Koozali.org: home of the SME Server

need advice on upgrading SME 7.6 to 8

Offline wdepot

  • ***
  • 89
  • +0/-0
    • http://westerndepot.com
need advice on upgrading SME 7.6 to 8
« on: August 08, 2012, 06:34:12 PM »
We currently use SME Server 7.6 (server/gateway) on a Xeon X3470 computer with 12GB memory to run our primary osCommerce site as well as two other small web sites plus serve our email and act as a firewall/router. Since the update to SME 8 is not automatic I was wanting a bit of advice on performing the update. Since the methods I've seen listed for doing the update so far seem excessively complicated (involving unplugging hard drives and so forth) I was wondering if the method I am thinking of using would work.

We still have our previous Pentium 4 based server computer around as a backup so my thought on performing the update was this:

1) Perform a full backup using DAR2 to our NAS.
2) Restore (disaster recovery restore) this backup to our previous server. I think it has SME 7.4 or thereabouts on it right now so I'm guessing that I will want to get it updated to SME 7.6 first.
3) Once we have confirmed that the restore is working properly on the old server use it to run our web sites while the newer server is updated.
4) Perform a completely new install of SME 8 (64 bit) on the Xeon machine and install the contibutions that we use on it (especially DAR2).
5) Perform a new full backup using DAR2 on the old server to the NAS so that any emails that came in or osCommerce database changes that were made while the old server was in use are saved.
6) Restore (disaster recovery restore) this latest backup to the new SME 8 server.

This seems like the best method for updating while minimizing web site downtime and is made possible by the fact that we still have the old server computer that was running SME 7 before we replaced it with the newer faster computer. Since the server shows only 6GB disk space used the backup/restore should be reasonbly fast, especially over our Gigabit internal network. Does this sound like a reasonable update plan? Of course it would be ideal if we could just stick an SME 8 install cd into the machine and update it that way (after making a backup, of course) but I doubt things would be that simple for a major update like SME 8 where the kernel is completely changed. Now for the specific questions.

First, regarding the DAR2 backup we use the default DAR2 full backup directories which are as follows:

etc/e-smith/templates-custom
etc/e-smith/templates-user-custom
etc/group
etc/gshadow
etc/passwd
etc/samba/secrets.tdb
etc/samba/smbpasswd
etc/shadow
etc/smbpasswd
etc/ssh
etc/sudoers
home/e-smith
root

Do we need to add any directories or remove any of the above directories from the backup list when doing the backup to migrate to SME 8?

Next, we have the following contributions installed on our server now:

DAR2
AWStats
Hardware Info
Diskusage
Sysmon
Monitor Disk Health (not a contribution so much as enabling smartd)
PHPMyAdmin

As far as you know are all of these contributions compatible with SME 8? DAR2 and PHPMyAdmin are the critical ones but we would prefer that they all be available.

Finally, we do use a few custom templates and want to check and make sure none of the following would cause a problem in SME 8. Will any of the below custom templates cause any problems in SME version 8?

templates-custom/etc/php.ini/90WesternDepotSpecific

register_globals   =   Off
magic_quotes_gpc   =   Off
magic_quotes_runtime    =   Off
magic_quotes_sybase   =   Off
sendmail_from   =   info@westerndepot.com

[Session]
session.cookie_lifetime   = 0
session.cookie_domain     = www.westerndepot.com
session.gc_maxlifetime    = 3600
memory_limit = 48M
max_execution_time = 120

templates-custom/etc/http/conf/httpd.conf/35SSL10SSLCertificateFile

{
    my $crt = $modSSL{'crt'} ||
   "/home/e-smith/ssl.crt/wdserver.crt";

    my $key = $modSSL{'key'} ||
   "/home/e-smith/ssl.key/wdserver.key";
   
    $OUT .= <<SSL_END;
SSLCertificateFile $crt
SSLCertificateKeyFile $key
SSL_END

}

templates-custom/etc/http/conf/httpd.conf/35SSL10SSLD

SSLCACertificatePath /home/e-smith/ssl.crt/
SSLCACertificateFile /home/e-smith/ssl.crt/www_westerndepot_com.ca-bundle

templates-custom/etc/http/conf/httpd.conf/35SSL30SSLProtocol

SSLProtocol all -SSLv2

templates-custom/etc/http/conf/httpd.conf/90e-smithAccess40ibays

{
    use esmith::AccountsDB;
    my $adb = esmith::AccountsDB->open_ro();
    $OUT = "";
    foreach my $ibay ($adb->ibays)
    {
   my %properties = $ibay->props;
   my $key = $ibay->key;
   #------------------------------------------------------------
   # Figure out which combination of parameters to use. If
   # PublicAccess parameter is present, this is e-smith 4.0.
   # Otherwise, it's e-smith 3.0.
   #------------------------------------------------------------

