Should I run aptitude full-upgrade or is that handled via Barracuda or Octopus?

Events happening in the community are now at Drupal community events on www.drupal.org.
cwittusen's picture
Posted by cwittusen on September 15, 2011 at 12:12am

I promise I will contribute back to this community not only in what I learn but financially as well; here is my question.

Should I run aptitude full-upgrade or is that handled via Barracuda or Octopus? One thing I do notice when I run my Barracuda and Octopus is that I constantly see the last mirror it contacted but had problems getting packages from, so why doesn't it try another mirror instead since it does clean up /tmp before starting the whole process.

I suspect that I might be missing out due to some of the missing packages (see below) but I'm not sure; I'm contemplating running aptitude full-upgrade on my server as root outside of Barracuda and Octopus but I don't want to mess up anything that these 2 scripts have made so that's why I'm asking if I can do that.

Displaying the last 15 lines of /opt/tmp/aegir-install.log to help troubleshoot this problem.
If you see any error with advice to run 'dpkg --configure -a', run this
command first and choose default answer, then run this installer again.

Err http://mirror.ox.ac.uk lucid-updates/restricted Packages
404 Not Found [IP: 163.1.2.224 80]
Err http://mirror.ox.ac.uk lucid-updates/universe Packages
404 Not Found [IP: 163.1.2.224 80]
Err http://mirror.ox.ac.uk lucid-updates/multiverse Packages
404 Not Found [IP: 163.1.2.224 80]
Err http://mirror.ox.ac.uk lucid-updates/main Sources
404 Not Found [IP: 163.1.2.224 80]
Err http://mirror.ox.ac.uk lucid-updates/restricted Sources
404 Not Found [IP: 163.1.2.224 80]
Err http://mirror.ox.ac.uk lucid-updates/universe Sources
404 Not Found [IP: 163.1.2.224 80]
Err http://mirror.ox.ac.uk lucid-updates/multiverse Sources
404 Not Found [IP: 163.1.2.224 80]
Reading package lists... Barracuda [Tue Sep 13 18:37:32 UTC 2011] ==> INFO: Run apt update again, please wait... aptitude update -y failed. Error (if any): 0

Displaying the last 15 lines of /opt/tmp/aegir-install.log to help troubleshoot this problem.
If you see any error with advice to run 'dpkg --configure -a', run this
command first and choose default answer, then run this installer again.

Err http://mirror.ox.ac.uk lucid-updates/main Sources
404 Not Found [IP: 163.1.2.231 80]
Err http://mirror.ox.ac.uk lucid-updates/restricted Sources
404 Not Found [IP: 163.1.2.231 80]
Err http://mirror.ox.ac.uk lucid-updates/universe Sources
404 Not Found [IP: 163.1.2.231 80]
Err http://mirror.ox.ac.uk lucid-updates/multiverse Sources

Comments

my bad I failed to read this properly

Posted by snlnz on September 15, 2011 at 1:26am
snlnz's picture

After reading the problem again more carefully it looks like the apt sources have changed somehow or the server can't reach that source.

That aside, I am usually reluctant to go upgrading production servers unless it is a very good idea to do so, and when a major BOA release comes out is the time to do that upgrade.

I'd be interested to see what others have to say around the discussion?

OS upgrades

Posted by AquaticDisorder on September 15, 2011 at 12:50am
AquaticDisorder's picture

I thought the idea was to run the Barracuda upgrade script for os upgrades regardless of whether you are upgrading your version of BOA.
I'm looking at - http://drupalcode.org/project/barracuda.git/blob_plain/HEAD:/docs/UPGRAD...

