Upgrading HP-UX 9.x machines to HP-UX 10.20 via "cold install" =========================================== Eric Myers $Revision: 1.15 $ $Date: 1997/03/07 18:18:21 $ This document describes how I upgraded several of our HP workstations running HP-UX 9.05 or 9.07 to HP-UX 10.20 via "cold install" rather than the HP procedure of going to HP-UX 10.01 first. This may not work for you, and you certainly won't be able to do it the exact same way. But these notes might help you plan your own upgrade by this alternate path. Or it will convince you to follow the HP procedure. Some background: according to HP, the procedure for upgrading a machine running HP-UX 9.x to HP-UX 10.20 is to first "upgrade" to HP-UX 10.01, and then to "update" to HP-UX 10.20. Furthermore, if you wish to convert to your filesystems to LVM (Logical Volume Manager) then you will have to re-install HP-UX 10.20 yet again. This is a lot of work -- the manual "Upgrading from HP-UX 9.x to 10.x" says that "you should begin the tasks ... as soon as possible, ideally three to four months before you plan to upgrade the system." The timetables they give for the conversion estimate that it can take days or months to upgrade to 10.20. This is crazy. We have pursued an alternate plan. We saved all files to a standalone rdump(1) tape, then performed a cold installation of 10.20, and then restored user files and other important files (such as /usr/spool and /usr/local) from the tapes. There were many minor adjustments which needed to be made after this, but many similar adjustments would have to have been made if the HP procedure were followed. These instructions apply to the machines used by the High Energy Theoretical Physics group at the University of Michigan, and some are very specific to that installation. You should only use these as a guideline for developing your own plan for upgrading. Items which specifically apply to our installation are marked "[U-M]". The notes assume that you are a knowledgeable system administrator who also knows something about the peculiarities of HP-UX (at least 9.x) and the particular system configuration of the machine which is going to be upgraded. If you don't fit this description then you would do best to follow the standard HP procedure. If you do try this and find something that I missed, or could have described better, please send me a note (myers@umich.edu). PRE-INSTALLATION: The following tasks should be performed before the cold-install of HP-UX 10.20. 1. Save the basic system configuration files, so that you can get the machine up, usable, and back on your network with minimal trouble. The files we have saved are: /etc/passwd /.login /etc/group /.tcshrc /etc/hosts /.logout /etc/resolv.conf /.emacs /etc/motd /.mailrc /etc/nsswitch.conf /.forward /etc/shells /etc/checklist (just for reference) /etc/exports /etc/copyright /etc/csh.login /etc/issue /etc/hosts.equiv /.rhosts /.cshrc /.profile These are not all the files you will want to change or update once you have the new operating system installed; they are only a core set of configuration files which will make it easier to get your machine working correctly more quickly, and you will still have to change some of them. I have written a script called save_config which uses tar to save all of these files to a tar archive in /tmp/`hostname`.tar. This tar file should then be saved on a different machine or on the dump tape (or both!), and then it can simply be unpacked later to replace these files back on the system. 2. Compute filesystem sizes. HP-UX 9.x puts all files on one filesystem on the whole disk. In 10.20, if you are using LVM (and we intend to) then separate filesystems will be on separate Logical Volumes (something like "partitions" on a Sun, only more flexible). It is important to make these Logical Volumes large enough. The installation notes for HP-UX 10.20 claim that the default values will be adequate, and they should be unless you do something unusual (as we did when we didn't include a /opt logical volume, which really caused problems). On the existing 9.x system you can use the `du -sx` command to find the existing size of the directory hierarchies, and make sure that the Logical Volumes are then large enough. For example, to find out the storage used by /home the command is `du -sx /home`. You can only compute the root filesystem size by using `df` to get the amount of storage used on the whole disk, and then subtracting from it the sizes given from running `du` on the separate pieces (and similarly for /usr/local from /usr). If you are installing VUE, as we did (but not CDE) then you will need at least the amount of storage shown here (and probably more): w/ VUE Current Estimated Allocated ======== ======= ========= ========= /home (was /users) -- /usr/local -- /usr 228MB / 16MB (swap) -- /tmp -- /stand 17MB /opt 78MB /var >36MB You can determine the amount of swap space now being used on your present system, in megabytes, by using the command lifls -l /dev/dsk/c201d6s0 (use the appropriate name of the disk, which you can get from the `df` command) and dividing the SWAP size by 4096. Alternatively, you can use `df` to find the size of the filesystem, and if you subtract this from the physical size of the device (if you know it) then the difference is a rough estimate of the swap size. The more swap space you allocate the more virtual memory you can have, but more is not always better. If the virtual memory gets too large then the machine can spend more time paging in and out ("thrashing") than doing useful work. Our existing 9.x machine seem to have a swap size of 200MB, which is more than enough, but probably not too much. The /stand filesystem is new in 10.x; this is where kernel modifications are constructed and the kernel is kept (as /stand/vmunix). Patches and patch information are also kept there. You will probably want to leave room for this to grow to keep configuration and patch information. The /opt filesystem is new in 10.x; this is where "optional" software is stored, which seems to be HP specific products (while /usr is where standard Unix things are kept). Much of VUE is kept here, and presumably CDE too if you load it (we didn't). You will definitely want to allow for expansion here too. Note: /opt is not the same as /usr/local -- think of /opt as a place for HP software, not local non-HP additions. It's important to plan the size of /opt and /usr correctly, especially if you are using LVM with different filesystems on different logical volumes. We loaded the following: Any Language 43MB Fortran - add 15MB C/ANSI - add 31MB w/ X11-Motif Dev, 9MB minimal, 73MB w/ all graphics C++ - add 16MB VUE 80MB HPNP 4MB (HPNP is the JetDirect Network Printer software) The /var filesystem is new in 10.x; this is where system-dependent information such as log files and spool files is kept. The default values seem to be more than enough. 3. Shut down sendmail, so that no new user mail is received during or after the dump. Existing e-mail will be saved to the dump tape. 4. Perform a standalone (level 0) dump of the machine. See the dump/rdump(1) man pages for details. We have used our dodump program to perform this dump, but a single rdump command can do the job. It can take an hour or two. In addition, I also have made a tar archive tape of /users, just in case something happens to the dump tape (knock on wood). 5. Record network information about your machine, as it will be lost when you do the cold-install and you will need it to get the machine working on the network. You will need: Machine Name (short): IP Address: Router Name: Router IP Address: Subnet Mask: DNS Server name: DNS Server IP Address: NIS Domain name (if in use): See /etc/resolv.conf to find your DNS server. [U-M] Our router is randall1.physics.lsa.umich.edu at 141.211.96.1, the subnet mask is 255.255.255.0, and the DNS server is maui.physics.lsa.umich.edu at 141.211.96.15. We are not using NIS. 5. Record the names of printers, and for remote printers the names of the remote machines they are associated with. Printer Remote Host & Printer Name ========= ============================ 6. Make a note of which 'filesystems' are being mounted from other machines, and where, so you can easily restore the mounts when the time comes. Host:Filesystem Mounted at =============== ========== INSTALLATION: Now you are ready for the installation. Power down the system and attach the CD drive. It should be an HP drive (generally made by Toshiba), as not all drives can be used as boot drives. Some people who have had trouble booting from non-HP drives have reported success after using longer SCSI cables or putting the CD last in the SCSI chain, so the problem seems to be in SCSI bus timing. In one instance we found the *opposite* to be true with an HP drive. With the "Install and CORE" CD in the drive, power up the system. While it is booting, interrupt the boot process (generally by pressing the ESC key either continuously or at some point during the boot). Follow the instructions to boot the installation program from the CD. 1. Follow the instructions in the Install program, and in the manual "Installing HP-UX 10.20 and Updating from HP-UX 10.x to 10.20". The only problems we had were due to initially not making the root Logical Volume large enough, but this was because we eliminated /opt, so everything that would go to opt (most of VUE) went to the root partition instead. Everything else went smoothly. You will have to create a filesystem for /usr/local unless you intend to mount it remotely from another machine. The Installation program does not create it automatically. 2. Once the installation has been performed the machine should reboot. The first time it boots you will have to answer a number of questions, mainly to provide the network information you recorded earlier. Once you have done this the machine will come up as a new, virgin HP-UX 10.20 machine. 