2. Upgrading From LOCKSS 2.0-alpha3
This chapter describes how to upgrade the LOCKSS system from 2.0-alpha3 to 2.0-alpha4. If you have been running LOCKSS 2.0-alpha3 (or an earlier 2.x version), we thank you for helping us bring LOCKSS 2.0 closer to fruition through your testing and feedback.
If you are installing the LOCKSS 2.0 system for the first time, skip this chapter and proceed to Installing the LOCKSS System.
Before you begin upgrading from 2.0-alpha3, we strongly recommend you first bring your operating system up to date by applying security updates and upgrading installed packages.
Please note that the upgrade process includes re-running the LOCKSS configuration tool, which will require you to re-enter the PostgreSQL database password.
Chapter Overview
2.1. Stopping LOCKSS 2.0-alpha3
The first step is to stop the LOCKSS 2.0-alpha3 system.
Log in as the lockss
user and run this command in the lockss-installer
directory:
scripts/stop-lockss
2.2. Updating the LOCKSS Installer
The next step is to update the LOCKSS installer to its latest version from GitHub.
While still logged in as lockss
and in the lockss-installer
directory, run these commands:
git checkout master
git pull
2.3. Adjusting File Permissions
Some files stored on disk in 2.0-alpha3 and prior are owned by root
.
While still logged in as lockss
and in the lockss-installer
directory, run this command:
scripts/upgrades/fix-permissions
You may be prompted for the lockss
user's sudo password.
2.4. Uninstalling MicroK8s and Snap
After 2.0-alpha3, Microk8s, and therefore Snap (except on Ubuntu), are no longer needed.
While still logged in as lockss
and in the lockss-installer
directory, run this command:
scripts/upgrades/uninstall-microk8s
You may be prompted for the lockss
user's sudo password.
The uninstall-microk8s script will ask you to confirm before uninstalling Snap (snapd). Enter Y for "yes" and N for "no", or simply hit Enter to accept the suggested answer in square brackets.
Caution
On Ubuntu, Snap is used natively by the operating system and should not be uninstalled.
2.5. Restoring Packet Filters
A short-term requirement of 2.0-alpha3 was that frontends to iptables like firewalld or ufw be disabled, to work more smoothly with MicroK8s. This is no longer necessary in most cases, and you should return your system's firewalld or ufw to its original state.
If you had disabled firewalld or ufw to run 2.0-alpha3, select your operating system below and follow the corresponding instructions while still logged in as lockss
:
To check if firewalld is running, run this command:
sudo firewall-cmd --state
If it is not running, enable and start it by running this command:
sudo systemctl enable --now firewalld
This operating system does not have a firewall on by default, so no particular action is required.
This operating system does not have a firewall on by default, so no particular action is required.
To check if firewalld is running, run this command:
sudo firewall-cmd --state
If it is not running, enable and start it by running this command:
sudo systemctl enable --now firewalld
To check if firewalld is running, run this command:
sudo firewall-cmd --state
If it is not running, enable and start it by running this command:
sudo systemctl enable --now firewalld
To check if ufw is running, run this command:
sudo ufw status
If it is not active, enable and start it by running this command:
sudo ufw enable
2.6. Revoking the Extra Privileges of the lockss
User
Another short-term requirement of 2.0-alpha3 was that the lockss
user have a login password set and be allowed access to sudo. This is no longer needed and we strongly recommend you revoke these extra privileges for better security.
Follow the following steps:
Log out of the
lockss
user account. You can do this by typingexit
orlogout
, or hitting Ctrl + D on the keyboard.Log in as a privileged user other than
lockss
privileged user who can become root via sudo 1.To invalidate the login password of the
lockss
user, run this command:sudo usermod --lock lockss
To revoke the
lockss
user's access to sudo, select your operating system below and follow the corresponding instructions.To revoke the
lockss
user's access to sudo, run this command:sudo gpasswd --delete=lockss wheel
To revoke the
lockss
user's access to sudo, run this command:sudo gpasswd --delete=lockss sudo
To revoke the
lockss
user's access to sudo, run this command:sudo gpasswd --delete=lockss sudo
To revoke the
lockss
user's access to sudo, run this command:sudo gpasswd --delete=lockss wheel
To revoke the
lockss
user's access to sudo, run this command:sudo gpasswd --delete=lockss wheel
To revoke the
lockss
user's access to sudo, run this command:sudo gpasswd --delete=lockss sudo
2.7. Next Steps
Next, you will need to install K3s, a lightweight Kubernetes environment to replace MicroK8s.
Proceed to the Installing K3s section of the Installing the LOCKSS System chapter, skipping over the earlier sections of the chapter that are not required in an upgrade situation (Creating the lockss User, Installing Git, Downloading the LOCKSS Installer).
Then simply continue following the manual from the Installing K3s section forward. In particular, you will need to re-run the configuration script (see Configuring the LOCKSS System).
Footnotes