2. Upgrading From LOCKSS 2.0-alpha3

This chapter describes how to upgrade the LOCKSS system from 2.0-alpha3 to 2.0-alpha4. If you have been running LOCKSS 2.0-alpha3 (or an earlier 2.x version), we thank you for helping us bring LOCKSS 2.0 closer to fruition through your testing and feedback.

  • If you are installing the LOCKSS 2.0 system for the first time, skip this chapter and proceed to Installing the LOCKSS System.

  • Before you begin upgrading from 2.0-alpha3, we strongly recommend you first bring your operating system up to date by applying security updates and upgrading installed packages.

  • Please note that the upgrade process includes re-running the LOCKSS configuration tool, which will require you to re-enter the PostgreSQL database password.

2.1. Stopping LOCKSS 2.0-alpha3

The first step is to stop the LOCKSS 2.0-alpha3 system.

Log in as the lockss user and run this command in the lockss-installer directory:

scripts/stop-lockss

2.2. Updating the LOCKSS Installer

The next step is to update the LOCKSS installer to its latest version from GitHub.

While still logged in as lockss and in the lockss-installer directory, run these commands:

git checkout master

git pull

2.3. Adjusting File Permissions

Some files stored on disk in 2.0-alpha3 and prior are owned by root.

While still logged in as lockss and in the lockss-installer directory, run this command:

scripts/upgrades/fix-permissions

You may be prompted for the lockss user's sudo password.

2.4. Uninstalling MicroK8s and Snap

After 2.0-alpha3, Microk8s, and therefore Snap (except on Ubuntu), are no longer needed.

While still logged in as lockss and in the lockss-installer directory, run this command:

scripts/upgrades/uninstall-microk8s

You may be prompted for the lockss user's sudo password.

The uninstall-microk8s script will ask you to confirm before uninstalling Snap (snapd). Enter Y for "yes" and N for "no", or simply hit Enter to accept the suggested answer in square brackets.

Caution

On Ubuntu, Snap is used natively by the operating system and should not be uninstalled.

2.5. Restoring Packet Filters

A short-term requirement of 2.0-alpha3 was that frontends to iptables like firewalld or ufw be disabled, to work more smoothly with MicroK8s. This is no longer necessary in most cases, and you should return your system's firewalld or ufw to its original state.

If you had disabled firewalld or ufw to run 2.0-alpha3, select your operating system below and follow the corresponding instructions while still logged in as lockss:

To check if firewalld is running, run this command:

sudo firewall-cmd --state

If it is not running, enable and start it by running this command:

sudo systemctl enable --now firewalld

2.6. Revoking the Extra Privileges of the lockss User

Another short-term requirement of 2.0-alpha3 was that the lockss user have a login password set and be allowed access to sudo. This is no longer needed and we strongly recommend you revoke these extra privileges for better security.

Follow the following steps:

  1. Log out of the lockss user account. You can do this by typing exit or logout, or hitting Ctrl + D on the keyboard.

  2. Log in as a privileged user other than lockss privileged user who can become root via sudo 1.

  3. To invalidate the login password of the lockss user, run this command:

    sudo usermod --lock lockss
    
  4. To revoke the lockss user's access to sudo, select your operating system below and follow the corresponding instructions.

    To revoke the lockss user's access to sudo, run this command:

    sudo gpasswd --delete=lockss wheel
    

2.7. Next Steps

Next, you will need to install K3s, a lightweight Kubernetes environment to replace MicroK8s.

Proceed to the Installing K3s section of the Installing the LOCKSS System chapter, skipping over the earlier sections of the chapter that are not required in an upgrade situation (Creating the lockss User, Installing Git, Downloading the LOCKSS Installer).

Then simply continue following the manual from the Installing K3s section forward. In particular, you will need to re-run the configuration script (see Configuring the LOCKSS System).


Footnotes

1

See Running Commands as a Privileged User.