Upgrading from 4.6.x to 4.7.x AD and member server setup - recommended path

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Upgrading from 4.6.x to 4.7.x AD and member server setup - recommended path

Samba - General mailing list
Hi,

we have three 4.6.x AD servers in a cluster and some member Fileservers. What is the best/savest/recomended upgrade path?

Can I upgrade the AD servers one by one and run a „mixed“ setup for some time (minutes) ? Or do I have to shutdown/disable two of them first, then update the one still up and running and than updates the others?

Thanks for hints and suggestion!

Regards . Götz



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Upgrading from 4.6.x to 4.7.x AD and member server setup - recommended path

Samba - General mailing list
On Sun, 31 Dec 2017 16:18:27 +0100
Götz Reinicke via samba <[hidden email]> wrote:

> Hi,
>
> we have three 4.6.x AD servers in a cluster

What do you mean by 'a cluster' ?

If you mean an actual cluster, how are you doing this and why ?

>and some member
> Fileservers. What is the best/savest/recomended upgrade path?
>
> Can I upgrade the AD servers one by one and run a „mixed“ setup for
> some time (minutes) ?

Hopefully you mean that you just have 3 DCs, if this is the case then
it depends on how you are doing the updates. if you are updating using
packages, then the packages should stop Samba before doing the
update. If you are going to compile Samba yourself, you will need to
use the configure options as originally and stop Samba before running
'make install'.
Either way, I would start with the DC holding all the FSMO roles.
Then the other two DCs, one by one.
 
Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Upgrading from 4.6.x to 4.7.x AD and member server setup - recommended path

Samba - General mailing list


> Am 31.12.2017 um 17:32 schrieb Rowland Penny via samba <[hidden email]>:
>
> On Sun, 31 Dec 2017 16:18:27 +0100
> Götz Reinicke via samba <[hidden email]> wrote:
>
>> Hi,
>>
>> we have three 4.6.x AD servers in a cluster
>
> What do you mean by 'a cluster' ?
>
> If you mean an actual cluster, how are you doing this and why ?
I was a bit misleading, yes, just 3 DCs.

>
>> and some member
>> Fileservers. What is the best/savest/recomended upgrade path?
>>
>> Can I upgrade the AD servers one by one and run a „mixed“ setup for
>> some time (minutes) ?
>
> Hopefully you mean that you just have 3 DCs, if this is the case then
> it depends on how you are doing the updates. if you are updating using
> packages, then the packages should stop Samba before doing the
> update. If you are going to compile Samba yourself, you will need to
> use the configure options as originally and stop Samba before running
> 'make install'.
> Either way, I would start with the DC holding all the FSMO roles.
> Then the other two DCs, one by one.
I’d do the upgrade by rpm.

I did find something in the samba wiki as I had time to google, which says the other way round; starting with a server that dose NOT hols a FSMO.


https://wiki.samba.org/index.php/Updating_Samba#Updating_Multiple_Samba_Domain_Controllers <https://wiki.samba.org/index.php/Updating_Samba#Updating_Multiple_Samba_Domain_Controllers>

If you are updating multiple Samba Active Directory (AD) Domain Controllers (DC), the recommended order is:
Update one Samba AD DC that does not hold any flexible single master operations (FSMO) role.

So thats the way to go ?

And dose all DCs should be shut down at that time?

Regards . Götz



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Upgrading from 4.6.x to 4.7.x AD and member server setup - recommended path

Samba - General mailing list
On Mon, 1 Jan 2018 19:18:51 +0100
Götz Reinicke via samba <[hidden email]> wrote:

>
>
> > Am 31.12.2017 um 17:32 schrieb Rowland Penny via samba
> > <[hidden email]>:
> >
> > On Sun, 31 Dec 2017 16:18:27 +0100
> > Götz Reinicke via samba <[hidden email]> wrote:
> >
> >> Hi,
> >>
> >> we have three 4.6.x AD servers in a cluster
> >
> > What do you mean by 'a cluster' ?
> >
> > If you mean an actual cluster, how are you doing this and why ?
>
> I was a bit misleading, yes, just 3 DCs.
>
> >
> >> and some member
> >> Fileservers. What is the best/savest/recomended upgrade path?
> >>
> >> Can I upgrade the AD servers one by one and run a „mixed“ setup for
> >> some time (minutes) ?
> >
> > Hopefully you mean that you just have 3 DCs, if this is the case
> > then it depends on how you are doing the updates. if you are
> > updating using packages, then the packages should stop Samba before
> > doing the update. If you are going to compile Samba yourself, you
> > will need to use the configure options as originally and stop Samba
> > before running 'make install'.
> > Either way, I would start with the DC holding all the FSMO roles.
> > Then the other two DCs, one by one.
>
> I’d do the upgrade by rpm.
>
> I did find something in the samba wiki as I had time to google, which
> says the other way round; starting with a server that dose NOT hols a
> FSMO.
>
>
> https://wiki.samba.org/index.php/Updating_Samba#Updating_Multiple_Samba_Domain_Controllers
> <https://wiki.samba.org/index.php/Updating_Samba#Updating_Multiple_Samba_Domain_Controllers>
>
> If you are updating multiple Samba Active Directory (AD) Domain
> Controllers (DC), the recommended order is: Update one Samba AD DC
> that does not hold any flexible single master operations (FSMO) role.
>
> So thats the way to go ?
>
> And dose all DCs should be shut down at that time?
>
> Regards . Götz
>
>