   my $allow;
   my $pass;
   my $satisfy;
   
   if ($properties{'PublicAccess'})
   {
       if ($properties{'PublicAccess'} eq 'none')
       {
      next;
       }
       elsif ($properties{'PublicAccess'} eq 'local')
       {
      $allow   = $localAccess;
      $pass    = 0;
      $satisfy = 'all';
       }
       elsif ($properties{'PublicAccess'} eq 'local-pw')
       {
      $allow   = $localAccess;
      $pass    = 1;
      $satisfy = 'all';
       }
       elsif ($properties{'PublicAccess'} eq 'global')
       {
      $allow   = 'all';
      $pass    = 0;
      $satisfy = 'all';
       }
       elsif ($properties{'PublicAccess'} eq 'global-pw')
       {
      $allow   = 'all';
      $pass    = 1;
      $satisfy = 'all';
       }
       elsif ($properties{'PublicAccess'} eq 'global-pw-remote')
       {
      $allow   = $localAccess;
      $pass    = 1;
      $satisfy = 'any';
       }
   }
   elsif ($properties {'ReadAccess'} eq 'global')
   {
       if ($properties {'UsePassword'} eq 'yes')
       {
      $allow   = 'all';
      $pass    = 1;
      $satisfy = 'all';
       }
       else
       {
      $allow   = 'all';
      $pass    = 0;
      $satisfy = 'all';
       }
   }
   else
   {
       if ($properties {'UsePassword'} eq 'yes')
       {
      $allow   = $localAccess;
      $pass    = 1;
      $satisfy = 'all';
       }
       else
       {
      $allow   = $localAccess;
      $pass    = 0;
      $satisfy = 'all';
       }
   }


   my $allowOverride = $properties{'AllowOverride'} || "None";
   my $dynamicContent = $properties{'CgiBin'} || "disabled";
   my $followSymLinks = $properties{'FollowSymLinks'} || "disabled";
   my $indexes = $properties{'Indexes'} || "disabled";
   $OUT .= "\n";
   $OUT .= "#------------------------------------------------------------\n";
   $OUT .= "# $key ibay directories ($properties{'Name'})\n";
   $OUT .= "#------------------------------------------------------------\n";

   $OUT .= "\n";
   $OUT .= "<Directory /home/e-smith/files/ibays/$key/html>\n";
   $OUT .= "    ErrorDocument 400 /http_error.php?error_id=400\n";
   $OUT .= "    ErrorDocument 401 /http_error.php?error_id=401\n";
   $OUT .= "    ErrorDocument 403 /http_error.php?error_id=403\n";
   $OUT .= "    ErrorDocument 404 /http_error.php?error_id=404\n";
   $OUT .= "    ErrorDocument 405 /http_error.php?error_id=405\n";
   $OUT .= "    ErrorDocument 408 /http_error.php?error_id=408\n";
   $OUT .= "    ErrorDocument 415 /http_error.php?error_id=415\n";
   $OUT .= "    ErrorDocument 416 /http_error.php?error_id=416\n";
   $OUT .= "    ErrorDocument 417 /http_error.php?error_id=417\n";
   $OUT .= "    ErrorDocument 500 /http_error.php?error_id=500\n";
   $OUT .= "    ErrorDocument 501 /http_error.php?error_id=501\n";
   $OUT .= "    ErrorDocument 502 /http_error.php?error_id=502\n";
   $OUT .= "    ErrorDocument 503 /http_error.php?error_id=503\n";
   $OUT .= "    ErrorDocument 504 /http_error.php?error_id=504\n";
   $OUT .= "    ErrorDocument 505 /http_error.php?error_id=505\n";
   $OUT .= "    Options None\n";
   $OUT .= "    Options +Indexes\n" if ($indexes eq 'enabled');
   $OUT .= "    Options +FollowSymLinks\n" if ($followSymLinks eq 'enabled');
   if ($dynamicContent eq 'enabled')
   {
       $OUT .= "    Options +Includes\n";
   }
   else
   {
       $OUT .= "    DirectoryIndex index.htm index.html\n";
       $OUT .= "    Options +IncludesNOEXEC\n";
       $OUT .= "    <FilesMatch \"\\.(php|php3|phtml)\$\">\n";
       $OUT .= "        order deny,allow\n";
       $OUT .= "        Deny from all\n";
       $OUT .= "    </FilesMatch>\n";
   }
   $OUT .= "    AllowOverride $allowOverride\n";
   $OUT .= "    order deny,allow\n";
   $OUT .= "    deny from all\n";
   $OUT .= "    allow from $allow\n";
   if ($pass)
   {
       $OUT .= "    AuthName \"$properties{'Name'}\"\n";
       $OUT .= "    AuthType Basic\n";
       $OUT .= "    AuthExternal pwauth\n";
       $OUT .= "    require user $key\n";
       $OUT .= "    Satisfy $satisfy\n";
   }

   if (($properties{PHPRegisterGlobals} || 'disabled') eq 'enabled')
   {
       $OUT .= "    php_flag register_globals on\n";
   }
   $OUT .= "</Directory>\n";

