How To Upgrade An Ubuntu 7.10 Server ("The Perfect Setup" + ISPConfig) To Ubuntu 8.04 LTS

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 04/28/2008

This article explains how you can upgrade an Ubuntu 7.10 (Gutsy Gibbon) server to Ubuntu 8.04 LTS (Hardy Heron). I'm using an Ubuntu 7.10 server, set up according to The Perfect Server - Ubuntu Gutsy Gibbon (Ubuntu 7.10) and with ISPConfig installed, with web sites, email and ftp accounts, databases, DNS records, etc., and upgrade it to Ubuntu 8.04 LTS.

I do not issue any guarantee that this will work for you!

1 Preliminary Note

As mentioned in the introduction, my Ubuntu 7.10 server is configured according to The Perfect Server - Ubuntu Gutsy Gibbon (Ubuntu 7.10) and has ISPConfig installed. I have used ISPConfig to set up web sites, email and ftp accounts, databases, DNS records, etc. I have upgraded it to Ubuntu 8.04 LTS and tested the existing web sites, email and ftp accounts, databases, DNS records, etc. as well as ISPConfig afterwards, and I have then set up new web sites, users, databases, DNS records etc. to test the functionality of the server after the distribution upgrade, and found no errors. Everything is working as expected.

Please note that I'm running all commands here as the root user. You can become root by typing:

sudo su

2 Distribution Upgrade To Ubuntu 8.04 LTS Server

First we run

apt-get update

to update the system's package database.

Then we install the package update-manager-core:

apt-get install update-manager-core

To start the distribution upgrade, we type in:

do-release-upgrade

During the upgrade process, the system will ask a few questions which we answer as follows:

root@server1:~# do-release-upgrade
Checking for a new ubuntu release
Done Upgrade tool signature
Done Upgrade tool
Done downloading
extracting '/tmp/tmpZ7bZPg/hardy.tar.gz'
authenticate '/tmp/tmpZ7bZPg/hardy.tar.gz' against '/tmp/tmpZ7bZPg/hardy.tar.gz.gpg'

Reading cache

Checking package manager

Continue running under SSH?

This session appears to be running under ssh. It is not recommended
to perform a upgrade over ssh currently because in case of failure it
is harder to recover.

If you continue, a additional ssh daemon will be started at port
'9004'.
Do you want to continue?

Continue [yN] <-- y
[...]

(Indeed I used SSH to update the system; although the upgrade process tells us that it is not recommended to run the upgrade over SSH, I didn't have any problems; the connection was stable, and I didn't have to go to the console, nor did I have to connect my SSH client to port 9004. If you are having connection problems, please direct your SSH client to port 9004, or use the console, if you have physical access to the system.)

[...]
Done http://de.archive.ubuntu.com hardy-updates/main Packages
Done http://de.archive.ubuntu.com hardy-updates/restricted Packages
Done http://de.archive.ubuntu.com hardy-updates/main Sources
Done http://de.archive.ubuntu.com hardy-updates/restricted Sources
Done http://de.archive.ubuntu.com hardy-updates/universe Packages
Done http://de.archive.ubuntu.com hardy-updates/universe Sources
Done http://de.archive.ubuntu.com hardy-updates/multiverse Packages
Done http://de.archive.ubuntu.com hardy-updates/multiverse Sources
Done downloading

Checking package manager
Reading package lists: Donehardy-security/multiverse Packages: 98
Reading state information: Done
Reading state information: Done
Reading state information: Done

Calculating the changes

Do you want to start the upgrade?


2 packages are going to be removed. 33 new packages are going to be
installed. 406 packages are going to be upgraded.

You have to download a total of 216M. This download will take about 2
minutes with your connection.

Fetching and installing the upgrade can take several hours. Once the
download has finished, the process cannot be cancelled.

 Continue [yN]  Details [d] <-- y

[...]

Configuration file `/etc/mysql/my.cnf'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : background this process to examine the situation
 The default action is to keep your current version.
*** my.cnf (Y/I/N/O/D/Z) [default=N] ? <-- ENTER or N

[...]

Configuration file `/etc/mime.types'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : background this process to examine the situation
 The default action is to keep your current version.
*** mime.types (Y/I/N/O/D/Z) [default=N] ? <-- ENTER or N

[...]

Configuration file `/etc/bind/named.conf'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : background this process to examine the situation
 The default action is to keep your current version.
*** named.conf (Y/I/N/O/D/Z) [default=N] ? <-- ENTER or N

[...]

A new version of configuration file /etc/php5/cli/php.ini is available, but the version installed currently has been locally modified.

What would you like to do about php.ini? <-- keep the local version currently installed

[...]

Configuration file `/etc/apache2/apache2.conf'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : background this process to examine the situation
 The default action is to keep your current version.
*** apache2.conf (Y/I/N/O/D/Z) [default=N] ? <-- ENTER or N

[...]

Configuration file `/etc/apache2/mods-available/dir.conf'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : background this process to examine the situation
 The default action is to keep your current version.
*** dir.conf (Y/I/N/O/D/Z) [default=N] ? <-- ENTER or N

[...]

A new version of configuration file /etc/php5/apache2/php.ini is available, but the version installed currently has been locally modified.

What would you like to do about php.ini? <-- keep the local version currently installed

[...]

Configuration file `/etc/default/saslauthd'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : background this process to examine the situation
 The default action is to keep your current version.
*** saslauthd (Y/I/N/O/D/Z) [default=N] ? <-- ENTER or N

[...]

Searching for obsolete software
Reading package lists: Done
Reading state information: Done
Reading state information: Done
Reading state information: Done

Remove obsolete packages?


18 packages are going to be removed.

 Continue [yN]  Details [d] <-- y

[...]

At the end of the upgrade, a system restart is required:

[...]

System upgrade is complete.

Restart required

To finish the upgrade, a restart is required.
If you select 'y' the system will be restarted.

Restart the system now [yN] <-- y


Broadcast message from root@server1.example.com
        (/dev/pts/0) at 13:14 ...

The system is going down for reboot NOW!
root@server1:~#

After the reboot, you can use your new Ubuntu 8.04 LTS (Hardy Heron) Server.

A

uname -a

shows that you have a new kernel...

root@server1:~# uname -a
Linux server1.example.com 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux
root@server1:~#

3 Additional Steps

The distribution upgrade is now complete, but it is strongly recommended that you follow the next steps to make your setup compatible with ISPConfig:

3.1 Change The Default Shell

Make sure that /bin/sh is a symlink to /bin/bash, not /bin/dash by running:

ln -sf /bin/bash /bin/sh

3.2 Disable AppArmor

AppArmor is a security extension (similar to SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem). Therefore I disable it.

We can disable it like this:

/etc/init.d/apparmor stop
update-rc.d -f apparmor remove

3.3 Saslauthd

Next we must modify the saslauthd configuration a little bit, because otherwise you'll probably get errors like this one when you try to send emails:

Apr 28 13:21:57 server1 postfix/smtpd[5668]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
Apr 28 13:21:57 server1 postfix/smtpd[5668]: warning: unknown[192.168.0.210]: SASL LOGIN authentication failed: generic failure

Open /etc/default/saslauthd and make it look as follows:

vi /etc/default/saslauthd

#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"

# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page for general information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
#OPTIONS="-c -m /var/run/saslauthd"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

Then add the postfix user to the sasl group and restart both Postfix and saslauthd:

adduser postfix sasl
/etc/init.d/postfix restart
/etc/init.d/saslauthd restart

4 Links

• Ubuntu: http://www.ubuntu.com