雑多なメモの置き場。主にLinuxやCygwin、プログラミングやPCなど。
雑多なメモの置き場。主にLinuxやCygwin、プログラミングやPCなど。
|
ページ更新: 2005-09-18 (日) (5643日前)
(2005-08-06 作成, 未完……記憶が薄れたので) discypus.jpサーバをDebian GNU/Linux 3.0(Woody) から3.1(Sarge)にアップグレードする作業のメモ。 目次 [編集]準備 #[編集]機材、ソフトウェア #
主なソフトウェアのバージョン #あらかじめバージョンを調べておき、トラブルがあったときに対処する。
バックアップ #バックアップ手順
aptの準備 #
# apt-get update Get:1 http://non-us.debian.org sarge/non-US/main Packages [20B] Get:2 http://non-us.debian.org sarge/non-US/main Release [102B] : Fetched 4868kB in 40s (119kB/s) Reading Package Lists... Done Building Dependency Tree... Done # apt-get -d dist-upgrade Reading Package Lists... Done Building Dependency Tree... Done Calculating Upgrade... Done The following packages will be REMOVED: (略) 347 packages upgraded, 110 newly installed, 159 to remove and 13 not upgraded. Need to get 209MB of archives. After unpacking 58.3MB will be used. Do you want to continue? [Y/n] : Fetched 209MB in 15m46s (221kB/s) Download complete and in download only mode
変更点のリストアップ、対策 #パッケージはかなり沢山ある。使用頻度の低いものは消しておいた方がよいかも。 # dpkg --get-selections | wc -l
586
# apt-get -u -s dist-upgrade | tee upgrade-list
Reading Package Lists...
Building Dependency Tree...
:
Conf setserial (2.17-40 Debian:3.1r0/stable)
Conf tcsh-kanji (6.13.00-1 Debian:3.1r0/stable)
Conf vacation (3.3.0 Debian:3.1r0/stable)
# wc -l upgrade-list
1183 upgrade-list
作業全体の方針 #作業はすべてssh経由で行い、ログを採る。ログを見れば設定時の選択肢はある程度わかるし、 そうでなくても *.dpkg-distや*.dpkg-oldを探して、後で設定を直せばよいし。 [編集]apt-get #次の順で実施した。
設定ファイルの修正 #debconfの問いかけで出来た設定ファイル(*.dpkg-old, *.dpkg-new, *.dpkg-dist)を見て、設定ファイルを修正する。 修正が必要(かもしれない)設定ファイルを検索する。 # find /etc -name '*.dpkg*' (略)[編集] 個別の設定メモ #[編集]kernel 2.4 #Pentium Pro/II/III用の2.4系列のカーネルの最新版をインストールする。 # apt-get -u install kernel-image-2.4-686 Reading Package Lists... Done Building Dependency Tree... Done The following extra packages will be installed: coreutils cramfsprogs dash initrd-tools kernel-image-2.4.27-2-686 libacl1 libattr1 libc6 libc6-dev libdb1-compat linux-kernel-headers locales modutils zlib1g zlib1g-dev The following packages will be REMOVED: libnss-db The following NEW packages will be installed: coreutils dash kernel-image-2.4-686 kernel-image-2.4.27-2-686 libacl1 libattr1 libdb1-compat linux-kernel-headers The following packages will be upgraded cramfsprogs initrd-tools libc6 libc6-dev locales modutils zlib1g zlib1g-dev 8 packages upgraded, 8 newly installed, 1 to remove and 483 not upgraded. Need to get 12.3MB/28.7MB of archives. After unpacking 49.4MB will be used. Do you want to continue? [Y/n] : (略) この時点でglibcやinitrd-toolsも最新版に更新される。インストール作業には影響ないので、続行。
kernel 2.6 #Pentium Pro/II/III用の 2.6系列のカーネルの最新版をインストールする。 # apt-get -u install kernel-image-2.6-686 Reading Package Lists... Done Building Dependency Tree... Done The following extra packages will be installed: kernel-image-2.6.8-2-686 module-init-tools The following NEW packages will be installed: kernel-image-2.6-686 kernel-image-2.6.8-2-686 module-init-tools 0 packages upgraded, 3 newly installed, 0 to remove and 483 not upgraded. Need to get 15.6MB of archives. After unpacking 45.5MB will be used. Do you want to continue? [Y/n] : (略)[編集] lilo #/etc/lilo.confを編集 lilo -t でテスト # lilo -t Warning: LBA32 addressing assumed Added 2.4.18-1-686 Added 2.4.27-2-686 * Added 2.6.8-2-686 The boot sector and the map file have *NOT* been altered. liloを実行 # lilo Warning: LBA32 addressing assumed Added 2.4.18-1-686 Added 2.4.27-2-686 * Added 2.6.8-2-686 再起動 # shutdown -r now Broadcast message from root (pts/0) (Wed Aug 17 15:11:22 2005): The system is going down for reboot NOW![編集] hdparm #ハードディスクが遅いと作業が辛いので、先にインストールして設定しておく。 [編集]bind #既存の設定を使ったので、個別に確認 バージョンを確認 # dpkg -s bind9 | grep -i version Version: 1:9.2.4-1 /usr/share/doc/bind9/README.Debian.gzを眺めておく。 [編集]/etc/bind/db.root #ちょっと眺めてみて、入れ替えても問題なさそうだったので、 /etc/bind/db.root.dpkg-distを/etc/bind/db.rootにコピー。 [編集]/etc/bind/named.conf #ファイルを比較。コメントの修正、include "/etc/bind/named.conf.options", include "/etc/bind/named.conf.local"; の2行が追加されている。 # diff -u named.conf named.conf.dpkg-dist | grep '^+'
