-
Notifications
You must be signed in to change notification settings - Fork 26
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Document how to resolve noble pre-migration issues
Give a basic overview on the upcoming noble migration and provide specifics on what each issue category means and how to resolve each one, including debugging information to send to support if unsuccessful. Fixes #610.
- Loading branch information
Showing
2 changed files
with
113 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,109 @@ | ||
Preparing for the Noble migration | ||
================================= | ||
|
||
In 2025, SecureDrops will need to be upgraded to the newer Ubuntu Noble (24.04) | ||
operating system. This process will be more straightforward than in the past | ||
as there will be semi-automated and fully automated upgrade processes. | ||
|
||
At this time, the current focus is on ensuring all SecureDrop servers are in a good state | ||
to be ready for the migration. SecureDrop will automatically check some conditions, and report | ||
via an alert in the Journalist Interface and OSSEC alerts if there are issues. | ||
|
||
Getting more details | ||
-------------------- | ||
|
||
If you see the alert in the Journalist Interface or receive an OSSEC alert, you'll | ||
need to :doc:`SSH to the Application and Monitor Servers <../installation/test_the_installation>` | ||
to get more information on what specifically is failing. | ||
|
||
Once logged in, run: | ||
|
||
.. code:: sh | ||
sudo securedrop-noble-migration-check | ||
It will display a number of checks and whether they are failing. For example: | ||
|
||
TK TK | ||
|
||
Steps to address each issue are listed below. If you are unsure what to do, | ||
please :ref:`contact Support <getting_support>`. | ||
|
||
SSH group | ||
--------- | ||
|
||
If this fails, it means the migration code in SecureDrop 2.11.0 did not work. | ||
|
||
To address it, you can run: | ||
|
||
.. code:: sh | ||
sudo securedrop-migrate-ssh-group.py | ||
If that emits an error, please send it and the output of ``getent group ssh`` to | ||
:ref:`Support <getting_support>`. | ||
|
||
ufw package | ||
----------- | ||
|
||
If this fails, it means the migration code in SecureDrop 2.11.0 did not work. | ||
|
||
To address it, you can run: | ||
|
||
.. code:: sh | ||
sudo apt-get purge ufw --yes | ||
If that emits an error, please send it to :ref:`Support <getting_support>`. | ||
|
||
Free space | ||
---------- | ||
|
||
There needs to be enough free space on the server to both make a backup | ||
and download the software updates. | ||
|
||
You can see how much free space is available on your server by running: | ||
|
||
.. code:: sh | ||
df -h | ||
You should be able to safely delete files in ``/var/cache`` to free up space. | ||
|
||
If you have any old sources/submissions that are no longer needed, they should be deleted as well. | ||
|
||
APT sources | ||
----------- | ||
|
||
If this fails, it means an unknown source is being used to install software | ||
on your server. | ||
|
||
Please run: | ||
|
||
.. code:: sh | ||
sudo apt-get indextargets | ||
and send the output to :ref:`Support <getting_support>` immediately, so we can diagnose | ||
the severity. | ||
|
||
Failing systemd units | ||
--------------------- | ||
|
||
If this fails, it means a process monitored by systemd is failing. | ||
|
||
You can see which process is failing by running: | ||
|
||
.. code:: sh | ||
sudo systemctl list-units | ||
Once you know which unit is failing, run: | ||
|
||
.. code:: sh | ||
sudo systemctl status <name> | ||
to get more information about why it failed. | ||
|
||
If you are unsure or need help debugging, please :ref:`contact Support <getting_support>`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters