the following lines:<br>
MAINSERVER_IPADDR="10.0.0.1"<br>
GATEWAY="10.0.0.1"<br>
<br>
Same for all subrirectories. If you would like to keep a file, use:<br>
git checkout -- files/etc/apt/sources.list/CLIENT_A files/etc/apt/sources.list/SERVER_A<br>
git checkout -- package_config/EDU<br>
git checkout -- package_config/PROXY<br>
<br>
Then add all new files to the index:<br>
git add class/GATEWAY_A.var class/ROAMING.var debconf/GATEWAY_A disk_config/GATEWAY_A disk_config/ROAMING files/etc/apt/sources.list/GATEWAY_A files/etc/motd/GATEWAY_A files/etc/sssd/ files/usr/share/ package_config/FIREWALL package_config/GATEWAY_A package_config/ROAMING scripts/DNS_SERVER/30-forwarders scripts/FIREWALL/ scripts/GATEWAY_A/ scripts/ROAMING/<br>
<br>
Remove deprecated file:<br>
git rm debconf/DESKTOP<br>
<br>
Check all remaining modifications and commit all:<br>
git commit -a<br>
<br>
Check your modifications to debian-lan repository:<br>
diff -ru /path/to/debian-lan/fai/config/ . |less<br>
<br>
If all is fine, run<br>
fai -vN softupdate<br>
<br>
Check if all it went fine so far:<br>
less /var/log/fai/mainserver/softupdate-20130724_100547/fai.log<br>
<br>
==========================================<br>
Now enable the firewall, new DHCP and new DNS. First, check<br>
configurations in /etc/:<br>
etckeeper vcs status<br>
<br>
Make sure that all modifications are commited, to go back if something fails.<br>
After that, modify the if ...; .... ; fi at the beginning to enable<br>
the following scripts:<br>
<br>
git status<br>
# modified: scripts/DNS_SERVER/10-zones<br>
# modified: scripts/FAISERVER/40-dhcp<br>
# modified: scripts/FAISERVER/10-config<br>
# modified: scripts/FIREWALL/10-config<br>
<br>
Now run again:<br>
fai -vN softupdate<br>
<br>
## Check modifications (already commited, so figure out the relevant<br>
commit from the log):<br>
etckeeper vcs log<br>
--> etckeeper vcs diff 807ee94ecce17d8fb<br>
<br>
## Reset config space:<br>
cd /srv/fai/config/<br>
git reset --hard<br>
<br>
## Check firewall interfaces (external/internal):<br>
less /etc/shorewall/params<br>
<br>
## Check DNS:<br>
Copy MACs from dhcpd.conf_orig (or earlier git commit) to the new dhcpd.conf<br>
<br>
## Recreate chroots:<br>
rm -r /srv/fai/nfsroot<br>
rm -r /opt/live<br>
rm /srv/tftp/fai/pxelinux.cfg/diskless.tmpl<br>
/etc/rc.local<br>
<br>
That's it, reboot and check if anything still works fine!<br>
Here, it seems to have worked fine.<br>
<br>
------------------<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
debian-lan-devel mailing list<br>
<a href="mailto:debian-lan-devel@lists.alioth.debian.org" target="_blank">debian-lan-devel@lists.alioth.debian.org</a><br>
<a href="http://lists.alioth.debian.org/mailman/listinfo/debian-lan-devel" target="_blank">http://lists.alioth.debian.org/mailman/listinfo/debian-lan-devel</a><br>
</blockquote></div></div></div><br></div>
</blockquote></div><br></div>