-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 27-Jun-2002/09:46 -0600, "Ashley M. Kirchner" <[EMAIL PROTECTED]> wrote: > >I need to upgrade a live system, and I wonder how people tackle this >problem. The system hosts users and their websites, email and several >other services. I need to perform a full OS upgrade (mainly because I'm >more comfortable doing that, than the usual Upgrade path), so naturally >the system will be down for quite some time while I reload a new OS, >download and install erratas, perform security updates, blah blah blah, >before finally putting it back online.
Use the updated errata RPMs to do the install, as noted by Keith Morse. >Doing this will also nuke the system's SSH keys, causing everyone to have >to generate new ones. Back up the old key and put it into place when the new install is done. It should work fine. >And I'm not sure yet how to deal with having to recreate people's logins >- not sure if just pulling /etc/passwd, shadow and group files from >backup and dropping them back in place is all that needs to happen. That will work. Just be sure not to touch /home or Apache's DocumentRoot during the install. I usually put DocumentRoot in /home/httpd/html specifically to simplify this procedure. Red Hat used to do that by default prior to 7.x. I also put /usr/local on its own partition and make /opt a link to /usr/local/opt. That way I can leave /usr/local in place during new installs and not have to reinstall third party binaries that live in /opt. I put my own scripts in /usr/local/bin|sbin, so they're already in place after a new install. If you're running any databases, don't just backup the data files. These binary files aren't always readable by newer versions of the database manager. Make sure you do an SQL dump of the data and back that up. >How do you folks deal with having to take the system down to perform an >OS upgrade, without much of a downtime to your users? Overnight? And >what happens if you run into trouble? How do you (politely) tell your >users they can't access their accounts till the system is done being >rebuild. Announce the down time as described by Keith Morse. >Also, what happens with the Apache SSL key that was once generated and >used to acquire a Thawte certificate? I have the files that were used, >but I'm not sure how to redo that without screwing up the certificate >(and consequently having to buy a new Thawte cert.) Back up the certs and the keys and put them back into place, just like the SSH key. I have done this and confirmed that it works as expected. If you haven't already done so, you should probably put your Apache keys and certs on a CD or some other safe media. Tony - -- Anthony E. Greene <mailto:[EMAIL PROTECTED]> OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: <http://www.pobox.com/~agreene/> Linux. The choice of a GNU generation <http://www.linux.org/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene <mailto:[EMAIL PROTECTED]> 0x6C94239D iD8DBQE9G3V7pCpg3WyUI50RAqAJAKCzxKt6UR2Jps27jm8TcKVqdnvRfgCfW2M/ 9amMPvQBT2FipOlNZAV/RP0= =7Au7 -----END PGP SIGNATURE----- _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list