Help - Attempted debian squeeze to wheezy distupgrade - cant restore virtual server backups.

Running Virtualmin 4.04gpl (latest version). 4 virtual servers. DNS, Dovecot email server, and 20 users stored in LDAP directory. Running on an openvz debian 6 squeeze VPS container, on a Centos 5 hardware node which is running kernel 2.6.18.

I attempted to perform the steps in the virtualmin documentation, to upgrade the VPS container from debian squeeze to wheezy.

http://www.virtualmin.com/documentation/system/os/debian-squeeze-to-wheezy-distupgrade

Halfway through, I got to the step “Kernel Upgrade”, It gave errors - it wasn’t able to install because the underlying hardware node had a 2.6.18 kernel, and the debian 7 wheezy kernel metapackage requires kernel 2.6.32 or higher.

I stopped, reversed my steps, reinstalled dovecot, webmin, and virtualmin. Got back to a working debian squeeze server. All my email user accounts, and mailboxes, were untouched, and work fine.

However something bad has happened - virtualmin says there are no virtual servers, and won’t let me restore my backups of the virtual servers. Webmin lists the various apache2 virtual servers and lets you edit their settings, but virtualmin says there are no virtual servers.

When I go into virtualmin backup/restore to restore the backups, it gives an error.

Don’t want to recreate the virtualmin virtual servers by hand - that would probably clobber my users and mailboxes… very bad.

Any idea on how exactly to get virtualmin to restore my 4 virtual server backups ??

Howdy,

What happens when you try to restore the Virtualmin backups? What error does Virtualmin give you?

Also, do you notice any problems when going into System Settings -> Re-Check Config?

-Eric

"Are you sure you want to restore the selected domains and features from local file /root/backup/server1.mydomain.com.tar.gz? Any existing data for the features in these domains will be over-written!

server1.mydomain.com (Server does not exist, will be re-created)

Virtual server password, description and other details

Administration user’s password, quota and Cron jobs

Mail/FTP users and mail aliases

Apache webserver configuration

Webalizer configuration and schedule

Apache SSL webserver configuration and certificate

Logrotate configuration for log file

Contents of server’s MySQL databases

Spam filtering

Webmin ACL files

Server’s home directory and web pages

AWstats configuration file

DAV users file

(unchecked) Ignore virtual server creation warnings?"

I click button “Restore Now”.

"Starting restore of 1 domains from local file /root/backup/server1.mydomain.com.tar.gz …

Extracting backup archive file …
… done

Re-creating virtual server server1.mydomain.com
… a clash was detected : A unix user named server1 already exists - try selecting a different administration username

… failed! See the progress output above for the reason why."

System Settings, Re-Check Config :

"Checking Configuration
The status of your system is being checked to ensure that all enabled features are available, that the mail server is properly configured, and that quotas are active …

Your system has 3 GB of memory, which is at or above the Virtualmin recommended minimum of 256 MB.
Mail server Postfix is installed and configured.

Postfix can support per-domain outgoing IP addresses, but is not currently configured to do so. This can be setup in the Postfix Mailserver module.

Apache is installed.

The following PHP versions are available : 5.3.3 (/usr/bin/php5-cgi)

Webalizer is installed.

Apache is configured to host SSL websites.

MySQL is installed and running.

ProFTPd is installed.

Logrotate is installed.

SpamAssassin and Procmail are installed and configured for use.

ClamAV is installed and assumed to be running.

Plugin AWstats reporting is installed OK.

Plugin DAV Login is installed OK.

Plugin Mailman is installed OK.

Plugin Protected web directories is installed OK.

Using network interface venet0 for virtual IPs.

IPv6 addresses are available, using interface venet0.

Default IPv4 address for virtual servers is X.X.X.X.

Virtualmin could not work out the default IPv6 address for virtual servers on your system. You will need to update either the Network interface for virtual addresses or Default virtual server IP address fields on the module configuration page.

Default IP address is set to X.X.X.X, which matches the detected external address.

The module could not find the mount point for your home directories filesystem /home. Quotas editing has been disabled.

LDAP user and group management is properly configured.

Warning - the name service caching daemon (NSCD) is running on your system. This may prevent Virtualmin from properly creating new Unix users and groups.

All commands needed to create and restore backups are installed.

The selected package management and update systems are installed OK.

… your system is ready for use by Virtualmin."

Ah, based on the Re-Check Config output, it looks like your server uses LDAP – is that correct?