+++ named.conf.dpkg-dist 2004-09-24 00:25:41.000000000 +0900
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+include "/etc/bind/named.conf.options";
+// zone "com" { type delegation-only; };
+// zone "net" { type delegation-only; };
+// From the release notes:
+// Because many of our users are uncomfortable receiving undelegated answers
+// from root or top level domains, other than a few for whom that behaviour
+// has been trusted and expected for quite some length of time, we have now
+// introduced the "root-delegations-only" feature which applies delegation-only
+// logic to all top level domains, and to the root domain. An exception list
+// should be specified, including "MUSEUM" and "DE", and any other top level
+// domains from whom undelegated responses are expected and trusted.
+// root-delegation-only exclude { "DE"; "MUSEUM"; };
+include "/etc/bind/named.conf.local";
編集。
rndc.key #bind9が起動してるときに/usr/share/doc/bind9/README.Debian.gzを見ながら作成した。 # grep rndc *.conf # ls -l rndc* -rw-r----- 1 bind bind 77 Mar 15 2003 rndc.key # rndc-confgen -r /dev/urandom -a # ls -l rndc* -rw-r----- 1 bind bind 77 Aug 20 00:20 rndc.key すると再起動できなくなった。 # /etc/init.d/bind9 reload rndc: connection to remote host closed This may indicate that the remote server is using an older version of the command protocol, this host is not authorized to connect, or the key is invalid. # /etc/init.d/bind9 stop Stopping domain name service: namedrndc: connection to remote host closed This may indicate that the remote server is using an older version of the command protocol, this host is not authorized to connect, or the key is invalid. あわててバックアップからrndc.keyを元に戻して回避。 /var/log/daemon.logを見ると、ちゃんと再起動できたようだ。 Aug 20 00:29:33 koca named[23344]: starting BIND 9.2.4 -u bind Aug 20 00:29:33 koca named[23344]: using 1 CPU Aug 20 00:29:33 koca named[23346]: loading configuration from '/etc/bind/named.conf' Aug 20 00:29:33 koca named[23346]: no IPv6 interfaces found Aug 20 00:29:33 koca named[23346]: listening on IPv4 interface lo, 127.0.0.1#53 Aug 20 00:29:33 koca named[23346]: listening on IPv4 interface eth0, 192.168.1.2#53 Aug 20 00:29:33 koca named[23346]: command channel listening on 127.0.0.1#953 Aug 20 00:29:33 koca named[23346]: zone 0.in-addr.arpa/IN: loaded serial 1 Aug 20 00:29:33 koca named[23346]: zone 127.in-addr.arpa/IN: loaded serial 1 Aug 20 00:29:33 koca named[23346]: zone 1.168.192.in-addr.arpa/IN: loaded serial 2003091901 Aug 20 00:29:33 koca named[23346]: zone 255.in-addr.arpa/IN: loaded serial 1 Aug 20 00:29:33 koca named[23346]: zone private.discypus.jp/IN: loaded serial 2004071101 Aug 20 00:29:33 koca named[23346]: zone localhost/IN: loaded serial 1 Aug 20 00:29:33 koca named[23346]: running[編集] /etc/default/bind9 #なにも設定されていなかったので、とりあえず放置。 [編集]動作確認 #手元のPCのdigで動作を確認。 $ dig @discypus.jp discypus.jp ; <<>> DiG 9.2.4 <<>> @discypus.jp discypus.jp ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32719 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;discypus.jp. IN A ;; ANSWER SECTION: discypus.jp. 86400 IN A 210.225.196.35 ;; AUTHORITY SECTION: discypus.jp. 86400 IN NS lanza.discypus.jp. discypus.jp. 86400 IN NS ns2.discypus.jp. ;; ADDITIONAL SECTION: ns2.discypus.jp. 86400 IN A 210.225.196.11 lanza.discypus.jp. 86400 IN A 210.225.196.35 ;; Query time: 47 msec ;; SERVER: 210.225.196.35#53(discypus.jp) ;; WHEN: Sat Aug 20 00:41:06 2005 ;; MSG SIZE rcvd: 115[編集] ssh #sshをアップデート # apt-get install ssh Reading Package Lists... Done Building Dependency Tree... Done The following extra packages will be installed: libpam-runtime 2 packages upgraded, 0 newly installed, 0 to remove and 403 not upgraded. (略) 「設定を上書き」を選択、元のファイル(/etc/ssh/sshd_config.dpkg-old)と内容を比較、 外部からsshで繋げることを確認。とりあえず上書きされた/etc/sshd_configをそのまま使うことにした。 # diff -u /etc/ssh/sshd_config.dpkg-old /etc/ssh/sshd_config --- /etc/ssh/sshd_config.dpkg-old 2004-01-01 10:12:28.000000000 +0900 +++ /etc/ssh/sshd_config 2005-08-17 16:03:44.000000000 +0900 @@ -34,7 +34,7 @@ LogLevel INFO #obsoletes QuietMode and FascistLogging -RhostsAuthentication no +#RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts RhostsRSAAuthentication no @@ -72,3 +72,5 @@ #ReverseMappingCheck yes Subsystem sftp /usr/lib/sftp-server + +UsePAM yes[編集] Apache, PHP #
Postfix #
パッケージインストール中の質問: Postfix Configuration Postfix has switched to db4, and this may require maps to be upgraded. Do you want to automatically attempt the conversion? Should Postfix upgrade hash and btree maps? <Yes> <No> Postfix version 2.1 and later require new services in master.cf. Should this configuration be automatically added to master.cf? Decline this option to abort the upgrade, giving you the opportunity to add this configuration yourself. Accept this option to automatically make master.cf compatible with Postfix 2.1 in this respect. Correct master.cf for upgrade? <Yes> <No> Postfix version 2.0.2 and later require changes in dynamicmaps.cf. Specifically, wildcard support is gone, and with it, %s expansion. Any changes that you made to dynamicmaps.cf that relied on these features will need to be fixed by you. Failure to correct these will result in a broken mailer. Should dynamicmaps.cf be automatically changed? Decline this option to abort the upgrade, giving you the opportunity to eliminate wildcard and %s-expansion-dependent configuration. Accept this option if you have no such configuration, and automatically make dynamicmaps.cf compatible with Postfix 2.0.2 in this respect. Correct dynamicmaps.cf for upgrade? <Yes> <No>[編集] main.cf #smtpd_recipient_restrictionsの'check_relay_domains'を'reject_unauth_destination'に置き換え。 チェック # /etc/init.d/postfix check # postconf -n : (略。変更点が反映されてることを確認)[編集] Proftpd #proftpd は 1.2.10-15。 設定ファイルをテスト。 # /usr/sbin/proftpd --configtest Checking syntax of configuration file - Fatal: LsDefaultOptions: deprecated. Use ListOptions instead on line 21 of '/etc/proftpd.conf' LsDefaultOptionsは古いので、ListOptionsを使え、とのこと。 修正して、再度チェック。OK。 # /usr/sbin/proftpd --configtest Checking syntax of configuration file Syntax check complete.[編集] ftpクライアントのためのメモ #ffftp Ver 1.92aなら、ホスト一覧→高度で
関連情報
sysstat ## apt-get install sysstat Reading Package Lists... Done Building Dependency Tree... Done 1 packages upgraded, 0 newly installed, 0 to remove and 405 not upgraded. (略) debconfの質問に答えて、作業完了。 [編集]issue, issue.net #デフォルトのは使わないので、issue.dpkg-dist, issue.net.dpkg-dist を消去して完了。 [編集]smartmontools #[編集]インストール ## apt-get install smartmontools (略)[編集] 動作確認 ## smartctl /dev/hda smartctl version 5.32 Copyright (C) 2002-4 Bruce Allen Home page is http://smartmontools.sourceforge.net/ Warning! Drive Identity Structure error: invalid SMART checksum. SMART support is: Unavailable - device lacks SMART capability. A mandatory SMART command failed: exiting. To continue, add one or more '-T permis sive' options.
WDC WD400AB-32BVA0 # smartctl /dev/hdb smartctl version 5.32 Copyright (C) 2002-4 Bruce Allen Home page is http://smartmontools.sourceforge.net/ SMART Disabled. Use option -s with argument 'on' to enable it. # smartctl -s on /dev/hdb smartctl version 5.32 Copyright (C) 2002-4 Bruce Allen Home page is http://smartmontools.sourceforge.net/ === START OF ENABLE/DISABLE COMMANDS SECTION === SMART Enabled. # smartctl -a /dev/hdb
smartctl version 5.32 Copyright (C) 2002-4 Bruce Allen
Home page is http://smartmontools.sourceforge.net/
=== START OF INFORMATION SECTION ===
Device Model: WDC WD400AB-32BVA0
Serial Number: WD-WMA7F1017041
Firmware Version: 21.01H21
Device is: In smartctl database [for details use: -P show]
ATA Version is: 5
ATA Standard is: Exact ATA specification draft version not indicated
Local Time is: Fri Aug 19 20:11:53 2005 JST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
General SMART Values:
Offline data collection status: (0x82) Offline data collection activity
was completed without error.
Auto Offline Data Collection: Enabled.
Self-test execution status: ( 0) The previous self-test routine completed
without error or no self-test has ever
been run.
Total time to complete Offline
data collection: (2376) seconds.
Offline data collection
capabilities: (0x3b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
Conveyance Self-test supported.
No Selective Self-test supported.
SMART capabilities: (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability: (0x01) Error logging supported.
No General Purpose Logging support.
Short self-test routine
recommended polling time: ( 2) minutes.
Extended self-test routine
recommended polling time: ( 42) minutes.
Conveyance self-test routine
recommended polling time: ( 5) minutes.
SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE
1 Raw_Read_Error_Rate 0x000b 200 200 051 Pre-fail Always - 0
3 Spin_Up_Time 0x0007 105 101 021 Pre-fail Always - 3841
4 Start_Stop_Count 0x0032 099 099 040 Old_age Always - 1063
5 Reallocated_Sector_Ct 0x0032 194 194 112 Old_age Always - 23
7 Seek_Error_Rate 0x000b 200 200 051 Pre-fail Always - 0
9 Power_On_Hours 0x0032 069 069 000 Old_age Always - 22954
10 Spin_Retry_Count 0x0013 100 100 051 Pre-fail Always - 0
11 Calibration_Retry_Count 0x0013 100 100 051 Pre-fail Always - 0
12 Power_Cycle_Count 0x0032 099 099 000 Old_age Always - 1039
196 Reallocated_Event_Count 0x0032 178 178 000 Old_age Always - 22
197 Current_Pending_Sector 0x0012 200 200 000 Old_age Always - 0
198 Offline_Uncorrectable 0x0012 200 200 000 Old_age Always - 0
199 UDMA_CRC_Error_Count 0x000a 200 200 000 Old_age Always - 0
200 Multi_Zone_Error_Rate 0x0009 200 200 051 Pre-fail Offline - 0
SMART Error Log Version: 1
ATA Error Count: 3
CR = Command Register [HEX]
FR = Features Register [HEX]
SC = Sector Count Register [HEX]
SN = Sector Number Register [HEX]
CL = Cylinder Low Register [HEX]
CH = Cylinder High Register [HEX]
DH = Device/Head Register [HEX]
DC = Device Command Register [HEX]
ER = Error register [HEX]
ST = Status register [HEX]
Powered_Up_Time is measured from power on, and printed as
DDd+hh:mm:SS.sss where DD=days, hh=hours, mm=minutes,
SS=sec, and sss=millisec. It "wraps" after 49.710 days.
Error 3 occurred at disk power-on lifetime: 851 hours (35 days + 11 hours)
When the command that caused the error occurred, the device was active or idle.