To be honest, you shouldn't upgrade the DCs, you should add new a DC
running the latest version of Samba, transfer the FSMO roles to this,
if everything is okay, demote the original DC.
Repeat for the other two DCs (apart from the FSMO roles)

If you must upgrade in place, then I would transfer the FSMO roles to
one of the other DCs, stop the DC, carry out the upgrade and then
restart the DC, transfer the roles back. repeat for the other two.

You can, if you wish, stop all three DCs, the only difference would be
to stop 'cannot replicate to DC X' in the logs.

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Upgrading from 4.6.x to 4.7.x AD and member server setup - recommended path

Samba - General mailing list
In reply to this post by Samba - General mailing list
Hi Götz,

>> Am 31.12.2017 um 17:32 schrieb Rowland Penny via samba <[hidden email]>:
>>
>> On Sun, 31 Dec 2017 16:18:27 +0100
>> Götz Reinicke via samba <[hidden email]> wrote:
>>
>>> Hi,
>>>
>>> we have three 4.6.x AD servers in a cluster
>>
>> What do you mean by 'a cluster' ?
>>
>> If you mean an actual cluster, how are you doing this and why ?
>
> I was a bit misleading, yes, just 3 DCs.
>
>>
>>> and some member
>>> Fileservers. What is the best/savest/recomended upgrade path?
>>>
>>> Can I upgrade the AD servers one by one and run a „mixed“ setup for
>>> some time (minutes) ?
>>
>> Hopefully you mean that you just have 3 DCs, if this is the case then
>> it depends on how you are doing the updates. if you are updating using
>> packages, then the packages should stop Samba before doing the
>> update. If you are going to compile Samba yourself, you will need to
>> use the configure options as originally and stop Samba before running
>> 'make install'.
>> Either way, I would start with the DC holding all the FSMO roles.
>> Then the other two DCs, one by one.
>
> I’d do the upgrade by rpm.
>
> I did find something in the samba wiki as I had time to google, which says the other way round; starting with a server that dose NOT hols a FSMO.
>
>
> https://wiki.samba.org/index.php/Updating_Samba#Updating_Multiple_Samba_Domain_Controllers <https://wiki.samba.org/index.php/Updating_Samba#Updating_Multiple_Samba_Domain_Controllers>
>
> If you are updating multiple Samba Active Directory (AD) Domain Controllers (DC), the recommended order is:
> Update one Samba AD DC that does not hold any flexible single master operations (FSMO) role.
>
> So thats the way to go ?
>
> And dose all DCs should be shut down at that time?

You can upgrade your DC in-place, just be sure to first make a test
upgrade in a sandbox and check that everything is fine after upgrade.
You may want to run a dbcheck --cross-ncs, and use --fix if there are
any error, and check that you db is fine and that there is no more error
after the dbcheck.

About the upgrade order, I usually start upgrades with the DC holding
the FSMO role, I am not aware of any drawbacks.

You may check that you have the latest 4.7.4 rpms. Samba 4.7.4 fixes
quite a few bugs from the older 4.7 series.

If you are upgrading to 4.7, you might double check in your sandbox that
you don't have any duplicate forward link or dangling links after
upgrade (dbcheck will tell you that). If you get this problem, be sure
to know how to clean that up. Actually this is probably the one case
where upgrade by joining a new Samba 4.7 server in your 4.6.x domain and
demoting the 4.6.x afterward might help (I didn't check).

Beware that there are a lot of issues that arise from left-overs after
demoting a DC. With the recent versions of Samba the command line
"samba-tool demote --remove-other-dead-server" is doing a much better
job at cleanup though.

Cheers, happy new year 2018,

Denis

>
> Regards . Götz
>
>
>
>

--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba