LDS Release 13.09.x

Major changes from previous stable release

  • removed support for Lucid
  • removed support for postgresql 8.4
  • CSRF security fixes
  • XSS security fixes
  • auto removal profiles
  • support for client cloning detection if using a recent client (>= 13.07.1)

  • new graphing system for the monitoring pages
  • quickstart package now does some tuning:
    • on first time installations, runs pgtune on the postgresql configuration file. This doesn't happen during upgrades.
    • tunes the mpm worker and prefork apache modules in the landscape vhost file
  • new alert for landscape cron jobs. If they failed, or didn't run, an alert is raised. Currently these cron jobs are monitored:
    • update_security_db.sh
  • cloud metadata support with an upcoming new client release
  • some API incompatibility changes
  • starting with LDS 13.09.1:

    • fixed upgrade from 12.09.x which would break if there were removed computers
    • make sure the terminate-system API call really removes the computer from the list of provisioned systems
  • starting with LDS 13.09.2:

    • support for udeb packages in repository management
    • sync pocket operations now have an extra field containing the result text of the operation
  • starting with LDS 13.09.3:

    • Ubuntu 14.04 LTS ("trusty") support, including postgresql 9.3

Important changes, new features

This section describes notable changes and new features in more detail.

LDS 13.09.1

The LDS 13.09.1 release is a maintenance release which just has bug fixes. There are no new features. The fixes are:

  • fixed upgrade from 12.09.x which would break if there were removed computers
  • make sure the terminate-system API call really removes the computer from the list of provisioned systems

LDS 13.09.2

The LDS 13.09.2 release has two new features that were backported from the development branch:

  • support for udeb packages in repository management. These are used by the Ubuntu installer.
  • sync pocket operations now have an extra field containing the result text of the operation. Useful when debugging why a sync operation failed, as the activity will now contain the result text from reprepro, the tool used for the operation.

LDS 13.09.3

The LDS 13.09.3 release now supports Ubuntu 14.04 LTS ("trusty") in addition to 12.04 LTS, including postgresql 9.3.

Ubuntu 10.04 LTS (lucid) and Postgresql 8.4 support

The 13.09 release of LDS no longer supports Ubuntu 10.04 LTS (lucid) nor Postgresql 8.4. The only supported Ubuntu release for LDS 13.09.2 and earlier in the 13.09 series is Ubuntu 12.04 (precise) with Postgresql 9.1. The possible deployment options for each LDS release are shown in the table below:

LDS

Postgresql

Ubuntu

11.07

8.4

10.04 LTS (lucid)

12.09.X

8.4 or 9.1

10.04 LTS (lucid) or 12.04 LTS (precise)

13.09.1, 13.09.2

9.1

12.04 LTS (precise)

13.09.3

9.1 or 9.3

12.04 LTS (precise) or 14.04 LTS (trusty)

In order to upgrade your installation to LDS 13.09.X, you will need to be:

  • using LDS 12.09.X
  • running on Ubuntu 12.04 LTS (precise)
  • using Postgresql 9.1

Quickstart auto tuning

The landscape-server-quickstart package does some minimal performance tuning:

  • run pgtune to adjust some Postgresql options on first time installations. Does not happen in upgrades.

  • adjust some mpm prefork and mpm worker parameters in Apache. This is done in the Landscape vhost file and will happen in both first time installations and upgrades.

Client clones detection

LDS 13.09.X has support for detecting cloned clients if they are running a recent release of landscape-client (>= 13.07.1). A cloned client is a new machine that was somehow bootstrapped from an existing registered computer (for example, a VM snapshot). With this new feature, the server will detect this situation and all the clones will become new pending computers instead of creating a storm of resynchronization requests (see this FAQ entry).

Security fixes

Several XSS (Cross Site Scripting) and CSRF (cross site request forgery) issues were fixed in LDS 13.09.X.

API changes

Here are some of the notable API changes in LDS 13.09.X:

  • activity results no longer contain a "children" attribute. To get the children of an activity, use the new search term parent-id. For example, to get all the children activities of activity 123, use landscape-api get-activities --query parent-id:123

  • several API calls had their name parameter removed and replaced by a title one. The actual name will be chosen automatically by the server based on the title, and is present in the result from the call.

  • GetPackages now returns a new field called held, for packages that are being held. The call also has a new parameter to filter on such packages.

  • Starting with LDS 13.09.2, the repository management API calls support udeb packages. Specifically:
    • CreatePocket has a new parameter called include_udeb

    • ListPocket and DiffPullPocket have a new key in their outputs for udeb packages

Package retirement cron job

The package retirement script was removed in LDS 13.09.X. This was never installed by default, but some customers might have been directed to enable it in cron. After upgrading LDS, if you had it enabled in cron that job will start failing because the script no longer exists. It should be removed manually from the crontab in that case.

Upgrading LDS

  • /!\ Remember: you can only upgrade to LDS 13.09.X if you are running LDS 12.09.X on Ubuntu 12.04 LTS (precise) and Postgresql 9.1!!

These notes apply to both quickstart and non-quickstart deployments of LDS:

  • a schema change requires a lot of free disk space:

Change column type for package size and installed size to bigint.
WARNING: This could take several minutes.

You should estimate to have at least double the size of the package database as free disk space. To list the sizes:

psql template1 -c "SELECT pg_database.datname as db_name,pg_size_pretty(pg_database_size(pg_database.datname)) AS size FROM pg_database;"
  • another schema change could take a long time to run depending on how many different packages exist in the database:

Remove unknown package ids from the computer_packages table.
WARNING: This could take several minutes.
  • the diskstore configuration key can be removed from /etc/landscape/service.conf

  • the directory pointed at by the diskstore configuration key can be removed as well. Depending on the age of your installation, it can contain several gigabytes of cached monitoring images, used in the old graph system

Quickstart upgrade notes

Select new version in your hosted account and upgrade the packages, replying with N to any dpkg questions about configuration files so the existing files stay untouched.

