Upgrading from Debian Woody to Sarge
Yesterday I upgraded two of our servers to the latest stable Debian release codenamed Sarge. The significant changes affecting us are the migration from Exim 3 to Exim 4, MySQL 3 to MySQL 4, and Apache 1 to Apache 2.
The first server was our on-site Dell Poweredge 2600. After modifying the sources.list file to refer to sarge rather than woody, I ran apt-get dist-upgrade. The difficult part of this process is always deciding for many packages whether to stick with your current configuration files or clobbering them with the package maintainer's version. A useful diff tool is provided that often makes this decision more simple, however often it is better to redo your changes against the maintainer's new version because the changes are significant. Debconf often attempts to help you with the upgrade, however the results of its efforts vary. Nevertheless I had everything up and running again within quickly, and most of the services were offline for only 30 minutes. Also, I managed to perform the upgrade (which included updates to OpenSSH) without my SSH connection dropping out. This gave me the confidence to upgrade the second server...
The second server is co-located in London so I don't have hands on access to it so the upgrade needs to be performed entirely over an SSH connection. The scary part is the update to OpenSSH since if the connection dies then APT will receive a HUP signal and the procedure will stall. I would then have no way to log back into the server and the 24/7/365 fanatical support of our service provider would have to be called upon. Thankfully the entire update was successful, so I was able to remain connected throughout.
In both cases I had to reinstall a significant number of packages that were removed rather than updated during the upgrade, but this was not a problem since it was easy to determine what was missing from the output of apt-get dist-upgrade.
And the disappointment...
I've been looking forward to Sarge for a long time because it ships with MySQL 4.1 that allows for secure replication over SSL using certificated authentication. Other methods that I've tried including stunnel and port-forwarding with PuTTY have been unstable. It is very useful to have a snapshot and real-time transaction log of the database. If the data were to be corrupted by a rogue SQL statement, you can get the data back by reloading the snapshot and replaying the transactions before the bad instruction. Unfortunately the mysql-server-4.1 package supplied by Debian is not compiled with OpenSSL support for licensing reasons, the secure connections over SSL are not possible. I think that I'll have to compile mysql from source with OpenSSL support to get this ability.
The first server was our on-site Dell Poweredge 2600. After modifying the sources.list file to refer to sarge rather than woody, I ran apt-get dist-upgrade. The difficult part of this process is always deciding for many packages whether to stick with your current configuration files or clobbering them with the package maintainer's version. A useful diff tool is provided that often makes this decision more simple, however often it is better to redo your changes against the maintainer's new version because the changes are significant. Debconf often attempts to help you with the upgrade, however the results of its efforts vary. Nevertheless I had everything up and running again within quickly, and most of the services were offline for only 30 minutes. Also, I managed to perform the upgrade (which included updates to OpenSSH) without my SSH connection dropping out. This gave me the confidence to upgrade the second server...
The second server is co-located in London so I don't have hands on access to it so the upgrade needs to be performed entirely over an SSH connection. The scary part is the update to OpenSSH since if the connection dies then APT will receive a HUP signal and the procedure will stall. I would then have no way to log back into the server and the 24/7/365 fanatical support of our service provider would have to be called upon. Thankfully the entire update was successful, so I was able to remain connected throughout.
In both cases I had to reinstall a significant number of packages that were removed rather than updated during the upgrade, but this was not a problem since it was easy to determine what was missing from the output of apt-get dist-upgrade.
And the disappointment...
I've been looking forward to Sarge for a long time because it ships with MySQL 4.1 that allows for secure replication over SSL using certificated authentication. Other methods that I've tried including stunnel and port-forwarding with PuTTY have been unstable. It is very useful to have a snapshot and real-time transaction log of the database. If the data were to be corrupted by a rogue SQL statement, you can get the data back by reloading the snapshot and replaying the transactions before the bad instruction. Unfortunately the mysql-server-4.1 package supplied by Debian is not compiled with OpenSSL support for licensing reasons, the secure connections over SSL are not possible. I think that I'll have to compile mysql from source with OpenSSL support to get this ability.
0 Comments:
Post a Comment
<< Home