RE: [leaf-user] Upgrading packages (was Shorewall 1.4 -> 2.0.9)

Wed, 27 Oct 2004 10:49:21 -0700 

Thanks, Charles.. This worked like a charm.
I wondered what the partial backup was for.

Also, I have in-line below what I did -- with a few extra things like
umount and replace the XFER with the NEW FW disk. And a question whether
the second tar should be -xzvf or -xavf, as you wrote it? (looks like
you hit a instead of z)

Also, my configuration is boot Bering 1.2 from CD, with packages backed
up to a msdos 1.44 mb floppy.  So, easy to transfer the new
shorewall-2.0.9.lrp from a windoze box  (for those still enslaved, as am
I).
But the partial backup feature has been preserved since Dachstein.

Cheers, Rick.

>-----Original Message-----
>From: [EMAIL PROTECTED]
[mailto:leaf-user->[EMAIL PROTECTED] On Behalf Of Charles
Steinkuehler
>Sent: Tuesday, October 26, 2004 11:45 AM
>To: Tom Eastep; [EMAIL PROTECTED]
>Subject: Re: [leaf-user] Upgrading packages (was Shorewall 1.4 ->
2.0.9) >

>Tom Eastep wrote:

>> On Monday 25 October 2004 23:27, Erich Titl wrote:
>>> At 15:34 25.10.2004 -0700, you wrote:
>>> >...
>>> >
>>> >Now if LEAF/Bering just had an easy way to upgrade packages....
>>>
>>> Mhhh... actually there was a suggestion (and contribution) long time
ago >by
>>> Alex Rhomberg IIRC.
>> 
>> 20 minutes of searching on the LEAF site didn't find any information
on 
>> upgrading; lot's of information about how to install and configure
>initially.

>It's *VERY* simple...just put in a new CD and reboot!  :-)

>Actually, I'm only slightly kidding...that's exactly how I upgrade my 
>prodution firewalls.  The partial backup feature I added to Dachstein
>allows 
>configuration data to be stored seperately from the rest of the
package.

>Once the config data is seperated from the rest of the package, it's an
>easy 
>matter to upgrade the pacakge while keeping your current configuration
(in 
>my case, just inserting a new CD and re-booting).

>Users who aren't running with multiple package paths and using partial 
>backups can still upgrade a package, it just takes a bit of extra work.
>The 
>general idea is to use a partial backup to save your configuration,
replace 
>the package, and restore your old configuration files.

>Step-by-step instructions for one way to do this (assuming a
conventional 
>single-floppy LEAF system) would be:

>- Make a backup copy of your firewall disk ('NEW').  This is the disk
you 
>will add the upgraded package(s) to.

>- Format a floppy to use as a temporary location for your configuration

>file(s) ('XFER').  This disk should have the same format as your
firewall 
>disk (and could simply be another backup copy of your current
firewall).

>- Make sure you have a working copy of your existing firewall ('OLD')
in a 
>safe place, that you *DO NOT* use durring this process.  That way, if 
>anything goes wrong you can simply reboot off the OLD disk to get back
to a 
>working configuration. >

>- Remove your current firewall configuration disk and replace it with
the 
>XFER disk.

>- Use the lrcfg backup menu to make a partial backup of the package(s)
you 
>want to upgrade, being sure to backup the files to the XFER disk.  From
the 
>backup menu:
>     t e <enter> p <enter>
>     b <package1> <enter>
>     b <package2> <enter>
>     ...

I only wanted to do shorewall, so from the backup menu I entered
  t 9 
  p
(9 happens to be the number for shorewall)

Then type
 umount /mnt  
Take the XFER disk out.


>- Download and copy the package(s) you want to upgrade onto the NEW
disk.

Got a copy of shorwall-2.0.9.lrp
But, rename the file shorwall.lrp to the NEW disk.  -- otherwise LEAF
will not find it.
Put NEW disk into the floppy drive... In my case, this is a 1.4Mb
standard msdos floppy, with leaf.cfg and the new shorwall.lrp file;  all
the other packages are coming from CD.   

>- Reboot your firewall using the NEW disk...at this point your upgraded

>packages will have their default configuration.

>- Mount the XFER disk (mount -t msdos /dev/fd0u1680 /mnt)
Since mine is a 1.44M floppy, type:
mount -t msdos /dev/fd0 /mnt

>- CD to the root directory (cd /)

>- Manually extract configuration data for each package you upgraded:
>     tar -xzvf /mnt/package1.lrp
>     tar -xavf /mnt/package2.lrp
>     ...

tar -xzvf /mnt/shorwall.lrp

>- Unmount (umount /mnt) and remove the XFER disk

Put the NEW diskette back in the floppy drive

>- Using lrcfg, do *FULL* backups of your upgraded packages.
So, from the backup menu type
  t 9 
  f

then just type 9 or whatever number the package is.

>- Reboot, verifying the firewall works as expected.  Some configuration

>files may need to be 'tweaked' to work properly with the upgraded
package 
>binaries.

>IMPORTANT:  The new package file <package>.local can be used to
fine-tune 
>which files are included (and excluded) from the partial backup (see
the 
>Dachstein-CD README for details).  If this file doesn't exist, the
backup 
>scripts assume anything from the <package>.list file that resides in
/etc >or 
>/var/lib/lrpkg is part of the configuration data and is used to create
the 
>partial backup.  If shorewall puts anything in /etc that isn't a user 
>modified configuration file, a proper shorwall.local file should be
created 
>prior to making the partial backup.

>NOTE:  It's obviously possible to do the above 'in-place', without
using 
>multiple disks, and even without making a partial backup (ie: copy
current 
>config files to /tmp, manually extract new package on top of current
>running 
>firewall, then copy or merge config data from /tmp and backup...or
>similar), 
>but anyone capable of that level of command line gymnastics is probably

>doing it already, without needing detailed instructions!  :)

>-- 
>Charles Steinkuehler
>[EMAIL PROTECTED]


-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give
us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out
more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88&alloc_id065&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to