Actualizar desde NethServer 6

The upgrade from NethServer 6 to NethServer 7 is obtained by means of three methods:

Advertencia

Before running the upgrade procedure, read carefully all the sections of this chapter. Please also read Paquetes descontinuados.

Nota

During the whole upgrade process, all network services will be inaccessible.

Proveedor de cuentas

Hay diferentes escenarios de actualización, dependiendo de cómo se configuró la máquina de origen.

  • Si el sistema fuente era un Controlador de Dominio Primario de NT (la función de servidor Samba era Primary Domain Controller – PDC) o un servidor de archivos independiente (rol era Workstation – WS), refiérase a :ref :pdc-upgrade-section.

  • Si el sistema de origen estaba unido a un dominio de Active Directory (la función de servidor Samba era miembro de Active Directory – ADS), consulte Actualización de miembros de Active Directory.

  • En cualquier otro caso, el servidor LDAP se actualiza automáticamente al proveedor de cuentas LDAP local, preservando usuarios, contraseñas y grupos existentes.

Actualización de Controlador de Dominio Principal y estación de trabajo

After the restore procedure, go to Accounts provider page and select the Upgrade to Active Directory procedure. The button will be available only if network configuration has already been fixed accordingly to the new hardware.

The following accounts are ignored by the upgrade procedure because they are already provided by Samba Active Directory:

  • administrator

  • guest

  • krbtgt

Una dirección IP adicional, libre de la red verde es requerida por el contenedor de Linux para ejecutar el proveedor local de cuentas de Active Directory.

Por ejemplo:

  • server IP (green): 192.168.98.252

  • IP adicional libre en red verde:: 192.168.98.7

Asegúrese de que hay una conexión a Internet:

# curl -I http://packages.nethserver.org/nethserver/
HTTP/1.1 200 OK

Para obtener más información sobre el proveedor local de cuentas de Active Directory, consulte Instalación del proveedor local de Active Directory de Samba.

Shared folder connections may require further adjustment.

Advertencia

Read carefully the Carpetas compartidas section, because the connection credentials may change when upgrading to NethServer 7.

The upgrade procedure preserves user, group and computer accounts.

Advertencia

Users not enabled for Samba in NethServer 6 will be migrated as locked users. To enable these locked users, the administrator will have to set a new password.

Actualización de miembros de Active Directory

After restoring the configuration, join the server to the existing Active Directory domain from the web interface. For more information see Unirse a un dominio de Active Directory existente.

At the end, proceed with data restore.

Advertencia

¡Los alias de correo del servidor AD no se importan automáticamente!

Carpetas compartidas

Las carpetas compartidas se han dividido en dos paquetes:

  • «Shared folders» page configures only Samba SMB shares; it provides data access using CIFS/SMB protocol and can be used to share files among Windows and Linux workstations

  • El panel «Virtual hosts» proporciona acceso HTTP y FTP, ha sido diseñado para alojar sitios web y aplicaciones web

SMB access

In NethServer 7 the SMB security model is based on Active Directory. As consequence when upgrading (or migrating) a file server in Primary Domain Controller (PDC) or Standalone Workstation (WS) role the following rule apply:

When connecting to a shared folder, the NetBIOS domain name must be either prefixed to the user name (i.e. MYDOMAIN\username), or inserted in the specific form field.

The upgrade procedure enables the deprecated 1 NTLM authentication method to preserve backward compatibility with legacy network clients, like printers and scanners.

Advertencia

Fix the legacy SMB clients configuration, then disable NTLM authentication.

  • Edit /var/lib/machines/nsdc/etc/samba/smb.conf

  • Remove the ntlm auth = yes line

  • Restart the samba DC with systemctl -M nsdc restart samba

1

Badlock vulnerability http://badlock.org/

HTTP access

Cada carpeta compartida con acceso a la web configurada en NethServer 6 se puede migrar a un host virtual directamente desde la interfaz web seleccionando la acción Migrar a host virtual. Después de la migración, los datos dentro del nuevo host virtual serán accesibles usando sólo protocolos FTP y HTTP.

See also Virtual hosts for more information about Virtual hosts page.

Mail server

All mailboxes options like SPAM retention and quota, along with ACLs, user shared mailboxes and subscriptions are preserved.

Mailboxes associated to groups with Deliver the message into a shared folder option enabled, will be converted to public shared mailboxes. The public shared folder will be automatically subscribed by all group members, but all messages will be marked as unread.

TLS policy

In NethServer 7 the services configuration can adhere to Política de TLS. Before upgrading, the network clients must be checked against the available policy identifiers.

Advertencia

An old network client can fail to connect if its TLS ciphers are considered invalid

The policy identifier selected by the upgrade procedure depends on the NethServer version and is documented in Notas de lanzamiento 7.

Let’s Encrypt

Let’s Encrypt certificates are restored during the process, but will not be automatically renewed.

After the upgrade process has been completed, access the web interface and reconfigure Let’s Encrypt from the Server certificate page.

Owncloud y Nextcloud

En NethServer 7, Owncloud ha sido sustituido oficialmente por Nextcloud.

However Owncloud 7 is still available to avoid service disruption after the upgrade.

Nota

In case of upgrade from local LDAP to Samba AD, user data inside Owncloud will not be accessible either from the web interface or desktop/mobile clients. In such case, install and migrate to Nextcloud after the upgrade to Samba Active Directory has been completed.

From Nextcloud 13, the migration from Owncloud to Nextcloud is not supported anymore.

Users should replace Owncloud clients with Nextcloud ones 2, then make sure to set the new application URL: https://<your_server_address>/nextcloud.

2

Nextcloud clients download https://nextcloud.com/install/#install-clients

Perl libraries

In NethServer 7, perl library NethServer::Directory has been replaced by NethServer::Password. Please update your custom scripts accordingly.

Example of old code:

use NethServer::Directory;
NethServer::Directory::getUserPassword('myservice', 0);

New code:

use NethServer::Password;
my $password = NethServer::Password::store('myservice');

Documentation available via perldoc command:

perldoc NethServer::Password

Upgrade from backup

  1. Asegúrese de tener una copia de seguridad actualizada de la instalación original.

  2. Install NethServer 7 using the most recent ISO and complete the initial steps using the first configuration wizard. The new machine must have the same hostname of the old one, to access the backup set correctly. Install and configure the backup module.

  3. Restore the configuration backup using the web interface. The network configuration is restored, too! If any error occurs, check the /var/log/messages log file for further information:

    grep -E '(FAIL|ERROR)' /var/log/messages
    
  4. If needed, go to Network page and fix the network configuration accordingly to the new hardware. If the machine was joined to an existing Active Directory domain, read Actualización de miembros de Active Directory.

  5. Complete el procedimiento de restauración con el siguiente comando:

    restore-data -b <name>
    

    where name is the name of the configured data backup.

    Nota

    By default, the name of the backup-data configured on NethServer 6 is backup-data

  6. Check the restore logs:

    /var/log/restore-data.log
    /var/log/messages
    
  7. Each file under /etc/e-smith/templates-custom/ must be manually checked for compatibility with version 7.

Advertencia

Do not reboot the machine before executing the restore-data procedure.

Upgrade with rsync

The process is much faster than a traditional backup and restore, also it minimizes the downtime for the users.

Before starting make sure to have:

  • a running NethServer 6 installation, we will call it original server or source server

  • a running NethServer 7 installation with at least the same disk space of the source server, and latest updates installed; we will call it destination server

  • a working network connection between the two severs

Please also make sure the source server allows root login via SSH key and password.

Sync files

The synchronization script copies all data using rsync over SSH. If the destination server doesn’t have any SSH keys, the script will also a pair of RSA keys and copy the public key to the source server. All directories excluded from the backup data will not be synced.

On the target machine, execute the following command:

screen rsync-upgrade <source_server_name> [ssh_port]

Where

  • source_server_name is the host name or IP of the original server

  • ssh_port is the SSH port of the original server (default is 22)

Example:

screen rsync-upgrade mail.nethserver.org 2222

When asked, insert the root password of the source server, make a coffee and wait patiently.

The script will not perform any action on the source machine and can be invoked multiple times.

Sync and upgrade

If called with -u option, rsync-upgrade will execute a final synchronization and upgrade the target machine.

Example:

screen rsync-upgrade -u mail.nethserver.org 2222

The script will:

  • close access to every network service on the source machine (except for SSH and httpd-admin)

  • execute pre-backup-config and pre-backup-data event on the source machine

  • sync all remaining data

  • execute restore-config on the destination machine

If rsync-upgrade terminates without loosing the network connection,

  1. Disconnect the original ns6 from network, to avoid IP conflict with the destination server

  2. Access the server manager UI and fix the network configuration from the Network page

Otherwise, if during rsync-upgrade the network connection is lost, it is likely that the source and destination servers have an IP conflict:

  1. Disconnect the original ns6 from network,

  2. From a ns7 root console run the command:

    systemctl restart network
    
  3. Then grab the screen device:

    screen -r -D
    

At the end of rsync-upgrade run the following steps:

  1. Si el sistema fuente era un Controlador de Dominio Primario de NT (la función de servidor Samba era Primary Domain Controller – PDC) o un servidor de archivos independiente (rol era Workstation – WS), refiérase a :ref :pdc-upgrade-section.

  2. Si el sistema de origen estaba unido a un dominio de Active Directory (la función de servidor Samba era miembro de Active Directory – ADS), consulte Actualización de miembros de Active Directory.

  3. Go back to the CLI and call the post-restore-data event on the destination machine:

    signal-event post-restore-data
    
  4. Check the restore logs for any ERROR or FAIL message:

    /var/log/restore-data.log
    /var/log/messages
    
  5. Each file under /etc/e-smith/templates-custom/ must be manually checked for compatibility with version 7.

Advertencia

Do not reboot the machine before executing the post-restore-data event.

Upgrade with Upgrade tool

The Upgrade tool module make it possible an in-place upgrade of NethServer from version 6 to version 7 with an automated procedure.

Please refer to the Upgrade tool page of NethServer 6 Administrator Manual.