Migrate from 5.1 to 5.2

OpenBSD 5.2 est sorti hier (le 1er novembre 2012). Voyons comment basculer d’OpenBSD 5.1 à OpenBSD 5.2. Le cas pratique présenté ici est la bascule d’une passerelle réseau redondée avec CARP (elle aurait pu être load balancée).

Je vous rappelle que l’équipe OpenBSD ne recommande pas de passer d’une version à une trop récente et de suivre l’évolution du système.

Temps de mise à jour (hors compilation d’éléments tiers): 12 minutes

Étape 1: Mise à niveau du système:

  1. Redémarrez votre serveur sur le CD d’OpenBSD 5.2
  2. Choisissez Upgrade puis votre clavier (fr pour nous)
  3. Choisissez le disque contenant la racine de votre système puis la partition racine. Un fsck va être effectué.
  4. Répondez oui au fsck des autres partitions, il se peut que cela n’aie pas été fait depuis très longtemps à cause de la criticité du système.
  5. Avancez dans l’installation en sélectionnant les packages système à installer. Je vous recommande tout sauf x11 et les jeux (-x* et -g*)
  6. Installez et redémarrez

Étape 2: Mise à niveau des services tiers

Si vous avez installé des services et paquets tiers, il va falloir faire cette étape, sinon c’est terminé.

Tapez les 2 commandes suivantes afin de mettre à jour les applications:

export PKG_PATH=http://ftp.fr.openbsd.org/pub/OpenBSD/5.2/packages/amd64/
pkg_add -u

Dans notre cas voici la sortie de la commande:

root@mgw> pkg_add -u                                                            ~
quirks-1.59->quirks-1.73: ok
arc-5.21p->arc-5.21p: ok
arping-2.09->arping-2.11: ok
bash-4.2.36:libiconv-1.14->libiconv-1.14: ok
bash-4.2.36:gettext-0.18.1p1->gettext-0.18.1p3: ok
bash-4.2.20->bash-4.2.36: ok
bwm-ng-0.6p0->bwm-ng-0.6p0: ok
bzip2-1.0.6->bzip2-1.0.6: ok
clamav-0.97.5p0:lha-1.14i.ac20050924.1->lha-1.14i.ac20050924.1: ok
clamav-0.97.5p0:zoo-2.10.1p1->zoo-2.10.1p1: ok
clamav-0.97.5p0:unzip-6.0p0->unzip-6.0p0: ok
clamav-0.97.3p3->clamav-0.97.5p0: ok
cyrus-sasl-2.1.25p2->cyrus-sasl-2.1.25p3: ok
db-4.6.21v0->db-4.6.21v0: ok
eventlog-0.2.12p0->eventlog-0.2.12p1: ok
femail-0.98->femail-0.98: ok
femail-chroot-0.98->femail-chroot-0.98p1: ok
glib2-2.32.4:pcre-8.21->pcre-8.30: ok
glib2-2.32.4:libelf-0.8.13p1: ok
glib2-2.32.4:python-2.7.1p12->python-2.7.3p0: ok
glib2-2.30.2p5->glib2-2.32.4: ok
havp-0.92ap0->havp-0.92ap1: ok
iftop-0.17p2->iftop-1.0pre2: ok
isc-dhcp-server-4.2.3.2->isc-dhcp-server-4.2.4: ok
libdnet-1.12p4->libdnet-1.12p4: ok
libexecinfo-0.2p0v0->libexecinfo-0.2p0v0: ok
libidn-1.22->libidn-1.25: ok
libxml-2.7.8p4->libxml-2.7.8p6: ok
lua-5.1.4p3->lua-5.1.5p0: ok
nagios-plugins-1.4.15p1->nagios-plugins-1.4.16: ok
nano-2.2.6->nano-2.2.6: ok
nmap-5.51p2->nmap-6.01: ok
nrpe-2.12.20100914p1->nrpe-2.12.20100914p1: ok
openldap-client-2.4.26->openldap-client-2.4.31: ok
php-5.3.10->php-5.3.14p1: ok
popt-1.16->popt-1.16: ok
rsync-3.0.9->rsync-3.0.9: ok
samba-3.6.6p0-ads:tdb-1.2.7->tdb-1.2.7: ok
samba-3.6.1p1-ads->samba-3.6.6p0-ads: ok
Removing
sqlite3-3.7.9p0->: ok
Problem: checksum doesn't match for /usr/local/sbin/squid
NOT deleting: /usr/local/sbin/squid
Renaming old file /usr/local/sbin/squid to /usr/local/sbin/squid.aD46RQezg5
squid-2.7.STABLE9p15-ntlm->squid-2.7.STABLE9p19-ntlm: ok
squidGuard-1.4p2-ldap->squidGuard-1.4p3-ldap: ok
syslog-ng-3.1.4p6:libdbi-0.8.3: ok
syslog-ng-3.1.4p1->syslog-ng-3.1.4p6: ok
wget-1.13.4->wget-1.13.4: ok
zsh-4.3.15->zsh-4.3.17: ok
Read shared items: ok
Look in /usr/local/share/doc/pkg-readmes for extra documentation.
--- -clamav-0.97.3p3 -------------------
You should also run rm -fr /var/db/clamav/*
You should also run rm -fr /var/spool/clamav/*
You should also run rm -fr /var/clamav/quarantine/*
You should also run rm -fr /var/clamav/tmp/*
You should also check /etc/clamd.conf (which was modified)
You should also check /etc/freshclam.conf (which was modified)
--- -cyrus-sasl-2.1.25p2 -------------------
You should also run rm -rf /var/sasl2/*
--- -isc-dhcp-server-4.2.3.2 -------------------
Remember to update /var/db/dhcpd.leases
--- -libxml-2.7.8p4 -------------------
Remember to update /var/db/xmlcatalog
--- -nrpe-2.12.20100914p1 -------------------
You should also check /etc/nrpe.cfg (which was modified)
--- -php-5.3.10 -------------------
You should also run rm -fr /etc/php-5.3/
To completely deinstall the package you need to
remove the symbolic link from /var/www/conf/modules
by performing the following step as root:

 rm -rf /var/www/conf/modules/php.conf
--- -python-2.7.1p12 -------------------
Don't forget to remove /usr/local/bin/python,
/usr/local/bin/2to3, /usr/local/bin/python-config and/or
/usr/local/bin/pydoc if they were symlinks to
/usr/local/bin/python2.7, /usr/local/bin/python2.7-2to3,
/usr/local/bin/python2.7-config or to /usr/local/bin/pydoc2.7.
--- -samba-3.6.1p1-ads -------------------
You should also check /etc/samba/smb.conf (which was modified)
--- -squid-2.7.STABLE9p15-ntlm -------------------
You should also run rm -rf /var/squid/cache/*
You should also run rm -rf /var/squid/logs/*
Couldn't delete /usr/local/sbin/squid (bad checksum)
You should also check /etc/squid/squid.conf (which was modified)
Files kept as partial-squid-2.7.STABLE9p15-ntlm package
--- -squidGuard-1.4p2-ldap -------------------
You should also check /etc/squidguard/squidguard.conf (which was modified)
You should also run rm -fr /etc/squidguard
You should also run rm -fr /var/db/squidGuard
You should also run rm -fr /var/log/squidguard/
--- -syslog-ng-3.1.4p1 -------------------
You should also check /etc/syslog-ng/syslog-ng.conf (which was modified)
--- +nagios-plugins-1.4.16 -------------------
The check_dhcp and check_icmp plugins need to run with superuser
privileges. For security reasons they are not installed suid root
by default. If you want to use them, you have to either change
their mode manually or use systrace's privilege elevation feature.
--- +php-5.3.14p1 -------------------
To enable the php-5.3 module please create a symbolic link from
/var/www/conf/modules.sample/php-5.3.conf to
/var/www/conf/modules/php.conf. As root:

    ln -sf /var/www/conf/modules.sample/php-5.3.conf /var/www/conf/modules/php.conf

The recommended php configuration has been installed to:
    /etc/php-5.3.ini.
--- +python-2.7.3p0 -------------------
If you want to use this package as your default system python, as root
create symbolic links like so (overwriting any previous default):
 ln -sf /usr/local/bin/python2.7 /usr/local/bin/python
 ln -sf /usr/local/bin/python2.7-2to3 /usr/local/bin/2to3
 ln -sf /usr/local/bin/python2.7-config /usr/local/bin/python-config
 ln -sf /usr/local/bin/pydoc2.7  /usr/local/bin/pydoc

Etape 3: Vérification

Comme vous pouvez le voir, pkg_add nous incite à vérifier les modifications qu’il a apportées au fichiers de configuration de vos services. Dans notre cas rien n’a été impacté par ces modifications.

Etape 4: Personnalisation

Pour terminer recompilez tous les logiciels tiers que vous avez compilés vous même.

Conseils annexes

Si vous utilisez CARP, n’oubliez pas d’incrémenter ou la valeur du advskew ou le carpdemote afin que votre serveur ne devienne pas maître (ifconfig -g carp cardemote 200).