Introduction
Debian 8 (Jessie) has now gone into Long Term Support (LTS), so in order to take advantage of the latest updates and packages that the OS provides, we need to upgrade the OS to Debian 9 (stretch). At the same time, the version of Access Manager will be upgraded to 1.5.
Access Manager 1.5 will only be available on Debian 9. All new VMs will be built with this OS but for existing customers, you need to follow the below steps to upgrade your VM.
This means that you will not directly be able to upgrade a 1.4 system to 1.5 from the web UI or VMCentre.
This article contains instructions on how to perform this upgrade from a command-line shell.
Please ensure your Access Manager instance is backed up or has a VM snapshot before performing the below.
Pre-requisites
- Your Access Manager system should be on version 1.4-RG7. If it is not, upgrade to this first (which is the final 1.4 release). This release prepares the keys for the new software repositories for Access Manager 1.5.
- Internet access required to download the new operating system and Access Manager packages.
- Access to VM console shell or direct SSH access.
Procedure
Note: If you are using one of our pre-built cloud VMs (AWS, Google Compute, Oracle), ensure you are running all of the below commands as the root user rather than the nervepoint user.
To do this easily, switch to root first by typing: sudo -s
Connect to the VMCentre shell, or via SSH with the root account. Everything in red italics are typed commands:
- Stop the Access Manager service with: /etc/init.d/nervepoint stop
- To stop the service restarting during the OS upgrade, type: touch /tmp/defeat-nervepoint-restart
- rm /etc/apt/sources.list
- echo "deb http://deb.debian.org/debian stretch main contrib" | tee -a /etc/apt/sources.list
- echo "deb http://deb.debian.org/debian-security/ stretch/updates main contrib" | tee -a /etc/apt/sources.list
- echo "deb http://deb.debian.org/debian stretch-updates main contrib" | tee -a /etc/apt/sources.list
- rm /etc/apt/sources.list.d/jessiebackports.list (this file may not exist, so any file not found error here is okay)
- rm /etc/apt/sources.list.d/webupd8team-java.list (this file may not exist, so any file not found error here is okay)
- cd /etc/apt/sources.list.d/
- rm nervepoint*
- echo "deb http://nervepointupdates.s3.amazonaws.com feirefiz main" > nervepointupdates.list
- echo "#deb http://nervepointearlyaccess.s3.amazonaws.com feirefiz main" > nervepointearlyaccess.list
- echo "deb http://logonbox.s3.amazonaws.com apricot main" > logonbox.list
- wget -O - https://nervepointupdates.s3-eu-west-1.amazonaws.com/conf/nervepointupdates.gpg.key | apt-key add -
- apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 112695A0E562B32A 648ACFD622F3D138 0E98404D386FA1D9
- apt update (make sure there are no ERRORs, examine any WARNINGs - it might complain about some python stuff which can safely be ignored. An Error on stretch-updates/main Translation-en is okay).
- apt dist-upgrade. There could be up to 600 upgrade packages, a small amount to remove, none not upgraded. Type Y to start the upgrade.
The dist-upgrade can take some time. During the upgrade you may be asked some of the below questions:
- Console encoding (unlikely you will get prompted for this) but choose the best for your location, probably "western" for Europe/US for example.
- Postfix configuration (does not always get prompted)- Choose no configuration.
- Whether or not to allow certain services to be restarted with asking. Choose Yes by using Tab or Cursor keys and Enter.
- "Incompatible PAM profiles selected". Ignore it and press OK.
- New versions of config files are available, such as grub for example. In general its OK to 'install the package maintainer's version. Although note that if you do this with sshd_config you will not be able to SSH in as root, so you may wish to keep the local version for SSH.
- If you get prompted to install grub, select all devices to install grub to /dev/sda /dev/sda1, /dev/sda2 etcwith the space bar.
When the dist-upgrade completes you may see 'Errors were encountered while processing: nervepoint'. Don't worry about that as this will resolve itself on reboot.
To complete the upgrade:
- Reboot the system by typing: reboot. The system will update the Access Manager database from 1.4 to 1.5.
- Wait for at least 5 minutes for the reboot and upgrade to occur, then reconnect to the system again.
- After the reboot you may find that VMCentre is no longer working. This can be fixed with: rm /root/.bash_profile.
The upgrade from Debian 8 to 9 breaks some things with the keys in the update repository, so we need finish by entering the following commands. - rm /etc/apt/trusted.gpg.d/keyring-nervepointupdates.gpg
- wget -O - https://logonbox-tmp.s3-eu-west-1.amazonaws.com/mysql.key | apt-key add -
- wget -O - https://nervepointupdates.s3-eu-west-1.amazonaws.com/conf/nervepointupdates.gpg.key | apt-key add -
- apt update
You should now have a working 1.5 system.
Note: You may see errors during the upgrade about not being able to install the linux kernel (linux-image) due to insufficient disk space.
This will not stop this upgrade from succeeding, but you may wish to fix this afterwards.
To do this, please refer to this article
then you will be able to upgrade the kernel with: apt-get dist-upgrade again.