Hi Stefan,
Good question here.
I'll explain, i'll reply to the list also, this info can also be handy
for others .
I always follow this approach for my DC upgrades.
Start with the DC with FSMO roles then the others.
1) backup.
I use virtual machines for the DC's, so i down all my DC's and take an
offline snapshot.
If you dont have virtual machines, i suggest the following.
Run : sudo smbd -b | egrep "/var|etc"
Stop the DC with FSMO and backup every folder you see in the output.
I use the follow on an other location.
###############################################
#!/bin/bash
systemctl stop samba-ad-dc bind9
# Samba
for x in $(sudo smbd -b | egrep "/var|etc" | awk '{ print $NF
}')
do
# Filebackup
if [ -f $x ]
then
cp $x{,.backup-$(date +%F)}
elif [ -d $x ]
# Folder
then
cp -r $x{,.backup-$(date +%F)}
fi
done
# Bind
if [ -d /etc/bind ] || [ -d /etc/bind9 ]
then
# Folder
if [ -d /etc/bind ]
then
cp -r /etc/bind{,.backup-$(date +%F)}
else
cp -r /etc/bind9{,.backup-$(date +%F)}
fi
Fi
systemctl start samba-ad-dc bind9
# now wait 5 sec, and run samba DB tool check.
sleep 5
samba-tool dbcheck
samba-tool dbcheck --cross-nc
# error try to fix them before the upgrade or take you chances and to it after.
# Now, you choose.
# a) before, the + is, a fixed database if all ok, the - is, if there is an
error.
# you can do more harm.
# b) after, the + is, you have more chance that the newer samba has better ways
to fix things.
# but the - is, you hcan have more problem, if the db had problem before the
upgrade.
# so think wisely if you detect error, and if you dont know, mail the list.
###############################################
2 GET ant DONT install the needed package to upgrade.
In debian : apt-get update && apt-get upgrade -dy ( download and end it
)
Then upgrade: apt-get upgrade
If the are package changes, like new added packages then run : apt-get
dist-upgrade
Or run a manual apt-get install packagenames...
3) The upgrade itself.
If you run a basic config, then you problemy wont have any problem.
If you have any problem while upgrading then you didnt read the changelogs
before the upgrade ;-)...
Now do the following, look at your screen, you should be able to seen which
parameter is given the problem.
If you dont see it run : samba-tool testparm
Still no go, then go here :
http://downloads.van-belle.nl/samba4/Upgrade-info.txt and
go through this file. I contains almost all info you need to know to find your
problem.
Including the links to wiki and samba historical changelogs.
Now look at the smb.conf changes, and review you smb.conf.
If your uable to find it, mail the list, you did your best.. ;-)
4) After the upgrade.
I cleanup my samba logs, and reboot the server and i review my logs.
Samba logs, syslog, daemonlog.
Even while this should not be needed, i do this so i can make a good check of my
logs
And its also check if you server boots correctly.
I hope this helps someone, more questions, mail the list.
Greetz,
Louis
Ps. Its no problem to ask question to me personaly, but i preffer the list, so
everbody learns from it.
> -----Oorspronkelijk bericht-----
> Van: Stefan G. Weichinger [mailto:lists at xunil.at]
> Verzonden: vrijdag 18 mei 2018 10:04
> Aan: L.P.H. van Belle
> Onderwerp: Samba 4.8.2
>
>
> hi, Louis,
>
> I just read through your email to the samba-ml regarding the
> 4.8.2 upgrade
>
> You write "your upgrade will probably end in an error" and
something
> around "correct your smb.conf", but I don't get what changes
> to make ...
>
> 2nd: it should be a defensive way to approach this to upgrade one of 2
> DCs first, right?