### To upgrade OS/libraries/services and/or optionally Aegir Master Instance to Stable:
#
$ wget -q -U iCab http://files.aegir.cc/versions/BARRACUDA.sh.txt
$ nano BARRACUDA.sh.txt (edit your e-mail address)
$ bash BARRACUDA.sh.txt (say Y/n on prompt for upgrade of hostmaster)

There is a workaround built-in

Posted by omega8cc on September 15, 2011 at 7:57am
omega8cc's picture

Barracuda will test mirrors availability only on initial install and only if you didn't force some mirror your prefer:

###----------------------------------------###
### LOCAL DEBIAN OR UBUNTU MIRROR          ###
###----------------------------------------###
###
### Use this when you prefer to use the mirror
### you know is the best / the fastest for you
### and skip searching around the globe.
###
### _LOCAL_DEBIAN_MIRROR=ftp.au.debian.org
### _LOCAL_UBUNTU_MIRROR=au.archive.ubuntu.com
###
_LOCAL_DEBIAN_MIRROR=""
_LOCAL_UBUNTU_MIRROR=""

Barracuda will never try another apt mirror on upgrade automatically. If the mirror you have picked before no longer works, you can force another mirror by specifying _LOCAL_UBUNTU_MIRROR (for Ubuntu) on Barracuda upgrade. For example: _LOCAL_UBUNTU_MIRROR=archive.ubuntu.com. It will overwrite your /etc/apt/sources.list on the fly and then will use the mirror you just forced.

[EDIT] And yes, you should always use Barracuda for OS/system updates and never run them manually, as it is possible that it could overwrite something Barracuda needs to take care of, etc.

Really, no system updates without Barracuda doing them?!

Posted by jim kirkpatrick on December 9, 2011 at 4:00pm
jim kirkpatrick's picture

@omega8cc: Are you really saying "don't run package updates unless Barracuda does them"? Because I can't accept that as an option -- not keeping a system's packages up to date is terrible advice from a security point of view... Or have I misunderstood?

In just the two months I've been running a BOA setup on my VPS (which is mainly wonderful, thank you very much for your work), there have been several bug fixes and security updates -- many of which are outside Barracuda's realm of PHP/Nginx/MySQL...

What's the best practice here? I've done an 'aptitude full-upgrade' whenever my system tells me packages are available. Didn't Barracuda add its own software sources where possible? I've never had a mirror problem, nor had to fiddle with my software sources. I thought nothing installed via compiled sources is going to be overwritten because Aptitude can handle that situation?

E.g. I recently updated MariaDB because a bug fix was available from Debian (Squeeze). Everything is fine for now, no problems at all - are you saying Barracuda might not work on the next update? Doesn't it work WITH Aptitude/Debian?

Please advise, I'm now a little worried. Thank you in advance.

The upgrade script can be used for just OS updates as well.

Posted by jamiet on December 9, 2011 at 4:43pm
jamiet's picture

When you run the BARRACUDA script you can tell it to only update the os system and related tools and not update the Aegir drupal system. If you run the script interactively it will run an aptitude full-upgrade and then there is a prompt asking if you wish to update the aegir hostmaster instance just say no and it will exit with the os and underlying system updated.

HTH,

JamieT

How do I run the script

Posted by jtbayly on December 9, 2011 at 4:51pm
jtbayly's picture

How do I run the script "interactively"? I don't remember seeing any indication of that being an option while editing the BARRACUDA script.

Also, when I get to the question I posted below related to replacing the /etc/mysql/my.cnf how should I answer?

Thanks,
-Joseph

It runs interactively by

Posted by jamiet on December 9, 2011 at 5:56pm
jamiet's picture

It runs interactively by default as long as AUTOPILOT=NO is set in the script and /or .barracuda.cnf file. With regards to the my.cnf error I am sorry I have not come across that before - was mysqldb installed prior to you running the BARRACUDA install for the first time or did you run on a fresh minimal install?

I see. I've been running it

Posted by jtbayly on December 9, 2011 at 6:06pm
jtbayly's picture

I see. I've been running it interactively then. I've had this system running BARRACUDA from the beginning, and for a long time. I've made it through at least a couple of BARRACUDA (stable) updates, but this one is giving me problems for some reason. I haven't found a single clue for how to fix it, unfortunately. If anything comes to mind for me to try, please let me know.

Thanks,
-Joseph

OK, thanks... but

Posted by jim kirkpatrick on December 9, 2011 at 5:12pm
jim kirkpatrick's picture

Thanks JamieT, good advice... I thought I understood this (as a long-time Linux user) but there are many nuances in a BOA setup to read about... Every time I think I understand the system another exception or config file pops up! Getting there though. Is there ONE mother-list of best practice out there? I've read the documentation and Aegir community site, and many of the scripts themselves, but it seems I'm missing a load of information somewhere.

One last question: So what, apart from using Git/Bazaar etc to get the latest PHP-FPM etc, does the Barracuda script do during an aptitude full-upgrade that I can't do? I wouldn't expect the compiled stuff to be updated between Barracuda versions, so assumed a full-update would be safe in acting only on non-custom packages.

Any tips or links would be fantastic, thank you.

No probs... Within the

Posted by jamiet on December 9, 2011 at 6:04pm
jamiet's picture

No probs...

Within the aptitude full-upgrade barracuda does nothing special however the script is designed to work with the upgrade to ensure all of the self compiled tools still work after the upgrade and if there are any known bugs caused by the upgrade then the script can fix them. To be honest omega8 is probably better placed to describe the extra magic the script does and why it is best to run the script to do OS upgrades as well. I just remember reading in the various discussions that it's best to do it this way.

HTH,

JamieT

P.S. I started with BOA when it was still aegir 0.4.x so I have kinda learnt this stuff as it has grown - I still get thrown for a loop once in a while though. The last time was at upgrade and noticing the .cnf files - it's a great idea and much easier but I had scripts that would download the latest BOA scripts and then string replace the relevant fields and I was wondering why they stopped working ;). Now all we need is to be able to pass the .cnf to the OCTOPUS script - at the moment I have modified my script to swap the .cnf files around so I am updating the right octopus user each time.

Barracuda System Updates

Posted by AquaticDisorder on December 9, 2011 at 5:41pm
AquaticDisorder's picture

AFAICT:

* BOA installs apticron as part of the initial install process.
* When apticron detects system updates we get "apticron has detected that some packages need upgrading".
* We can now use our magical Barracuda script to sort that out as soon as we are ready.
* When we see "You can perform the upgrade by issuing the command: aptitude full-upgrade", remember this is an "apticron report".
* AFAIK apticron is not aware of the BOA upgrade process, so I guess it just gives it's usual generic advice to use "aptitude-update".

This advice (to run system

Posted by omega8cc on December 9, 2011 at 8:18pm
omega8cc's picture

This advice (to run system level upgrades with Barracuda instead of manually) is mainly because otherwise it is possible to overwrite Nginx binary (when apt-get will ship its own new version) and then break it completely until you will run Barracuda again. It is also possible that some system level upgrades could break php-fpm, so Barracuda takes care about it is rebuilds php-fpm for you to guarantee all libs it is using still work etc. It was discussed many times in the Barracuda issues queue.

Thanks

Posted by jim kirkpatrick on December 29, 2011 at 7:15pm
jim kirkpatrick's picture

Thanks Grace. It appears then that 90% of package updates are safe, provided they don't include NginX or PHP-FPM related stuff... But I get it: if in doubt, use the script!

Just wondering, perhaps for the 'wishlist': Since Man page, fonts, grub and kernel stuff has hooks that run after an aptitude update, I wonder if it's possible for Barracuda to add its own hooks so that if the vulnerable parts are updated (NginX, PHP-FPM), a script is run to get the latest and recompile? Would make it largely bomb-proof, though I don't know enough about Aptitude to know if it's possible. Any thoughts?

Best,

Jim

EDIT: I've opened a feature request for this over on the Barracuda issue tracker.

Thank you

Posted by cwittusen on September 15, 2011 at 4:36pm
cwittusen's picture

Thank you for helping me understand the best practice, I thought that it should be done via Barracuda and Octopus but I wanted to make sure; I will try to force another mirror by the example you gave me.

/Chris

Regards,
Chris W

I thought this was happening

Posted by jtbayly on December 8, 2011 at 11:03pm
jtbayly's picture

I thought this was happening to me, because updating Barracuda got completely stuck... twice. So I checked that log file, and the last lines are below:

Configuration file `/etc/mysql/my.cnf'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : background this process to examine the situation
The default action is to keep your current version.
*** my.cnf (Y/I/N/O/D/Z) [default=N] ? q|qexit

I don't get it. Can somebody tell me what's going on?

Thanks,
-Joseph

BOA

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

Hot content this week

See all hot content.