3. Once you have performed the basic installation, don't forget to install the "Extensions" software from the Extension CD. You will have to mount /SD_CDROM first. This contains patches which were not available when the Core and Install CD was produced. If you mount the Extensions CD on /SD_CDROM then the software source depots will be in /SD_CDROM/10.X/700/10.20 (this slightly was different from where the manual said they would be, but it's easy to figure out the difference). 4. After you have installed the Extensions software you can also install selected software from the Applications CD set. POST-INSTALLATION AND CONFIGURATION: Now to configure the system and restore user files: 1. Shut down sendmail after the boot to prevent any e-mail from being received until you are ready for it, after user e-mail has been restored. You may want to boot the first time without being connected to the network initially to be sure no e-mail comes in. (If it does, you'll just have to be sure you don't overwrite it later.) 2. Copy the `hostname`.tar file created earlier (I used ftp) and extract the configuration files, or update the configuration files "by hand" however you want. Then check them to be sure they apply correctly to the "new" machine. To be safer, you can first copy the save_config script over to this machine and run it to save the exiting virgin configuration of the new machine. Then unpack the tar file of the old configuration. Just don't mix the two up. WARNING: When you unpack your old /etc/passwd it is possible that the shell for the root account is not a good shell for HP-UX 10.20. You should immediately edit /etc/passwd and change the root shell to /sbin/sh. If you don't do this, you may find yourself in single-user mode stumbling around in the dark. I did. The problem seems to be that when using LVM with /usr on a different logical volume, /usr is not yet mounted when root's shell is to be started, so there is no proper shell (and so it throws you into /sbin/sh single user). [U-M] Also, we use a local version of the su command, but this will fail if /usr/local is not mounted. You can get the system su command in any case by using the full path to it: /bin/su. If the hostname in the login prompt is incorrect or too long (you used the fully qualified name instead of the short name) you can change it in /etc/rc.config.d/netconf. 3. In order to use the local tape drive (or the audio device) you may need to include the drivers in the kernel configuration and rebuild the kernel. (I found I needed this if the tape drive was not on the machine when I did the install. If the drive was on the machine while running the install program then it added that driver automagically.) This can be done with SAM. While you are at it, you might as well increase some kernel parameters, such as the stack size (maxssiz - important for Fortran to use large arrays - I raised it to 0X02000000) and the number of open files (nfile - increase by about 150). Rebuilding the kernel requires a reboot. If you reboot, turn off sendmail again until you are ready for it. 4. [U-M] In order for the dump and restore programs to work across the network you should make the following changes/additions to match the configuration of the other machines in our cluster. a. Add an "operator" group to /etc/group, with root and anybody else appropriate in it. Match the group number on the machine with the tape drive (group 9 on dirac). Also, make /etc/logingroup a soft link to /etc/group. b. Change the owner, group and permissions on rdump and rrestore as follows: cd /usr/lbin/fs/hfs chown root dump restore chgrp operator dump restore chmod u+s dump restore chmod o-rx dump restore If you don't do this then rrestore won't work over the network, and hence you won't be able to restore user files. Also, our `dodump` script won't work for making backups. Since we are making these commands 'suid root' we disable them for general users (who don't need to use these anyway -- teach them tar). c. Change the group of /var/adm/dumpdates to "operator", and make it group writable. d. Change the group of the raw LVM device files /dev/vg00/rlvol* to "operator" and make sure they are group readable (not writable). 5. RESTORE. Use restore/rrestore to selectively restore files from the dump tape. If the TAPE variable is set to the proper device (probably /dev/rmt/0mn) then the command is simply restore -i Then give "add" commands for each file or directory to restore, and give the "extract" command to perform the actual extraction. See the restore(1M) man page for more details. Restore at least the following: A. User's Directories In HP-UX 9.x user's files are in /users, but in 10.x they should go in /home. It is useful to make the link ln -s /home /users I found it easiest to create /home/`hostname` and to restore there all at once /users and /etc and /usr/mail, and anything else I thought I might need. It's then a simple matter to move the user's directories up to /home, and you have an on-line copy of your old /etc for comparison. Clean up later when you are done with it. B. Mail Be sure to restore /usr/mail from the dump tape. The mail