Michael Tokarev
2022-Oct-29 16:14 UTC
[Samba] Samba 4.16 and 4.17 ubuntu focal and jammy packages
29.10.2022 19:06, Rowland Penny via samba wrote:> On 28/10/2022 11:28, Michael Tokarev via samba wrote:..>> Now, there's one more question. Why it is so risky to upgrade >> to a new samba "major" release?..> Because Samba has an habit of removing, adding or changing things and this leads to old versions of things being left on disk and interfering with the > smooth running of Samba. One that springs to mind is the python 'time', Samba had its own version and then removed it, but the distros didn't. > > Starting with a new OS, also ensures that everything is correct and nothing 'old' is there.Well, I completely disagree with you here. I asked about real-life reasons why samba itself, - unrelated to packaging errors - can not keep its own stuff up and running. Not some theoretical issues and not obvious bug which happened in the past, but something real. Requiring to start anew each time something changes is completely unreasonable. We cam and actually *do* better than that. My question was mostly to Kees who seems to have better understanding of things than you. /mjt
Rowland Penny
2022-Oct-29 16:27 UTC
[Samba] Samba 4.16 and 4.17 ubuntu focal and jammy packages
On 29/10/2022 17:14, Michael Tokarev wrote:> 29.10.2022 19:06, Rowland Penny via samba wrote: >> On 28/10/2022 11:28, Michael Tokarev via samba wrote: > .. >>> Now, there's one more question. Why it is so risky to upgrade >>> to a new samba "major" release? > .. >> Because Samba has an habit of removing, adding or changing things and >> this leads to old versions of things being left on disk and >> interfering with the smooth running of Samba. One that springs to mind >> is the python 'time', Samba had its own version and then removed it, >> but the distros didn't. >> >> Starting with a new OS, also ensures that everything is correct and >> nothing 'old' is there. > > Well, I completely disagree with you here. > > I asked about real-life reasons why samba itself, - unrelated to > packaging errors - can not keep its own stuff up and running. > Not some theoretical issues and not obvious bug which happened > in the past, but something real. > > Requiring to start anew each time something changes is completely > unreasonable. We cam and actually *do* better than that. > > My question was mostly to Kees who seems to have better understanding > of things than you. > > /mjtI was only pointing out, that from experience, it is always better to start with fresh DC when upgrading to a major version of Samba '4.x.0' But what do I know, I have only been here since 2012 and had the honour of joining the Samba team. A Samba AD Domain leads to easily being capable of replacing DC's with new ones, without loosing any data. Rowland
Andrew Bartlett
2022-Oct-30 05:52 UTC
[Samba] Samba 4.16 and 4.17 ubuntu focal and jammy packages
On Sat, 2022-10-29 at 19:14 +0300, Michael Tokarev via samba wrote:> 29.10.2022 19:06, Rowland Penny via samba wrote: > > On 28/10/2022 11:28, Michael Tokarev via samba wrote: > .. > > > Now, there's one more question. Why it is so risky to upgrade > > > to a new samba "major" release? > .. > > Because Samba has an habit of removing, adding or changing things and this leads to old versions of things being left on disk and interfering with the > > smooth running of Samba. One that springs to mind is the python 'time', Samba had its own version and then removed it, but the distros didn't. > > > > Starting with a new OS, also ensures that everything is correct and nothing 'old' is there. > > Well, I completely disagree with you here. > > I asked about real-life reasons why samba itself, - unrelated to > packaging errors - can not keep its own stuff up and running. > Not some theoretical issues and not obvious bug which happened > in the past, but something real.In-place upgrades are fully supported and many users successfully upgrade Samba including between major releases. Samba will self-upgrade the DB format when required. ?There have been occasional bugs with the in-place upgrade, most are fixed with a 'samba-tool dbcheck --reindex', except where you have two spaces in a DN, and those need manual fixing (nobody wrote a dbcheck rule for that). Upgrading over DRS avoids some of those small risks but adds others, that is the DC is (unless newly added) first removed from the domain, then added back in. ?An in-pace upgrade keeps the existing trust account and data.?> Requiring to start anew each time something changes is completely > unreasonable. We cam and actually *do* better than that.The wiki?https://wiki.samba.org/index.php/Upgrading_a_Samba_AD_DC?has some collected wisdom on approaches. Oddly, it doesn't really address the main thing I suggest considering when upgrading Samba major versions, which is to build a new DC with whatever is now the new LTS release of your base OS, add this as new DC, check it is working then demote the old DCs, which avoids loss of redundancy during the upgrade and allows some checking before locking in the new version across the fleet. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba