Hi SAC,
what is our policy/time line for updating the various VMs to the
recent Debian version?
Has this been discussed perhaps at the Nottingham conference?
Best
Markus
On 11/17/2013 01:26 AM, Markus Neteler wrote:
Hi SAC,
what is our policy/time line for updating the various VMs to the
recent Debian version?
Has this been discussed perhaps at the Nottingham conference?Best
Markus
If we have volunteers, a schedule and a plan then upgrading is good.
I'm not actually sure we finished upgrading all the VMs from 5 to 6 and
this is the first discussion of going to 7.
Priority right now is actually getting our new backup hardware online.
Which would enable some more space for possibly building replacement VMs
in cases where direct upgrades are too complicated.
Thanks,
Alex
On Sun, Nov 17, 2013 at 8:38 PM, Alex Mandel <tech_dev@wildintellect.com> wrote:
On 11/17/2013 01:26 AM, Markus Neteler wrote:
Hi SAC,
what is our policy/time line for updating the various VMs to the
recent Debian version?
Has this been discussed perhaps at the Nottingham conference?Best
MarkusIf we have volunteers, a schedule and a plan then upgrading is good.
I'm not actually sure we finished upgrading all the VMs from 5 to 6
trac and live are still:
Debian GNU/Linux 5.0
the others are Debian 6 except for www.osgeo.org which is an antique RHEL.
and this is the first discussion of going to 7.
Priority right now is actually getting our new backup hardware online.
Any news on that?
Which would enable some more space for possibly building replacement VMs
in cases where direct upgrades are too complicated.
Yes. Still the Deb5 should be brought soon to Deb6 (IMHO).
Markus
Which would enable some more space for possibly building replacement VMs
> in cases where direct upgrades are too complicated.Yes. Still the Deb5 should be brought soon to Deb6 (IMHO).
Markus,
IMHO, we should wait till the backup server work is done, and leapfrog
these to Deb7 (assuming that is the new version you are mentioning).
Are you suggesting the upgrade on general principles or more a concern
about falling behind with security fixes? I'm not sure that we actively
engage in updating for the latest security fixes. That is something we
could likely initiate now without a whole OS upgrade.
Best regards,
Frank
Markus
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/sac
--
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up | Frank Warmerdam,
warmerdam@pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush | Geospatial Software Developer
On Sun, Nov 17, 2013 at 10:10 PM, Frank Warmerdam <warmerdam@pobox.com> wrote:
...
IMHO, we should wait till the backup server work is done, and leapfrog these
to Deb7 (assuming that is the new version you are mentioning).
In the first place I was thinking of Deb5 --> Deb6.
Are you suggesting the upgrade on general principles or more a concern about
falling behind with security fixes?
Yes.
I'm not sure that we actively engage in
updating for the latest security fixes. That is something we could likely
initiate now without a whole OS upgrade.
I actually do security fixes (manually) on all machines regularly
(those I know at least).
Still especially the trac machine is (too) old, see also
http://trac.osgeo.org/osgeo/ticket/592
Certainly that's the tricky update here.
In general I would suggest that SAC adopts a strategy how to deal with
the VM maintenance.
Best regards,
Markus
On Sun, Nov 17, 2013 at 1:18 PM, Markus Neteler <neteler@osgeo.org> wrote:
On Sun, Nov 17, 2013 at 10:10 PM, Frank Warmerdam <warmerdam@pobox.com>
wrote:
...
> IMHO, we should wait till the backup server work is done, and leapfrog
these
> to Deb7 (assuming that is the new version you are mentioning).In the first place I was thinking of Deb5 --> Deb6.
Markus,
Ah, ok. So bringing trac.osgeo.org, and live (really webextra) are the
two that need to be updated.
I'm still in favor of doing this after the backup server is working so we
can easily backup the VMs before an update.
The webextra VM is hopefully not too hard, but we do need to be a bit
careful with Trac since I assume we are not running the stock Trac.
The www.osgeo.org machine running ancient RHEL won't be upgraded, but
hopefully it will soon be replaced with a new web VM at OSU OSL.
> Are you suggesting the upgrade on general principles or more a concern
about
> falling behind with security fixes?Yes.
> I'm not sure that we actively engage in
> updating for the latest security fixes. That is something we could
likely
> initiate now without a whole OS upgrade.I actually do security fixes (manually) on all machines regularly
(those I know at least).
Ah, cool. It might be nice to document this procedure in the wiki with a
brief note on when it was last done, so that others could also assist. Do
you have a sense of how frequently we ought to be doing this? Weekly?
Monthly?
Best regards,
Frank
Still especially the trac machine is (too) old, see also
http://trac.osgeo.org/osgeo/ticket/592Certainly that's the tricky update here.
In general I would suggest that SAC adopts a strategy how to deal with
the VM maintenance.Best regards,
Markus
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/sac
--
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up | Frank Warmerdam,
warmerdam@pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush | Geospatial Software Developer
Frank,
On Sun, Nov 17, 2013 at 10:30 PM, Frank Warmerdam <warmerdam@pobox.com> wrote:
...
The webextra VM is hopefully not too hard, but we do need to be a bit
careful with Trac
right!
since I assume we are not running the stock Trac.
ops, hope that got documented.
The www.osgeo.org machine running ancient RHEL won't be upgraded, but
hopefully it will soon be replaced with a new web VM at OSU OSL.
Looking forward to that since it will also free up money allocated to
the renting of the old server.
...
I actually do security fixes (manually) on all machines regularly
(those I know at least).Ah, cool. It might be nice to document this procedure in the wiki with a
brief note on when it was last done, so that others could also assist.
I do that for years in race condition with Martin Spott 
So it is more effort for me documenting each time the update in the
Wiki rather than just doing it.
Do you have a sense of how frequently we ought to be doing this? Weekly?
Monthly?
I have my friendly apticron report which kindly sends me an email in
case of updates coming in. Upon that I perform the update accordingly.
Likewise Martin AFAIK.
Best
Markus
On 11/17/2013 01:37 PM, Markus Neteler wrote:
Backup machine is racked. OSUOSL has been tight on time so they're going
to give Martin remote access to do the system install. Hopefully we can
get started on it this coming week.
On Sun, Nov 17, 2013 at 10:30 PM, Frank Warmerdam <warmerdam@pobox.com> wrote:
...The webextra VM is hopefully not too hard, but we do need to be a bit
careful with Tracright!
since I assume we are not running the stock Trac.
ops, hope that got documented.
I think LDAP is likely the only non-stock portion. FYI, I think trac is
installed manually via pypi not packages (or conversely we can on a
newer machine). We actually have a clone of the Trac VM Trac2 that's
been sitting around a long time in the hopes someone would have time to
try a Trac upgrade. I can request a re-clone of the current Trac VM if
we want to try upgrading it or we can just build one from scratch on the
newest Debian. We do have the capacity to run an extra VM (more once
Backup is moved) for the purposes of leaving a machine live while
working on an upgrade.
The www.osgeo.org machine running ancient RHEL won't be upgraded, but
hopefully it will soon be replaced with a new web VM at OSU OSL.Looking forward to that since it will also free up money allocated to
the renting of the old server....
I think we all are, I have not heard from Webcom recently on if they are
making progress with the technical issues revolving around Drupal/Php
versions.
I actually do security fixes (manually) on all machines regularly
(those I know at least).Ah, cool. It might be nice to document this procedure in the wiki with a
brief note on when it was last done, so that others could also assist.I do that for years in race condition with Martin Spott
So it is more effort for me documenting each time the update in the
Wiki rather than just doing it.Do you have a sense of how frequently we ought to be doing this? Weekly?
Monthly?I have my friendly apticron report which kindly sends me an email in
case of updates coming in. Upon that I perform the update accordingly.
Likewise Martin AFAIK.Best
Markus
Thanks,
Alex
On Sun, Nov 17, 2013 at 10:37:45PM +0100, Markus Neteler wrote:
On Sun, Nov 17, 2013 at 10:30 PM, Frank Warmerdam <warmerdam@pobox.com> wrote:
...
> The webextra VM is hopefully not too hard, but we do need to be a bit
> careful with Trac
Ok, at least the "webextra" updates is now solved - even though it took
an unexpected turn 
> since I assume we are not running the stock Trac.
ops, hope that got documented.
Actually the primary reason why I didn't touch "trac" so far is the
risk of not having any of the people around for *testing* after update
who will later most certainly blame you for breaking anything.
Do we have a general rule implemented that every project running their
services on OSGeo infrastructure must have at least one maintainer
subscribed to the SAC list ? If that's the case, then I'd simply
announce upgrading one week in advance so every project can arrange
their testing.
> The www.osgeo.org machine running ancient RHEL won't be upgraded, but
> hopefully it will soon be replaced with a new web VM at OSU OSL.Looking forward to that since it will also free up money allocated to
the renting of the old server.
As far as I can tell, we're lacking ressources for porting the Drupal
code to a past-5.3 version.
>> I actually do security fixes (manually) on all machines regularly
>> (those I know at least).
>
> Ah, cool. It might be nice to document this procedure in the wiki with a
> brief note on when it was last done, so that others could also assist.I do that for years in race condition with Martin Spott
Affirmative
I have my friendly apticron report which kindly sends me an email in
case of updates coming in. Upon that I perform the update accordingly.
Likewise Martin AFAIK.
I usually test on one or two local machines. Sometimes I don't ....
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
Big kudos to Martin Spott who fixed the broken OJS installation tonight:
http://www.osgeo.org/journal
pointing to
http://journal.osgeo.org
... back online!
Thanks for this,
Markus