spool on 10.20 is /var/mail, but there should be a soft link to it by the name of /usr/mail. If there is not, then you can create it. In any case, user mail goes in /var/mail on 10.20. Once you have restored mail you can turn on sendmail (or just wait for it to turn on at the next reboot). If anybody has received e-mail in /var/mail and has mail on the dump tape then you should be careful to catenate the two together, so that you don't loose anything. [U-M] If you are using msgs you should create /var/msgs and make a link to it as /usr/msgs, then restore existing msgs from the dump tape. Be sure to make /usr/msgs and /usr/msgs/bounds world writable. C. Spool Files Any outgoing mail is in /usr/spool/mqueue, but restore it to /var/spool/mail. [U-M] If you keep any log files there you can restore them too. Look for any unprinted printer jobs in /usr/spool/lp/request/*, and restore them so they can be printed. It's probably better (and certainly easier) to re-create the printer queues with SAM rather than trying to restore everything needed from the dump tape. Restore the root cron table from /usr/spool/cron/crontabs/root, but note that the new root crontab is in /var/spool/cron/crontab.root. Instead of overwriting the new one, you probably want to selectively merge in parts of the old one. Also restore any user crontabs. Or not. D. /usr/local Executable files in /usr/local from a 9.x machine should run correctly on a 10.x machine (but not the other way around). [U-M] Instead of restoring /usr/local, mount it from feynman. Of course when feynman goes to 10.20 (last) then restore /usr/local from it. (Also, we will eventually put a copy of /usr/local from feynman on walden, but then mount /usr/local from feyman over it. If feynman goes down then we can mount /usr/local from walden.) E. Other local files or packages: 6. Use SAM to NFS mount filesystems from other machines, or to enable the automounter to mount filesystems from other machines. The automounter is useful for mounting home directories as needed, rather than waiting on them at boot time. Make sure those other machines are exporting to this machine. Unless a filesystem is crucial for operation, you can mount it in the background, as a "soft" mount (it returns an error on failure rather than waiting for the mount to succeed). [U-M] You should be able to mount /usr/local from feynman read-only, at least for testing things out. Note that in 10.20 filesystems to be mounted at boot time are now in /etc/fstab (as they should be), rather than /etc/checklist. 7. Use SAM to export filesystem(s) to other machines, as appropriate, especially /home. Arrange on the other machines to mount these filesystems, if they are not set up to do so already. Remember, /users directories are now on /home, so you will probably have to change the mount points on any other machines still running 9.x, and it's helpful to make links from the old names (/net/whoever/users). 8. To build the manual pages index the command is `catman -w`. You may need to unsetenv MANPATH if there are nonexistent man paths in it. 9. HP-UX 10.x is vulnerable to an external threat of root compromise from the talk/ntalk program (CERT advisory CA-97.04). Disable this by editing /etc/inetd.conf and commenting out the line beginning with "ntalk". Then restart the inetd by giving it a HUP, % kill -HUP where is the process ID of the inetd process (or you can simply wait for the next reboot for this to take effect). A patch should be available from HP shortly (as of 97/1/31). When it is applied, ntalk can be enabled again. 10. NETWORK TIME. Use SAM to set up an NTP Network Time Server and to start NTP. [U-M] The prefered server is surprise.ifs.umich.edu, and the department server maui.physics.umich.edu can be used as an alternate. 11. Install any Applications software needed on your system, from the Applications CD set. [U-M] In our case, this means the FORTRAN compiler, and HPNP. Be sure to have the proper codewords available if the software is protected by codewords. 12. PRINTERS. Use SAM to re-configure printers. 13. [U-M] NEWS. Edit /var/adm/nntp_server (which should now be a link from /usr/local/lib/news/nntp_server) to point to the ITD news server. The LSA newserver is poorly maintained and they expire articles too quickly. The article numbers will be off, so it's best to change from one server to another while going to the new OS. Adding an entry for 'newshost' and/or 'news' in /etc/hosts could also help. Rebuild and install the latest news software (mthreads, nntp-client, and trn). 14. PATCHES. Apply patches for 10.20, or at least the security patches. If you have not installed software from the Extensions CD yet you should do that first, as it also contains important system patches. You can get the latest patches from the HP patch server at http://us.external.hp.com/patches/html/ptc_hpux.html. The patches which I have applied, which are generally for security, are available (at least for a while) at ftp://feynman.physics.lsa.umich.edu/pub/patchs. You can save a lot of work by combining many or all of the patches into one depot, using swcopy. If you have created /tmp/depot for this, then try something like (assuming csh): foreach PATCH ( PH??