[LON-CAPA-admin] OS upgrade
pneubauer at bsu.edu
Thu Apr 21 13:39:31 EDT 2016
I'm about to do an OS upgrade (to the latest CentOS version) on our LON-CAPA server. We have a single (virtual) server as both access server and library server. We do also have a test system that I have tried to keep more or less in sync with the production server, missing mostly "just" the content. I haven't upgraded the OS on a LON-CAPA system for some time and I don't seem to have my old notes, so I'm trying to get my ducks in a row beforehand.
Both the "Operating System Upgrade" page http://www.lon-capa.org/fedoracoreupdate.html and the "Hardware Upgrade" page http://www.lon-capa.org/hardwareupgrade.html that it refers you to are pretty vague with respect to what needs to be saved from the old system, so I want to post what I expect to do here and see if anyone has suggestions for either things that I should be doing that I'm not or things that I plan to do but should not.
I plan to do an upgrade on our test server first and then do the same thing to production.
all of the /home filesystem
/etc/passwd (so that not only passwords, but file ownerships will remain with the proper users and groups)
/etc/group (same reasoning)
everything in /root/.ssh/ (so I can log in with my ssh key)
our ssl cert(s) from /etc/pki/tls
What about /etc/httpd/conf/httpd.conf and the files from /etc/httpd/conf.d, particularly ssl.conf and shib.conf?
our shibboleth certs and metadata:
(or should I save more or even all of /etc/shibboleth?)
local modifications to iptables /etc/sysconfig/iptables (e.g., so the backup server can connect :-) )
ssh host keys from /etc/ssh/
I'm guessing I don't want /etc/yum.repos.d/security:shibboleth.repo since that refers to CentOS-6. Does LON-CAPA install a version-specific security:shibboleth.repo file or should I plan on recreating that manually?
Then follow the steps from the "CentOS Linux 7 Install" page http://install.lon-capa.org/centos7_install.html restoring the saved files between steps 3 and 4 so that all the user and group id's will be the proper ids to maintain file ownership.
Does anyone see anything I've missed?
More information about the LON-CAPA-admin