LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Updating Apache2 on Debian Etch (http://www.linuxquestions.org/questions/linux-server-73/updating-apache2-on-debian-etch-900158/)

Zippy1970 08-29-2011 07:18 PM

Updating Apache2 on Debian Etch
 
I'm running a production webserver on Debian Etch. I have never done a dist-upgrade simply because I'm afraid of doing so and because the server is otherwise running incredibly stable.

Anyway, I saw a security advisory today for Apache2. I'm currently running 2.2.3 so I would really like to upgrade to the latest stable version with the vulnerability - as mentioned in the advisory - patched.

Problem is, I don't know how.

My thought was to download the 2.2.19 sources (the latest stable version) and compile it on my system. Then somehow patch it. But again, I really wouldn't know if that's the way to go.

Could someone please advise how I can get the latest stable and patched version of apache2 running on my Etch system?

Thanks in advance.

jlinkels 08-29-2011 08:51 PM

You won't be happy with this answer.

I seriously warn against upgrading your Etch system to the current stable (Squeeze) when you are not sitting next to your server. As a matter of fact last weekend I did a kernel upgrade from Etch to Squeeze on my server (in my room!) and never mind any trick to set a default in Grub it wouldn't work. Instead, at boot, I was asked to "press a key to continue". Whatever caused this, you don't want to happen this on a server 2 hours driving away from you.

Then about compiling a new Apache version from source: you have a fair chance that too many dependencies fail. Nice libraries like libc6-dev or so where all packages on your system depend upon. Etch is simply too old.

My favorite way for such a fundamental upgrade on a production machine is to install a new machine with the current version of Debian, get the old system's package list with dpkg --get-selections and install those packages on the new computer. Since you are running a server packages exclude complications like sound and video drivers, so you could prepare a new hard disk at home on arbitrary hardware, and then drive down to tje coloc and swap the hard disk. Be prepared for quite some manual tuning of config files though.

Another option is to clone your server to a machine at home, do the dist-upgrades at home, and swap those hard drives when finished.

jlinkels

Zippy1970 08-30-2011 04:28 AM

First of all, thank you for your answer.

Quote:

Originally Posted by jlinkels (Post 4456635)
I seriously warn against upgrading your Etch system to the current stable (Squeeze) when you are not sitting next to your server. As a matter of fact last weekend I did a kernel upgrade from Etch to Squeeze on my server (in my room!) and never mind any trick to set a default in Grub it wouldn't work. Instead, at boot, I was asked to "press a key to continue". Whatever caused this, you don't want to happen this on a server 2 hours driving away from you.

Which is exactly the reason I haven't tried it yet. Although I could handle the "press any key to continue" since I built this server with remote KVM. I could even make BIOS changes remotely if I wanted to. Even so, there are many things that could happen that can't be solved with just a few key presses...

Quote:

Then about compiling a new Apache version from source: you have a fair chance that too many dependencies fail. Nice libraries like libc6-dev or so where all packages on your system depend upon. Etch is simply too old.
I was afraid of that.

Quote:

Another option is to clone your server to a machine at home, do the dist-upgrades at home, and swap those hard drives when finished.
I actually tried creating a clone for use in a VM but have been unsuccessful so far.

I'm trying to avoid building a second server (it's not really money well spent). If the hardware was at the end of its life I wouldn't mind building a new server but its still more than sufficient for what I use it for (Core 2 Duo E6750, 2GB, 2x160GB HDD (RAID 1) as main storage, 500GB HDD for in-system backups, Remote KVM, Remote ON/OFF, built-in 5 Gb switch, etc). Also, Etch is running rock stable but as you said, it's getting too old and security is becoming a concern.

jlinkels 08-30-2011 05:42 AM

Quote:

Originally Posted by Zippy1970 (Post 4456879)
I'm trying to avoid building a second server (it's not really money well spent). If the hardware was at the end of its life I wouldn't mind building a new server but its still more than sufficient for what I use it for (Core 2 Duo E6750, 2GB, 2x160GB HDD (RAID 1) as main storage, 500GB HDD for in-system backups, Remote KVM, Remote ON/OFF, built-in 5 Gb switch, etc). Also, Etch is running rock stable but as you said, it's getting too old and security is becoming a concern.

What I proposed was to put a new hard disk in a temporary machine at home and make at home a clone of your server. Then take out the disk and bring it to your production server.

I have no experience with cloning into a VM image. But ordinary cloning is as easy as setting up the partitions on the empty disk, mount them in a running system and perform rsync. Once done chroot into the copied system and install grub. In your case you would have to create a RAID1 array out of that afterwards (also at home). That used to be easy in Etch and Lenny, but I haven't tried it yet in Squeeze. The difference is grub2.

You are right not wanting to replace the server hardware, but maybe just replacing the disks is an option for you.

jlinkels


All times are GMT -5. The time now is 11:37 AM.