_???? ) sh $PATCH swcopy -s ${PATCH}.depot \* @ /tmp/depot /bin/rm ${PATCH}.depot /bin/rm ${PATCH}.text /bin/rm ${PATCH} # if you want end You can then use /tmp/depot as the software depot for installing all of the patches together. However, since some of the patches are rather large, this is an easy way to fill /tmp if you do all of them at once. 15. HP-UX 10.20 uses the System V "init" scheme for starting up the system, rather than the /etc/rc file. If there are any tasks you need to start at boot time (which formerly would have been in /etc/rc.local) you will need to create an appropriate start/stop script in /sbin/init.d and then make appropriate links to it from /sbin/rc3.d or elsewhere. For an example script see /sbin/init.d/template, and look at the other scripts there - they all have the same form. For more general information see the init(1) man pages. You probably will have to do this to start license managers for such things as Mathematica and reduce. The script for hpnpd (JetDirect printer daemon) is outdated and does not understand the "start_msg" and 'stop_msg" arguments. Edit it to correct this (using the template file will help). 16. Check and modify any other configuration files which were not included in the first "wave" from the `hostname`.tar file. Candidates are: qpopper -> /etc/popper and fix /etc/inetd.conf /etc/inetd.conf tcpd (TCP wrappers and qpopper) /etc/services POP3 included? /etc/syslog.conf log is now /usr/adm/syslog/syslog.log /usr/lib/aliases msgs, mail forwarding, "bugs" group, etc /usr/local/mathematica/Install/mathpass correct/up to date? root crontab Anything else you have modified locally? 17. Check for any other machine specific variable information in /usr/local or elsewhere and move it to /var. /usr/local/lib/news/nntp_server --> /var/adm/nntp_server /usr/adm/syslog* -> /var/adm/syslog/ TeX fonts for MakeTeXPK? Anything else? 18. Build and install the latest sendmail (currently 8.8.5), so that you have a secure sendmail. The version HP ships is always too old. 19. Get the latest sed from GNU and build and install it. Reports from UseNet say that there is a problem with the HP sed, and that you need GNU sed in order to build gcc. The latest version of GNU sed is 2.05 (version 3.0 was briefly released, but withdrawn). Some reports from UseNet also say you will need the GNU assembler, but I'm not sure of this yet... In any case, you need gas if you want to compile with -g and use a debugger; gcc -g won't work with the HP assembler. 20. Build and install the latest gcc. 21. [U-M] Fortran is in /opt/fortran, but most users don't have that in their path or manpath. Make links from /usr/local/bin to /opt/fortran/bin/... and Make links from /usr/local/man/... to /opt/fortran/share/man/... as appropriate. Do the same for the ANSI C compiler in /opt/ansic 22. Customize VUE for your installation. You do what you want; here's what I have done. First, in /usr/vue/config/Xsession I added VUEHELLO_ARGS=" -file /etc/motd" and then later when $VUEHELLO is invoked I added this argument to it: $VUEHELLO $VUEHELLO_ARGS This will display the /etc/motd file when VUE starts up. I suppose I could have made /etc/copyright a link to /etc/motd instead. Oh well. Next, I edited /usr/vue/config/Xresources and uncommented out the line for Vuelogin*logo*bitmap and made it: Vuelogin*logo*bitmap: /usr/vue/icons/Vuelogin/hpsux.xbm The hpsux.xbm file, put in the place listed above, came from ftp://feynman.physics.lsa.umich.edu/pub/myers/src/etc/hpsux.xbm. I brand my machines with this social commentary when they earn it (this upgrade counts). You can use your own local bitmap if you want. 23. Reserved. 24. [U-M] Create /var/adm/dumpdir and copy local dump software (dodump etc...) and records to there. Make sure /usr/local/adm is a link to it. Make sure that /var/adm/dumpdir is group "operator" and is group writable. Edit dodump.options and make sure the name of the machine with the tape drive is correct. Change the names of the filesystems to be dumped. In 10.20 each filesystem on a separate LVM ( /home /usr /var / /opt ) must be named separately in the list. In order for dump to record the date of the last dump you must create /var/adm/dumpdates (touching the file will do), and it must be writable by the operator group (for operators to be able to perform dumps without being the superuser). 25. Make a new dump of your system, so you have everything saved. DO NOT use the same tape as before, use a different tape. You will want to preserve the other tape for a long while (maybe forever?), so that you can recover anything that might have been missed. ANYTHING ELSE? Good luck! Eric Myers High Energy Theoretical Physics http://feynman.physics.lsa.umich.edu/~myers Department of Physics Tel: 313-763-4325 University of Michigan, Ann Arbor Fax: 313-763-2213