[LON-CAPA-admin] OS upgrade

Stuart Raeburn raeburn at msu.edu
Thu Apr 21 19:09:45 EDT 2016 

Paul,

Besides /etc/passwd and /etc/group you should also preserve  
/etc/shadow and /etc/gshadow

>
> 	What about /etc/httpd/conf/httpd.conf and the files from   
> /etc/httpd/conf.d, particularly ssl.conf and shib.conf?
>

httpd.conf should not be copied from CentOS 6 to CentOS 7 because you  
will be switching from Apache 2.2 to Apache 2.4.

However, when you follow the steps in:
http://install.lon-capa.org/centos7_install.html

you will find that the "Retrieve and execute LON-CAPA setup program"  
action (step 5) will install an appropriate /etc/httpd/conf/httpd.conf.

You will want to modify that httpd.conf based on the instructions in:
https://loncapa.msu.edu/adm/help/tex/Institutional_Integration_Shibboleth.hlp

(In 2.4 LoadModule statements have moved from httpd.conf to *.conf  
files in /etc/httpd/conf.modules.d).

It looks as though your LON-CAPA server is currently running LON-CAPA  
2.10.1, and CentOS 7 requires 2.11.0 or 2.11.1, so your upgrade of OS  
will also involve a LON-CAPA update.

If you have created an /etc/httpd/conf/loncapa_apache_local_bsu.conf  
you should preserve that.

When you install mod_ssl that will install a standard  
/etc/httpd/conf.d/ssl.conf . You will want to modify that -- see the  
instructions in the release notes for LON-CAPA 2.11.1 found at:
http://mail.lon-capa.org/pipermail/lon-capa-announce/2015/000095.html

Your shib.conf in CentOS 6 (Apache 2.2) will include a LoadModule  
statement to load the mod_shib_22.so, but for CentOS 7 (Apache 2.4) I  
expect you will need to load mod_shib_24.so.

> I'm guessing I don't want /etc/yum.repos.d/security:shibboleth.repo   
> since that refers to CentOS-6. Does LON-CAPA install a   
> version-specific security:shibboleth.repo file or should I plan on   
> recreating that manually?

LON-CAPA does not install a .repo file for Shibboleth, so you should  
do that manually.


Stuart Raeburn
LON-CAPA Academic Consortium

Quoting "Neubauer, Paul" <pneubauer at bsu.edu>:

> Hi All,
>
> I'm about to do an OS upgrade (to the latest CentOS version) on our   
> LON-CAPA server. We have a single (virtual) server as both access   
> server and library server. We do also have a test system that I have  
>  tried to keep more or less in sync with the production server,   
> missing mostly "just" the content. I haven't upgraded the OS on a   
> LON-CAPA system for some time and I don't seem to have my old notes,  
>  so I'm trying to get my ducks in a row beforehand.
>
> Both the "Operating System Upgrade" page   
> http://www.lon-capa.org/fedoracoreupdate.html and the "Hardware   
> Upgrade" page http://www.lon-capa.org/hardwareupgrade.html that it   
> refers you to are pretty vague with respect to what needs to be   
> saved from the old system, so I want to post what I expect to do   
> here and see if anyone has suggestions for either things that I   
> should be doing that I'm not or things that I plan to do but should   
> not.
>
> I plan to do an upgrade on our test server first and then do the   
> same thing to production.
>
> Save:
> 	all of the /home filesystem
> 	/etc/passwd	(so that not only passwords, but file ownerships will   
> remain with the proper users and groups)
> 	/etc/group  (same reasoning)
> 	everything in /root/.ssh/ (so I can log in with my ssh key)
> 	our ssl cert(s) from /etc/pki/tls
> 	What about /etc/httpd/conf/httpd.conf and the files from   
> /etc/httpd/conf.d, particularly ssl.conf and shib.conf?
> 	our shibboleth certs and metadata:
> 		/etc/shibboleth/metadata/shibboleth.bsu.edu.xml
> 		/etc/shibboleth/sp-cert.pem
> 		/etc/shibboleth/sp-key.pem
> 		(or should I save more or even all of /etc/shibboleth?)
> 	local modifications to iptables /etc/sysconfig/iptables (e.g., so   
> the backup server can connect :-) )
> 	ssh host keys from /etc/ssh/
>
> I'm guessing I don't want /etc/yum.repos.d/security:shibboleth.repo   
> since that refers to CentOS-6. Does LON-CAPA install a   
> version-specific security:shibboleth.repo file or should I plan on   
> recreating that manually?
>
> Then follow the steps from the "CentOS Linux 7 Install" page   
> http://install.lon-capa.org/centos7_install.html restoring the saved  
>  files between steps 3 and 4 so that all the user and group id's  
> will  be the proper ids to maintain file ownership.
>
> Does anyone see anything I've missed?
>
> Thanks,
> Paul

More information about the LON-CAPA-admin mailing list