Tom Eastep wrote:
On Monday 25 October 2004 23:27, Erich Titl wrote:At 15:34 25.10.2004 -0700, you wrote: >... > >Now if LEAF/Bering just had an easy way to upgrade packages....
Mhhh... actually there was a suggestion (and contribution) long time ago by Alex Rhomberg IIRC.
20 minutes of searching on the LEAF site didn't find any information on upgrading; lot's of information about how to install and configure initially.
It's *VERY* simple...just put in a new CD and reboot! :-)
Actually, I'm only slightly kidding...that's exactly how I upgrade my prodution firewalls. The partial backup feature I added to Dachstein allows configuration data to be stored seperately from the rest of the package.
Once the config data is seperated from the rest of the package, it's an easy matter to upgrade the pacakge while keeping your current configuration (in my case, just inserting a new CD and re-booting).
Users who aren't running with multiple package paths and using partial backups can still upgrade a package, it just takes a bit of extra work. The general idea is to use a partial backup to save your configuration, replace the package, and restore your old configuration files.
Step-by-step instructions for one way to do this (assuming a conventional single-floppy LEAF system) would be:
- Make a backup copy of your firewall disk ('NEW'). This is the disk you will add the upgraded package(s) to.
- Format a floppy to use as a temporary location for your configuration file(s) ('XFER'). This disk should have the same format as your firewall disk (and could simply be another backup copy of your current firewall).
- Make sure you have a working copy of your existing firewall ('OLD') in a safe place, that you *DO NOT* use durring this process. That way, if anything goes wrong you can simply reboot off the OLD disk to get back to a working configuration.
- Remove your current firewall configuration disk and replace it with the XFER disk.
- Use the lrcfg backup menu to make a partial backup of the package(s) you want to upgrade, being sure to backup the files to the XFER disk. From the backup menu:
t e <enter> p <enter>
b <package1> <enter>
b <package2> <enter>
...
- Download and copy the package(s) you want to upgrade onto the NEW disk.
- Reboot your firewall using the NEW disk...at this point your upgraded packages will have their default configuration.
- Mount the XFER disk (mount -t msdos /dev/fd0u1680 /mnt)
- CD to the root directory (cd /)
- Manually extract configuration data for each package you upgraded:
tar -xzvf /mnt/package1.lrp
tar -xavf /mnt/package2.lrp
...- Unmount (umount /mnt) and remove the XFER disk
- Using lrcfg, do *FULL* backups of your upgraded packages.
- Reboot, verifying the firewall works as expected. Some configuration files may need to be 'tweaked' to work properly with the upgraded package binaries.
IMPORTANT: The new package file <package>.local can be used to fine-tune which files are included (and excluded) from the partial backup (see the Dachstein-CD README for details). If this file doesn't exist, the backup scripts assume anything from the <package>.list file that resides in /etc or /var/lib/lrpkg is part of the configuration data and is used to create the partial backup. If shorewall puts anything in /etc that isn't a user modified configuration file, a proper shorwall.local file should be created prior to making the partial backup.
NOTE: It's obviously possible to do the above 'in-place', without using multiple disks, and even without making a partial backup (ie: copy current config files to /tmp, manually extract new package on top of current running firewall, then copy or merge config data from /tmp and backup...or similar), but anyone capable of that level of command line gymnastics is probably doing it already, without needing detailed instructions! :)
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