   $OUT .= "\n";
   $OUT .= "<Directory /home/e-smith/files/ibays/$key/cgi-bin>\n";
   if ($dynamicContent eq 'enabled')
   {
       $OUT .= "    Options ExecCGI\n";
   }
   $OUT .= "    AllowOverride None\n";
   $OUT .= "    order deny,allow\n";
   $OUT .= "    deny from all\n";
   $OUT .= "    allow from $allow\n";
   if ($pass)
   {
       $OUT .= "    AuthName \"$properties{'Name'}\"\n";
       $OUT .= "    AuthType Basic\n";
       $OUT .= "    AuthExternal pwauth\n";
       $OUT .= "    require user $key\n";
       $OUT .= "    Satisfy $satisfy\n";
   }
   $OUT .= "</Directory>\n";

   $OUT .= "\n";
   $OUT .= "<Directory /home/e-smith/files/ibays/$key/files>\n";
   $OUT .= "    AllowOverride None\n";
   $OUT .= "    order deny,allow\n";
   $OUT .= "    deny from all\n";
   $OUT .= "    allow from $allow\n";
   if ($pass)
   {
       $OUT .= "    AuthName \"$properties{'Name'}\"\n";
       $OUT .= "    AuthType Basic\n";
       $OUT .= "    AuthExternal pwauth\n";
       $OUT .= "    require user $key\n";
       $OUT .= "    Satisfy $satisfy\n";
   }
   $OUT .= "</Directory>\n";
    }
}

templates-custom/etc/http/conf/httpd.conf/91e-smithAccessPrimarysubdirs


<Directory /home/e-smith/files/ibays/Primary/html/dbadmin>
    Options None
    Options +Includes
    SSLRequireSSL
    AllowOverride None
    order deny,allow
    deny from all
    allow from 127.0.0.1 10.0.3.0/255.255.255.0
    AuthType Basic
    AuthName "WD dbadmin"
    AuthExternal pwauth
    require user admin
    Satisfy any
</Directory>
<Directory /home/e-smith/files/ibays/Primary/html/catalog/admin>
    Options None
    Options +Includes
    SSLRequireSSL
    AllowOverride None
    order deny,allow
    deny from all
    allow from 127.0.0.1 10.0.3.0/255.255.255.0
    AuthType Basic
    AuthName "WD Site Admin"
    AuthExternal pwauth
    require user admin
    Satisfy any
</Directory>

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: need advice on upgrading SME 7.6 to 8
« Reply #1 on: August 09, 2012, 01:34:01 AM »
wdepot

All versions of sme server have always been upgradeable by using a CD install, including going from sme7.x to 8.0. That in my opinion is the easiest approach.
You can also upgrade from 7.x to 8.0 using yum commands but you need to manually configure the sme8 repositories on your sme 7 server first.

Please read the sme8 wiki pages especially the yum upgrade notes for details, wiki link is at top of forums.

If you want to ensure a problem free upgrade then test the upgrade process first on another test server box. If you are running a 2 disk RAID1 array, then pull out one drive and place it in the test server and use the sme 8.0 CD to upgrade it. You can resolve any upgrade problems on a test server without disrupting the main server. Then check your contribs to see they run OK.

There are notes on the sme8 wiki page re which contribs appear functional on sme8. The 2 you mention are OK AFAIR. Check for yourself.
You should move all custom templates to a safe folder (that is included in the backup) and recreate or copy those back one at a time after the upgrade has completed and the server restarted so as they do not possibly interfere with the upgrade process. You probably should use the sme 8.0 templates as the basis for re-adding your custom template changes.

If you are intending to move to 64 bit OS, I'm not sure if you can do the direct CD upgrade, maybe someone else can advise.
If it cannot be directly upgraded, I'd upgrade first to the 32 bit version, and get sme8 running OK etc.
Then look at upgrading to 64 bit OS by backing up and restoring etc.

Note you will have to reinstall contribs after restoring to a newly installed OS.

Also your post seems to imply your plan was to restore to existing installations of sme OS. You should only ever do a full restore to a feshly installed sme server operating system with no data and users etc.
« Last Edit: August 09, 2012, 01:42:01 AM by mary »
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.