Upgrading to Apache 2.2.8 using debian and ssh

I’ve justupgraded all our production servers to Apache 2.2.8 from 2.2.4. This operation requires adding three custom patches we made to solve some issues with Apache. Applying these patches and updating the servers is quite easy when you use debian and ssh. Without going into specific detail, here’s an overall view of the steps that need to be taken.

  1. Get the source files. Go to the debian package page for Apache 2.2.8. Yep, this is for debian unstable. We’re going to backport it to debian stable, which is what we use on our production servers. From that page, download the original tar file and the diff file. Note that you could also get the original tar file (or a more recent one) from the Apache ASF httpd home page
  2. Create the debian source package. Explode the tar file, rename the target dir from http2 to apache2-2.2.8. Uncompress the diff file and apply it using patch -p0 <diff_file name. This will create
    the environment for compiling the debian package.
  3. Install the custom patches. Go to apache2-2.2.8/debian/patches and copy the patches there. I generate the patches using diff -c. I had to prefix each patch with a specific debian prologue. Inspire yourself from the other patches. Each patch file has to have a number and a name describing what it does. Once you add the patches, you need to update the file 00list so that it includes it. Just do ls [0-9]??_* > 00list. Note that if you’re upgrading to a new apache2 version, you need to make sure your patch is still needed and adjust it as needed.
  4. Generate the debian package. cd to apache2-2.2.8 and invoke dpkg-buildpackage. Don’t forget to do a chmod +x debian/rules before.

You’re all set up. Time to complete the operation? Just some minutes. Complexity? If you already have the patches, none. Results: fresh .deb packages with our custom patches.
To roll out our apache2 custom .deb packages, I put them in our local debian apt repository. All of our production servers point to it. Moreover, in each server, the respective apache2 packages are put on hold and are pinned to our apt server. This makes sure that they will only be updated when we explicitly request so, and that they will come from our repository.
In each server I have a local script that will do the apt update and install of the apache2 packages. From the comfort of my main box, I go through the list of servers invoking the local script through ssh. Time and effort to roll-out the new version? Negligeable. This pressumes I’d already tried out the server and patches on a test server.

Leave a Reply

Your email address will not be published. Required fields are marked *

Before you comment here, note that your IP address is sent to Akismet, the plugin we use to mitigate spam comments.