If you were instructed to enable the so called package retirement cron job, you will have to remove it. That job is no longer necessary and is not even shipped anymore in the new packages. If its cron entry is left enabled, it will fail in every run, but no harm will be done.

After the upgrade, you can also perform these optional steps:

  • remove obsolete packages that are no longer required by LDS, if they are still installed:

  sudo apt-get remove python-zope3 clouddeck rrdtool python-commandant
  • you can also remove the /opt/canonical/zope3 directory and its contents if it exists

Non-quickstart upgrade notes

  • stop all landscape services on all machines that make up your non-quickstart deployment, except the database service
  • install new database dependencies on the database server if upgrading from 12.09.X:

   sudo apt-get install postgresql-contrib-9.1 postgresql-9.1-debversion
  • add [package-search] section to /etc/landscape/service.conf if upgrading from 12.09.X:

  [package-search]
  port = 9099
  stores = main package resource-1
  pid-path = /var/run/landscape/landscape-package-search-1.pid
  account-threshold = 100000
  • {i} It's basically disabled because of account-threshold, but the section needs to exist and the service needs to run

  • remove the [clouddeck] section from /etc/landscape/service.conf if upgrading from 12.09.X

  • update the LDS packages via sudo apt-get update && sudo apt-get dist-upgrade after selecting the new version in your hosted account. Reply with N to any dpkg questions regarding configuration files, so the original file is kept in place.

  • if UPGRADE_SCHEMA was disabled in /etc/default/landscape-server, services will fail to start after the packages are upgraded. That's normal. Run the schema upgrade command manually now and then the apt fix command:

  sudo setup-landscape-server
  sudo apt-get -f install
  sudo lsctl start
  • remove obsolete packages that are no longer required by LDS if they are still installed:

  sudo apt-get remove python-zope3 clouddeck rrdtool python-commandant
  • you can also remove the /opt/canonical/zope3 directory and its contents if it still exists

  • repeat the process on all non-database machines part of the non-quickstart deployment
  • if you were instructed to enable the so called package retirement cron job, you will have to remove it. That job is no longer necessary and is not even shipped anymore in the new packages. If its cron entry is left enabled, it will fail in every run, but no harm will be done.

Please look here

Upgrading from Ubuntu 12.04 LTS ("precise") to Ubuntu 14.04 LTS ("trusty")

If you have LDS 13.09.X installed on Ubuntu 12.04 LTS ("precise") and whish to upgrade to trusty, these are the broad steps:

  • still on precise, upgrade to LDS 13.09.3 or higher in the 13.09.X series
  • instruct the Ubuntu release upgrade tool to not disable 3rd party repositories:

sudo mkdir -p /etc/update-manager/release-upgrades.d
sudo sh -c 'echo "[Sources]\nAllowThirdParty=yes" >> /etc/update-manager/release-upgrades.d/allow.cfg'
  • if your landscape apache vhost configuration file in /etc/apache2/sites-available and the symlink in /etc/apache2/sites-enabled do not end in *.conf, you should rename them now so they end with *.conf, because that's what the apache2 package expects in Ubuntu 14.04 LTS ("trusty"). If it doesn't end in *.conf, the file won't be loaded in trusty.

  • If you are not using the quickstart package, you will have to update your landscape apache vhost configuration file, usually /etc/apache2/sites-available/landscape.conf, to contain these two extra lines in the <Directory "/"> block, in both the HTTP and the HTTPS vhosts:

     Require all granted
     Satisfy Any

For example:

    <Directory "/">
      Options +Indexes
      Order deny,allow
      Allow from all
      Require all granted
      Satisfy Any
      ErrorDocument 403 /static/offline/unauthorized.html
      ErrorDocument 404 /static/offline/notfound.html
    </Directory>
  • perform the normal release upgrade

To fully upgrade to Ubuntu 14.04 LTS ("trusty"), you should also perform a database migration. Read the next section.

Upgrading the database from postgresql 9.1 to 9.3

If you upgraded your LDS installation from precise to trusty, you were left with LDS 13.09.3 running on trusty, but on the old 9.1 postgresql database from precise. To upgrade the database to 9.3, follow these steps:

  • Install the postgresql 9.3 packages:

sudo apt-get install postgresql-9.3 postgresql-contrib-9.3 postgresql-plpython-9.3 postgresql-9.3-debversion
  • Stop the Landscape services:

sudo lsctl stop
  • Edit /etc/default/landscape-server and set RUN_CRON to "no"

  • If the precise to trusty upgrade created a 9.3 database cluster, drop it:

sudo pg_lsclusters                   # to check if a "9.3 main" cluster exists
sudo pg_dropcluster --stop 9.3 main  # to drop the cluster. Please check it's an empty one!
  • Initiate the database cluster upgrade. Make sure you have enough disk space to hold at least two copies of the cluster (by default under /var/lib/postgresql):

sudo pg_upgradecluster 9.1 main
  • Re-enable the Landscape cron jobs by editing /etc/default/landscape-server and setting RUN_CRON back to "yes"

  • Start the Landscape services:

sudo lsctl start
  • Inspect your Landscape service. Browse, create activities, check existing monitoring data, etc. Once satisfied the upgrade went smoothly, you can drop the old 9.1 database cluster if you want:

sudo pg_dropcluster 9.1 main

LDS/ReleaseNotes13.09 (last edited 2014-08-21 07:09:58 by ahasenack)