Upgrade Scripts for non-interactive major release upgrades (2->3, 3->4, 4->5)

  • JFTR. I'm currently working on improving the scripts so if one fails the user can fix an occurring issue and then continue at the point the script left.

    Would be nice indeed...
    In my case, I took esxi snapshots before each upgrade trial. If it failed, I reverted and tried again after some cleanup but I had to redo evrything.

  • I ran upgrade script on my RPI4 OMV 4 install to upgrade it to 5 and had the following problem show up:


    The following NEW packages will be installed:

    apt-show-versions

    0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.

    Need to get 32.6 kB of archives.

    After this operation, 93.2 kB of additional disk space will be used.

    Get:1 https://deb.debian.org/debian buster/main armhf apt-show-versions all 0.22.11 [32.6 kB]

    Fetched 32.6 kB in 0s (150 kB/s)

    Selecting previously unselected package apt-show-versions.

    (Reading database ...

    Preparing to unpack .../apt-show-versions_0.22.11_all.deb ...

    Unpacking apt-show-versions (0.22.11) ...

    Setting up apt-show-versions (0.22.11) ...

    ** initializing cache. This may take a while **

    Error: No information about packages! (Maybe no deb entries?)

    dpkg: error processing package apt-show-versions (--configure):

    installed apt-show-versions package post-installation script subprocess returned error exit status 255

    Processing triggers for man-db (2.8.5-2) ...

    Errors were encountered while processing:

    apt-show-versions

    E: Sub-process /usr/bin/dpkg returned an error code (1)

    run-parts: /root/openmediavault-upgrade-4.7/post.d/50-apt-install exited with return code 100

    root@RPINAS2:~/openmediavault-upgrade-4.7# sudo apt-show-versions

    Error: No information about packages! (Maybe no deb entries?)


    I then checked how far the upgrade had proceeded and it appears to have not upgraded any parts of OMV


    root@RPINAS2:~/openmediavault-upgrade-4.7# dpkg -l | grep openm

    rc openmediavault 4.1.36-1 all openmediavault - The open network attached storage solution

    rc openmediavault-flashmemory 4.2.2 all folder2ram plugin for OpenMediaVault

    ii openmediavault-keyring 1.0 all GnuPG archive keys of the OpenMediaVault archive

    rc openmediavault-omvextrasorg 4.1.16 all OMV-Extras.org Package Repositories for OpenMediaVault


    I'm not sure if this is salvageable. Any suggestions?

  • I ran upgrade script on my RPI4 OMV 4 install to upgrade it to 5 and had the following problem show up:

    Please provide the full log!


    You hit the same bug of apt-show-versions as described here.

    Actually the rc-state means that the package has been removed except for its configuration files. These packages should already been as version 5 here. But again I need the full log to understand what happened.

  • You have a pinning for stretch in /etc/apt/preferences or /etc/apt/preferences.d/*. This leads to packages from stretch having a pin-priority of 900. Unfortunately when openmediavault is to be upgraded by the scripts this pinning leads to packages not being pulled from buster repositories but from stretch thus getting openmediavault removed from your system because of unsatisfiable dependencies:



    Please remove the pinning for stretch (and please send me the pinning entry, so I can find a way to overwrite this in future situations). Then finish the broken installation of apt-show-versions using:


    sudo apt-get -o Acquire::GzipIndexes=false update && sudo apt-get install -f


    If that worked try to install openmediavault:


    sudo apt-get install -t usul openmediavault


    This should pull in OMV5. If it works reinstall omv-extras:


    wget -qO- https://github.com/OpenMediaVault-Plugin-Developers/packages/raw/master/install | sudo bash


    Then run the remaining upgrade scripts:


    . inc/envvars

    sudo run-parts -v --exit-on-error post.d


    which hopefully succeed without any further error. Now you have to install openmediavault-flashmemory.

  • I'm sorry, I'm not sure what change I need to make in the preferences.d directory (there was no preferences directory) to remove the offending pinning entry. I've attached the files from that folder for your reference. The only file I noticed with a 900 priority was the 99raspberrypiorg. pref_files.zippref_files.zip

  • Comment out (means: prefix each of the following lines with a #) in 99raspberrypiorg so it looks like this:

    Code
    #Package: *
    #Pin: release n=stretch, origin httpredir.debian.org
    #Pin-Priority: 900

    This will remove the pin priority for stretch. Then proceed as suggested above.

  • I continued to get installation errors after commenting out the lines in 99raspberrypiorg file. However, the messages led me to believe these were not fatal faults. I then tried to install omv5 but it also faulted out. I ended up installing a new copy of omv5 from scratch and it's back in service.

  • I also had / have problems when trying to upgrade from OMV 3 -> OMV4 -> OMV5
    Upgrade from 3 to 4 works without problems, but after that I tried to do an upgrade from 4 to 5 with "openmediavault-upgrade-4.7"-script and that failed and left back an unusable system.


    The original problem was that I imported a SSL certificate in OMV made by my own CA which seems to be too weak now:

    Code
    nginx: [emerg] SSL_CTX_use_certificate("/etc/ssl/certs/openmediavault-a39391e1-ca69-452a-b0b1-e31adeb24be4.crt") failed (SSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak)

    After that I had a Debian buster system but still old OMV parts?!
    I tried to solve it by changing nginx configuration, removing / purging / reinstalling packages, ... and a lot more.
    My final situation is now, that "apt-get update; apt-get dist-upgrade" doesn't show any error anymore but the OMV part is not installed and I'm unable to install it because it complains about some "salt-minion" dependencies which it cannot solve:


    Does anybody have any idea how to solve it?
    What information / files from my system is/are needed to help me?


    [EDIT]

    I now did the following:
    apt-get install -u -d -o Debug::pkgProblemResolver=true salt-minion=3002.2+ds-1 salt-common=3002.2+ds-1

    and then

    apt-get install -y --no-install-recommends --no-install-suggests -u -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" openmediavault


    that seems to do the job - at least it installs something ;-) (I'll see if it completes it successfully later).


    BTW (a bit OT): back to my original problem, that my CA's certificate is too weak - is it possible to change that without to regenerate all my existing certificates which are signed by this CA?


    [EDIT2]

    it still has configure problems (now with lvm2):

  • After that I had a Debian buster system but still old OMV parts?!

    I tried to solve it by changing nginx configuration, removing / purging / reinstalling packages, ... and a lot more.
    My final situation is now, that "apt-get update; apt-get dist-upgrade" doesn't show any error anymore but the OMV part is not installed and I'm unable to install it because it complains about some "salt-minion" dependencies which it cannot solve:


    Does anybody have any idea how to solve it?
    What information / files from my system is/are needed to help me?

    That's caused by temporarily setting APT::Default-Release. Because OMV provides its own release names it is not pinned by APT::Default-Release as well. So the scripts install OMV by explicitely using -t usul:


    sudo apt-get install -t usul openmediavault


    I'm working on an improvement which will use pinning instead.


    The original problem was that I imported a SSL certificate in OMV made by my own CA which seems to be too weak now:

    Code
    nginx: [emerg] SSL_CTX_use_certificate("/etc/ssl/certs/openmediavault-a39391e1-ca69-452a-b0b1-e31adeb24be4.crt") failed (SSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak)

    BTW (a bit OT): back to my original problem, that my CA's certificate is too weak - is it possible to change that without to regenerate all my existing certificates which are signed by this CA?

    https://www.debian.org/release….en.html#openssl-defaults maybe?


    Although I would recommend to harden your certificate.


    [EDIT2]

    it still has configure problems (now with lvm2):

    You should find out what the problem is: sudo systemctl status lvm2, sudo journalctl -xe. Also the log files may contain useful information.

  • ySorry to be such late with my reaction - I had no time for the OMV server lately :rolleyes:

    Here are the outputs / logs - there are still a lot failures, but they don't seem to be related with lvm?!


    # systemctl status lvm2

    ● lvm2.service

    Loaded: masked (Reason: Unit lvm2.service is masked.)

    Active: inactive (dead)


    Logfile of journalctl -xe is attached, relevant entries from syslog also...




    https://www.debian.org/release….en.html#openssl-defaults maybe?


    Although I would recommend to harden your certificate.

    Yes, I also would like to do that - harden the certificate of my internal CA - but how do I do this without the need to regenerate all my certificates which all have already be signed by that CA?

  • Here are the outputs / logs - there are still a lot failures, but they don't seem to be related with lvm?!

    [..]

    Logfile of journalctl -xe is attached, relevant entries from syslog also...

    I find it quite hard to help you. The upgrade scripts bailed out very early in the minimal upgrade scripts. Then instead of setting the openssl defaults back or asking how to deal with the situation you tried to solve the certificate issue by pondering around with package removals and (re)installations?! I have no idea in which state the system is, or if any of the scripts run after run.d/50-apt-upgrade have been run at all. I think it is salvageable. I'll send you a DM later.


    Yes, I also would like to do that - harden the certificate of my internal CA - but how do I do this without the need to regenerate all my certificates which all have already be signed by that CA?

    Well, the truth probably is: you can't. If the certificates use algorithms, ciphers, or key lengths considered too weak they have to be regenerated.

  • Hi there. Thanks for the upgrade script. I was avoiding upgrading from v4 for a long time but it's become unavoidable.


    I have run the script after a few false starts, and got an apparently successful upgrade - here's the end of the console messages;



    Here's the result of the failed service check;


    omv_release_upgrade_to_buster.2021-03-02-121521.zip log attached


    When I reboot OMV, I get a message in the web gui to apply my configuration changes. I do that then I get this error;


    omv_gui_error.txt


    Can someone please help? This is beyond my pay grade I'm afraid.


    Many thanks

    Industrialist, philanthropist, and uhh.....bicyclist.

  • Hmmm, sorry to do this, replying to my own post.


    It turns out that in OMV4 I had unionFS plugin installed. I uninstalled the plugin prior to the upgrade, but forgot to remove the shares and file systems.


    I deleted these in Services>SMB/CIFS, Storage>File Systems, and also Access Rights Management>Shared Folders (I think), and now I can apply the changes successfully in the GUI.


    Leaving the previous post there in monument to my own carelessness.


    I still have the following errors peppering the system logs which I need to investigate;


    smbd[798]: process_usershare_file: stat of /var/lib/samba/usershares/ufsmedia failed. No such file or directory


    ufsmedia is the name of one of my old unionFS shares.


    EDIT: solved by the solution in this thread - process_usershare_file: stat of /var/lib/samba/usershares failed although I have no idea why.


    Thanks for looking!

    Industrialist, philanthropist, and uhh.....bicyclist.

    Edited once, last by pennypacker ().

  • I tried the upgrade from 4 to 5, but the process stopped after about 45 minutes on an error related to reinstalling OMV extras. I have no GUI access to the server but can still SSH into it. Log attached. Any help?


    Code
    Err:10 http://apt.insynchq.com/debian stretch InRelease
    The following signatures were invalid: EXPKEYSIG A684470CACCAF35C Insynchq Inc <services@insynchq.com>
    Reading package lists... Done
    W: GPG error: http://apt.insynchq.com/debian stretch InRelease: The following signatures were invalid: EXPKEYSIG A684470CACCAF35C Insynchq Inc <services@insynchq.com>
    E: The repository 'http://apt.insynchq.com/debian stretch InRelease' is not signed.
    N: Updating from such a repository can't be done securely, and is therefore disabled by default.
    N: See apt-secure(8) manpage for repository creation and user configuration details.
    run-parts: ./post.d/10-reinstall-omvextras exited with return code 100


    UPDATE: Searched and found this idea:

    Code
    sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys ACCAF35C


    This seemed to resolve the issue. I re-ran the post.d script and it completed!


    That was a sphincter clinching moment!

  • dleidert and anyone else who contributed to this project and support.


    Thanks for this upgrade script. It just went perfectly in my set-up. Since a year I was thinking about upgrading from 4 to 5 but what I always read between the lines was .. this isn't easy. Particular for users like me who have a very limited background in Linux.


    Just two minor issues, not even worth to mention. Emby running in docker was kept but all configuration within emby was gone. But no big deal for me. As Syncthing wasn't ported it also get lost and you have to get used to portainer.


    Thumbs up and thanks!!! All the best

  • dear all,


    I have 502 bad gateway problem when I install the package already.

    It is not upgraded omv4 to 5.

    I can solve the problem with the scripts "sudo mkdir /var/run/php" "sudo apt install --reinstall php-fpm" but after awhile later 502 bad gateway is shown on the screen again.


    Does anyone know a solution for permanently ?



Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!