That may be the issue you’re seeing… if your server is pointed at an existing LDAP service, that means Virtualmin is seeing that the username already exists… which is also the issue there, it won’t create a Virtual Server if the username already exists.

Is that the case in your situation – is your server pointed at an LDAP service that contains the username for those domains?

If so, I’ll have to talk to Jamie about how to handle that, as I’m not quite sure how to get around that.

-Eric

Hi Eric, that’s right, I setup Virtualmin to use the well documented “LDAP Users and Groups” module combined with PAM (?) to lookup usernames and passwords when domain users connect through IMAP to check their email.
The OpenLDAP sever is running on localhost, in the same vps container as Virtualmin.

Won’t the check box “Ignore errors” while importing work ?

Hi sgrayban. Maybe that would work? I thought it would probably be best to ask here before trying that and possibly clobbering something that couldn’t be restored! I wonder what the general opinion is on trying that?

Bump. Eric, what does Jamie say, how to do this safely without destroying any user mailboxes, etc. ?

Sorry, something went awry and I appear to have lost his response to this… I’m asking him to resend it, we’ll have an answer for that shortly :slight_smile:

-Eric

Okay, after speaking to Jamie – your situation is certainly a bit of a tricky one :slight_smile:

It sounds like there isn’t a great way to handle that at the moment – if Virtualmin sees existing users on the server, it’s not possible to restore the domain.

He did mention one possibility – if, after making the backups, you were to delete the Virtual Servers (and the users) on the original system (and thus in LDAP), you should then be able to restore them onto your new server.

That seems awfully risky though, normally I prefer to do lots of testing while the original server is still online.

I suppose another thing you could try, though this is somewhat convoluted, might be the following:

* Setup a brand new server (without LDAP) * Perform the migration and import the domains * Manually delete the newly created users and groups in /etc/passwd and /etc/group * Configure the server to use LDAP, where it will then see your existing users and groups * Fix all the directory permissions in /home by going into Limits and Validation -> Validate Virtual Servers -> Fix Permissions

I’ve never tried the above, you’d need to test that, but it might just work.

-Eric

Hi Eric,

Thanks for checking with Jamie.

  1. Interesting. So when you check the box “ignore virtual server creation warnings”, virtualmin would still fail to restore the virtual server ? If yes, what “creation warnings” is virtualmin able to ignore?

  2. Shouldn’t we file a bug report ? Restore of a virtual server that’s using LDAP Users and Groups should “just work” safely - without destroying existing mailboxes.

  3. Shouldn’t there be a feature request for a simple command line script, to perform a “replicate a virtualmin virtual server including mailboxes, all files, all config, and add system packages that are not present, to a new server, given the IP of that new server, ssh port, username and password”.

Howdy,

Virtualmin perform’s a lot of checks when importing a domain. However, it doesn’t currently have a way to get around the problem where a user already exists.

I unfortunately don’t know off the top of my head which errors and warnings can be ignored, but unfortunately it is possible to run into issues that can’t be worked around.

I wouldn’t be surprised to learn that Jamie was already working on such an option (that is, to be able to handle the case of existing users, when dealing with LDAP), I’ve sent him an email asking about that, to see what his thoughts are on adding that in.

As far as migrations go – the documentation for performing migrations (when not using LDAP) are here:

http://virtualmin.com/documentation/system/migrate

That would handle migrating all Virtual Servers, users, email, email aliases, databases, DNS settings, and even Virtualmin settings and templates and such.

Trying to automatically add packages, and migrate system-wide settings is a tricky problem though. Packages, and the configurations used, are often different from one distribution to another – that’s a very difficult thing to automate.

There’s actually some improvements going into the migration system right now in order to automate even more of it, but due to the complexity involved in this, it’s not likely to ever support automatically adding packages, and migrating config files from /etc… there’s some parts of the migration that a sysadmin still needs to handle manually, unfortunately :slight_smile:

-Eric

Okay, after talking to Jamie, based on your input the feature you’re asking for is indeed planned.

However, it’s actually more complex than it sounds to implement, and we haven’t received many requests for it (actually, I believe you’re the first, at least in regards to LDAP).

You’re absolutely right that it will be useful, but it will take a little time for that to be implemented.

-Eric

Bump! Hi Eric. About six months later, just wondering what’s this feature’s status… To restore backup, in the case where there are existing users… or existing LDAP users… and to preserve these users and their mailboxes… ( in my case, the users and mailboxes are virtualmin virtual server mailbox users and were on the system when the backup was taken)…