After command completion occurred, registers were:
ER ST SC SN CL CH DH
-- -- -- -- -- -- --
00 50 08 bd a0 f9 e1 at LBA = 0x01f9a0bd = 33136829
Commands leading to the command that caused the error were:
CR FR SC SN CL CH DH DC Powered_Up_Time Command/Feature_Name
-- -- -- -- -- -- -- -- ---------------- --------------------
30 00 80 0d a7 40 e0 00 00:06:52.550 WRITE SECTOR(S)
30 00 08 91 5f 05 e0 00 00:06:36.450 WRITE SECTOR(S)
30 00 08 01 5f 05 e0 00 00:06:20.350 WRITE SECTOR(S)
30 00 08 bd a0 f9 e1 00 00:06:04.300 WRITE SECTOR(S)
30 00 08 6d 7d 65 e0 00 00:05:48.200 WRITE SECTOR(S)
Error 2 occurred at disk power-on lifetime: 895 hours (37 days + 7 hours)
When the command that caused the error occurred, the device was doing SMART Offline or Self-test.
After command completion occurred, registers were:
ER ST SC SN CL CH DH
-- -- -- -- -- -- --
00 50 08 94 a1 2d a0 at LBA = 0x002da194 = 2990484
Commands leading to the command that caused the error were:
CR FR SC SN CL CH DH DC Powered_Up_Time Command/Feature_Name
-- -- -- -- -- -- -- -- ---------------- --------------------
ca 00 08 ed 7a 30 e0 00 00:07:42.750 WRITE DMA
ca 00 08 ed 7a 30 e0 00 00:07:42.750 WRITE DMA
ca 00 01 ad 2b 41 e2 00 00:07:37.600 WRITE DMA
ca 00 02 8d 2b 41 e2 00 00:07:36.600 WRITE DMA
ca 00 24 6d 84 55 e2 00 00:07:35.600 WRITE DMA
Error 1 occurred at disk power-on lifetime: 642 hours (26 days + 18 hours)
When the command that caused the error occurred, the device was doing SMART Offline or Self-test.
After command completion occurred, registers were:
ER ST SC SN CL CH DH
-- -- -- -- -- -- --
00 50 08 8e a1 2d e0 at LBA = 0x002da18e = 2990478
Commands leading to the command that caused the error were:
CR FR SC SN CL CH DH DC Powered_Up_Time Command/Feature_Name
-- -- -- -- -- -- -- -- ---------------- --------------------
30 00 08 15 29 07 e0 00 00:22:35.000 WRITE SECTOR(S)
30 00 08 15 29 07 e0 00 00:22:35.000 WRITE SECTOR(S)
30 00 08 15 29 07 e0 00 00:22:31.950 WRITE SECTOR(S)
30 00 08 0d fc 6f e3 00 00:22:16.450 WRITE SECTOR(S)
30 00 08 0d fc 6f e3 00 00:22:01.400 WRITE SECTOR(S)
SMART Self-test log structure revision number 1
No self-tests have been logged. [To run self-tests, use: smartctl -t]
Device does not support Selective Self Tests/Logging
#
[編集]設定 #/etc/smartd.confを編集 /etc/default/smartmontools # /etc/init.d/smartmontools
Usage: /etc/init.d/smartmontools {start|stop|restart|reload|force-reload}
# /etc/init.d/smartmontools restart
Not starting S.M.A.R.T. daemon smartd, disabled via /etc/default/smartmontools
# /etc/init.d/smartmontools restart Restarting S.M.A.R.T. daemon: smartd. # man smartctl[編集] qpopper (apop) #2005-09-18 久しぶりにアカウント(仮にnewuserとする)を追加して、さらにAPOPを設定しようとしたらエラー。 # popauth -user newuser POP authentication DB not initialized (exists): /etc/pop.auth 試しに /etc/pop.authをバックアップしてから、popauth -initすると、所有者が変更された。 # cp /etc/pop.auth /etc/pop.auth.old # popauth -init Really initialize POP authentication DB? y # ls -l /etc/pop.auth* -rw------- 1 mail mail 1536 Sep 18 22:59 /etc/pop.auth ★所有者がmailになってる -rw------- 1 root root 1586 Sep 18 22:59 /etc/pop.auth.old ということで、所有者をmailに変更し、mailの権限で実行したらOK。 # chown mail:mail /etc/pop.auth # su mail $ popauth -list ALL (略) $ popauth -user newuser Adding only APOP password for newuser New password: Retype new password: |