>
> thanks, regards, Stefan
>
>
>
>
Is it possible to Mix Samba 4.8.2 with Samba 4.7.7? I have three domain controller (up to 10000 users) running on Samba 4.7.7. I want to kill all samba processes of Dc1 and do all necessary steps for an upgrade to version 4.8.2. Dc2 and Dc2 still running and providing. After a reboot of the upgraded server, (Dc1) is the replication still working? Gpos are working? I cant shutdown all domain controller for the same time, and upgrade them "offline" step by step! Best regards Micha Am 18. Mai 2018 11:53:36 MESZ schrieb "L.P.H. van Belle via samba" <samba at lists.samba.org>:>Hi Stefan, > >Good question here. >I'll explain, i'll reply to the list also, this info can also be handy >for others . > >I always follow this approach for my DC upgrades. >Start with the DC with FSMO roles then the others. > >1) backup. > I use virtual machines for the DC's, so i down all my DC's and take an >offline snapshot. > If you dont have virtual machines, i suggest the following. > Run : sudo smbd -b | egrep "/var|etc" > > Stop the DC with FSMO and backup every folder you see in the output. > I use the follow on an other location. > >############################################### >#!/bin/bash > >systemctl stop samba-ad-dc bind9 ># Samba >for x in $(sudo smbd -b | egrep "/var|etc" | awk '{ print $NF }') >do > # Filebackup > if [ -f $x ] > then > cp $x{,.backup-$(date +%F)} > elif [ -d $x ] > # Folder > then > cp -r $x{,.backup-$(date +%F)} > fi >done > > ># Bind >if [ -d /etc/bind ] || [ -d /etc/bind9 ] >then > # Folder > if [ -d /etc/bind ] > then > cp -r /etc/bind{,.backup-$(date +%F)} > else > cp -r /etc/bind9{,.backup-$(date +%F)} > fi >Fi >systemctl start samba-ad-dc bind9 ># now wait 5 sec, and run samba DB tool check. >sleep 5 >samba-tool dbcheck >samba-tool dbcheck --cross-nc ># error try to fix them before the upgrade or take you chances and to >it after. ># Now, you choose. ># a) before, the + is, a fixed database if all ok, the - is, if there >is an error. ># you can do more harm. ># b) after, the + is, you have more chance that the newer samba has >better ways to fix things. ># but the - is, you hcan have more problem, if the db had problem >before the upgrade. ># so think wisely if you detect error, and if you dont know, mail the >list. >############################################### > > >2 GET ant DONT install the needed package to upgrade. >In debian : apt-get update && apt-get upgrade -dy ( download and end >it ) >Then upgrade: apt-get upgrade >If the are package changes, like new added packages then run : apt-get >dist-upgrade >Or run a manual apt-get install packagenames... > >3) The upgrade itself. >If you run a basic config, then you problemy wont have any problem. >If you have any problem while upgrading then you didnt read the >changelogs before the upgrade ;-)... > >Now do the following, look at your screen, you should be able to seen >which parameter is given the problem. > >If you dont see it run : samba-tool testparm > >Still no go, then go here : >http://downloads.van-belle.nl/samba4/Upgrade-info.txt and >go through this file. I contains almost all info you need to know to >find your problem. >Including the links to wiki and samba historical changelogs. >Now look at the smb.conf changes, and review you smb.conf. >If your uable to find it, mail the list, you did your best.. ;-) > >4) After the upgrade. >I cleanup my samba logs, and reboot the server and i review my logs. >Samba logs, syslog, daemonlog. >Even while this should not be needed, i do this so i can make a good >check of my logs >And its also check if you server boots correctly. > > >I hope this helps someone, more questions, mail the list. > >Greetz, > >Louis >Ps. Its no problem to ask question to me personaly, but i preffer the >list, so everbody learns from it. > > >> -----Oorspronkelijk bericht----- >> Van: Stefan G. Weichinger [mailto:lists at xunil.at] >> Verzonden: vrijdag 18 mei 2018 10:04 >> Aan: L.P.H. van Belle >> Onderwerp: Samba 4.8.2 >> >> >> hi, Louis, >> >> I just read through your email to the samba-ml regarding the >> 4.8.2 upgrade >> >> You write "your upgrade will probably end in an error" and something >> around "correct your smb.conf", but I don't get what changes >> to make ... >> >> 2nd: it should be a defensive way to approach this to upgrade one of >2 >> DCs first, right? >> >> thanks, regards, Stefan >> >> >> >> > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba-- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
On Fri, 18 May 2018 14:44:09 +0200 Micha Ballmann via samba <samba at lists.samba.org> wrote:> Is it possible to Mix Samba 4.8.2 with Samba 4.7.7?Yes> > I have three domain controller (up to 10000 users) running on Samba > 4.7.7. > > I want to kill all samba processes of Dc1 and do all necessary steps > for an upgrade to version 4.8.2. Dc2 and Dc2 still running and > providing.If you are using Louis's packages, then you do not need to kill any processes or reboot, the upgrade will do all that is required. The only problem I had was with Bind9 and this was easily fixed by restarting it. Rowland
Hai,
Q) Is it possible to Mix Samba 4.8.2 with Samba 4.7.7?
A) Yes, but i dont advice it.
Q) After a reboot of the upgraded server, (Dc1) is the replication still
working?
A) I dont know, i did not look, after the check of DC1, i directly upgraded DC2.
And after that was done i did check my replication 0 error in my case.
A2 (Rowland's) just restart bind no reboot needed. What you preffer.
Q) Gpos are working?
A) yes, for i without problems, tested with Win7 64B upto Win10 1709, i've
not tested win10 1803 yet.
But i rely on the " acl_xattr:ignore system acls = yes"
parameter.
Please remember that, if you did hit problems.
I suggest have a look here. The compair
https://raw.githubusercontent.com/thctlo/samba4/master/samba-check-set-sysvol.sh
@Rowland good point there.
That should be fixable.
I'll think about this howto add this in the services files so if samba is
restarted bind is restarted also.
What do you think, good idee?
Not tested yet, but im thinking of the following ( in case of systemd )
PartOf=foo.service since partof only links the restarting proces.
The other i think of is
BindsTo= , best to use with After=
If a unit is stopped the other unit also stops.
Or
[Service]
ExecStartPost=/bin/systemctl try-restart bind9.service
Or
In bind9.service.
WantedBy=samba-ad-dc.service
Few ideas here..
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland Penny via samba
> Verzonden: vrijdag 18 mei 2018 15:15
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba 4.8.2
>
> On Fri, 18 May 2018 14:44:09 +0200
> Micha Ballmann via samba <samba at lists.samba.org> wrote:
>
> > Is it possible to Mix Samba 4.8.2 with Samba 4.7.7?
>
> Yes
>
> >
> > I have three domain controller (up to 10000 users) running on Samba
> > 4.7.7.
> >
> > I want to kill all samba processes of Dc1 and do all necessary steps
> > for an upgrade to version 4.8.2. Dc2 and Dc2 still running and
> > providing.
>
> If you are using Louis's packages, then you do not need to kill any
> processes or reboot, the upgrade will do all that is required. The
> only problem I had was with Bind9 and this was easily fixed by
> restarting it.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
On Fri, 2018-05-18 at 14:44 +0200, Micha Ballmann via samba wrote:> Is it possible to Mix Samba 4.8.2 with Samba 4.7.7? > > I have three domain controller (up to 10000 users) running on Samba 4.7.7. > > I want to kill all samba processes of Dc1 and do all necessary steps for an upgrade to version 4.8.2. Dc2 and Dc2 still running and providing. > > After a reboot of the upgraded server, (Dc1) is the replication still working? Gpos are working? > > I cant shutdown all domain controller for the same time, and upgrade them "offline" step by step!If possible, do the upgrade by joining each DC to the domain, rather than upgrading them offline. If you keep upgrading in-place you miss out on some features we only enable on fresh databases, like encrypted secrets (4.8) and sorted links (4.7). As has become amply clear of late, in-place upgrades, while tested as part of our 'make test' are clearly are not as tested as they should be. In any case, replication between 4.7 and 4.8 shouldn't be a problem. I hope this clarifies things, Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba