> On Sep 9, 2023, at 00:54, Alessandro Baggi <[email protected]> wrote: >> Il 08/09/23 19:54, Marc Espie ha scritto: >> On Fri, Sep 08, 2023 at 06:36:57PM +0200, Alessandro Baggi wrote: >>> >>> Il 08/09/23 18:24, Peter N. M. Hansteen ha scritto: >>>> On Fri, Sep 08, 2023 at 10:01:45AM +0200, Alessandro Baggi wrote: >>>>> I've a problem. I need to upgrade OpenBSD from 6.5 to 7.3 on an APU2D. >>>>> This >>>>> is a firewall. >>>> >>>> If you are planning to go the supported route and upgrade from release to >>>> release, >>>> you have eight rounds of upgrading ahead. >>> >>> Actually I upgraded from 6.5 to 7.0 and I learned many new things. Wow...I >>> love OpenBSD. >> Please tell us about your experience ! it's probably going to be rather >> interesting. > > The process is really easy
I’ll echo Alessandro’s comments, and add: I’ve been upgrading two OpenBSD Vultr instances since at LEAST 6.4. I can say this authoritatively because I have a directory for each release, with a “Pre” and “Post” file of what to do. I’m actually pretty sure I’ve done it since 6.0, but wasn’t smart enough to keep notes back then. My general process is: * Clone the instance to a new instance * Upgrade the clone and walk through everything in the upgradeXX.html page * sysupgrade * sysmerge * pkg_add -u * pkg_delete -a (check what it does!) * sysclean (confirm what it’s deleting!) * syspatch * reboot * Rinse and repeat until everything comes up cleanly, documenting the things that often have to be handled: * Sysmerge issues (usually pretty straightforward, but sometimes I do wish I could (easily) use sdiff. :-) (it’s pretty easy to do it “manually”, but it took me a few tries to figure it out). * pkg_add -u issues (I’m lookin’ at you, PHP. OMG. I run roundcube, and every other release I have to put back in some extensions to PHP.). <- THIS IS WHERE THE NOTES ARE HELPFUL (doing the same thing over and over again). * The VERY rare “and make sure you do <X> before you even start” type stuff * Take a snapshot * Run the upgrade process with the notes. To date, I’ve never had to revert to the snapshot for a failure. I got WAY behind when OpenSMTPD changes syntax on a bunch of stuff, so I did 6.4->7.1 in like a month. Note, these are my production mail servers (yeah, personal mail servers, but still — the family is NOT happy when mail doesn’t work). The biggest hiccup was having to ask Vultr to mark the instance as an OpenBSD 7.0 instance (which fixed some vm problem causing my instance to reboot randomly). This worked so well, I started to do it for the ALIX/APUs at the house I use for firewalls. Generally, same process. Before that, I had a git repository of installation scripts (I still have that, and used it to go from the ALIX to the APU firewalls, rather than just copying files — keeps the installation bits fresh. :-)). I’ll also say that the more you understand what you’re running on the system, how it’s configured, and how it works, the easier it is when something unexpected happens. So don’t just install using recipes on the web. I mean, it’s fine to use them as a guide, but understand what each step is doing, and why. It really helps a couple of years later when you’re upgrading, and something breaks. Sean
