Re: [leaf-user] Upgrading packages (was Shorewall 1.4 -> 2.0.9)

[Ray Atnip]

I know I'm responding to this msg a little late but I wasn't ready to  
upgrade until
now.
I'm using a Soekris board and CF disk. (no floppy or hard drive).
The 'partial' backups seem to be the ideal way to upgrade but it appears  
that
they will overwrite the existing lrp on the CF, which is why the note below
suggests using a 2nd xfer floppy for saving the configs.
My question is, if I scp all the files contained in each  
/var/lib/lrpkg/<package>.conf, to
another computer, then replace by CF disk with the new version of bering  
leaf, boot with
the default configuration, and restore the files I scp'd back to the new  
system, will I
then have upgraded and maintained my current configuration?
If there was a way to save the config files via a 'partial backup' to a  
separate directory,
that would be nice.
As it is, it looks like I should create my CF disk with a second file  
system on it just for
the purpose of 'partial backups'.

On Tue, 26 Oct 2004 10:45:01 -0500, Charles Steinkuehler  
<[EMAIL PROTECTED]> wrote:

Tom Eastep wrote:
On Monday 25 October 2004 23:27, Erich Titl wrote:
At 15:34 25.10.2004 -0700, you wrote:
>...
>
>Now if LEAF/Bering just had an easy way to upgrade packages....
Mhhh... actually there was a suggestion (and contribution) long time  
ago by
Alex Rhomberg IIRC.
 20 minutes of searching on the LEAF site didn't find any information  
on upgrading; lot's of information about how to install and configure  
initially.
It's *VERY* simple...just put in a new CD and reboot!  :-)
Actually, I'm only slightly kidding...that's exactly how I upgrade my  
prodution firewalls.  The partial backup feature I added to Dachstein  
allows configuration data to be stored seperately from the rest of the  
package.

Once the config data is seperated from the rest of the package, it's an  
easy matter to upgrade the pacakge while keeping your current  
configuration (in my case, just inserting a new CD and re-booting).

Users who aren't running with multiple package paths and using partial  
backups can still upgrade a package, it just takes a bit of extra work.   
The general idea is to use a partial backup to save your configuration,  
replace the package, and restore your old configuration files.

Step-by-step instructions for one way to do this (assuming a  
conventional single-floppy LEAF system) would be:

- Make a backup copy of your firewall disk ('NEW').  This is the disk  
you will add the upgraded package(s) to.

- Format a floppy to use as a temporary location for your configuration  
file(s) ('XFER').  This disk should have the same format as your  
firewall disk (and could simply be another backup copy of your current  
firewall).

- Make sure you have a working copy of your existing firewall ('OLD') in  
a safe place, that you *DO NOT* use durring this process.  That way, if  
anything goes wrong you can simply reboot off the OLD disk to get back  
to a working configuration.

- Remove your current firewall configuration disk and replace it with  
the XFER disk.

- Use the lrcfg backup menu to make a partial backup of the package(s)  
you want to upgrade, being sure to backup the files to the XFER disk.   
From the backup menu:
     t e <enter> p <enter>
     b <package1> <enter>
     b <package2> <enter>
     ...

- Download and copy the package(s) you want to upgrade onto the NEW disk.
- Reboot your firewall using the NEW disk...at this point your upgraded  
packages will have their default configuration.

- Mount the XFER disk (mount -t msdos /dev/fd0u1680 /mnt)
- CD to the root directory (cd /)
- Manually extract configuration data for each package you upgraded:
     tar -xzvf /mnt/package1.lrp
     tar -xavf /mnt/package2.lrp
     ...
- Unmount (umount /mnt) and remove the XFER disk
- Using lrcfg, do *FULL* backups of your upgraded packages.
- Reboot, verifying the firewall works as expected.  Some configuration  
files may need to be 'tweaked' to work properly with the upgraded  
package binaries.

IMPORTANT:  The new package file <package>.local can be used to  
fine-tune which files are included (and excluded) from the partial  
backup (see the Dachstein-CD README for details).  If this file doesn't  
exist, the backup scripts assume anything from the <package>.list file  
that resides in /etc or /var/lib/lrpkg is part of the configuration data  
and is used to create the partial backup.  If shorewall puts anything in  
/etc that isn't a user modified configuration file, a proper  
shorwall.local file should be created prior to making the partial backup.

NOTE:  It's obviously possible to do the above 'in-place', without using  
multiple disks, and even without making a partial backup (ie: copy  
current config files to /tmp, manually extract new package on top of  
current running firewall, then copy or merge config data from /tmp and  
backup...or similar), but anyone capable of that level of command line  
gymnastics is probably doing it already, without needing detailed  
instructions!  :)


--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html