.. Reminder for header structure:        
  Parts (H1)          : #################### with overline
  Chapters (H2)       : ******************** with overline
  Sections (H3)       : ====================
  Subsections (H4)    : --------------------
  Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^
  Paragraphs (H6)     : """""""""""""""""""""

.. |date| date::

.. meta::
  :description: Updating Samba-AD on RHEL8 and derivative
  :keywords: update, RHEL8, CentOS8, Samba-AD, documentation

.. _ad_upgrade_samba_redhat:

*****************************************
Updating Samba-AD on RHEL and derivative
*****************************************

RPM repositories are signed, and it is recommended that you validate package signing by setting the GPG key on YUM repositories.

.. code-block:: bash

  wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-TISSAMBA-8  http://samba.tranquil.it/RPM-GPG-KEY-TISSAMBA-8 sha256sum /etc/pki/rpm-gpg/RPM-GPG-KEY-TISSAMBA-8
    b3cd8395e3d211a8760e95b9bc239513e9384d6c954d17515ae29c18d32a4a11  /var/www/samba/RPM-GPG-KEY-TISSAMBA-8

  rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-TISSAMBA-8

Before each update it is necessary to make a backup of the machine.
It will also be interesting to isolate it if there are other servers in replication in case something goes wrong and you want to go back to a snapshot (**attention, going back to a snapshot in an AD environment is not something trivial !**).

.. code-block:: bash

   systemctl stop samba
   rsync -aP /var/lib/samba/ /root/backup_samba_20210520/
   systemctl start samba

After each update it is necessary to check the database.
Indeed the Samba code takes more and more special cases into account, and it may be necessary to make a pass on the database to conform certain attributes or structure types.

.. code-block:: bash

   samba -V
   systemctl restart samba
   samba-tool dbcheck --cross-ncs
   samba-tool dbcheck --cross-ncs --fix --yes

.. note::

  If you have only one internal DNS AD in your domain, you will need to temporarily add a second DNS server in :file:`/etc/resolv.conf` to allow DNS queries to be made while the Samba server is off.

.. note::

  If the server doesn’t take new packages into account during the upgrade, it may be useful to run **yum clean metadata** to make sure it takes into account the updated configuration of the ``tis-samba`` repository.

Minor Samba update in the same major branch (4.17, 4.18, 4.19, etc.)
====================================================================

If you have followed the documentation for the repository configuration a simple upgrade is enough.
As mentioned above a backup before and a :command:`samba-tool dbcheck --fix --yes` after upgrade is recommended.

With some upgrades (e.g. version 4.11.5) it may be necessary to carry out further manipulations.
For this it is advisable to read the Samba Changelog.

.. code-block:: bash

   yum upgrade

Upgrading Samba 4.11 or later to 4.19
=====================================

.. code-block:: bash

  echo "[tis-samba]
  name=tis-samba
  baseurl=http://samba.tranquil.it/redhat8/samba-4.19/
  gpgcheck=1
  gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-TISSAMBA-8" > /etc/yum.repos.d/tissamba.repo

* Launch the update:

  .. code-block:: bash

    yum makecache
    systemctl stop samba
    yum install -y samba samba-winbind samba-winbind-clients krb5-workstation ldb-tools bind ntp bind-utils samba-client
    systemctl enable samba
    systemctl restart samba

* After the update, run a :command:`dbcheck` as mentioned above:

  .. code-block:: bash

     samba -V
     systemctl restart samba
     samba-tool dbcheck --cross-ncs
     samba-tool dbcheck --cross-ncs --fix --yes

Upgrading Samba 4.10 to Samba 4.11 on CentOS7
=============================================

When upgrading Samba packages, package names may evolve to comply with naming rules.
There may also be changes with the gradual switch to Python 3 and at the same time a gradual abandonment of Python 2.

As for the upgrade 4.9 to 4.10 it is necessary to uninstall the Samba packages so that they can update themselves correctly.
Indeed with the arrival of Python 3 support in CentOS7 the new naming standard for Python 3 packages is *python-3* and no longer *python-36*.
The data is not affected by this manipulation.

.. code-block:: bash

  echo "[tis-samba]
  name=tis-samba
  baseurl=http://samba.tranquil.it/redhat7/samba-4.11/
  gpgcheck=1
  gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-TISSAMBA-8" > /etc/yum.repos.d/tissamba.repo

* Launch the update:

  .. code-block:: bash

    yum makecache
    systemctl stop samba
    yum remove python36-samba
    yum install -y samba samba-winbind samba-winbind-clients krb5-workstation ldb-tools bind ntp bind-utils samba-client
    systemctl enable samba
    systemctl restart samba

* After the update, run a :command:`dbcheck` as mentioned above:

  .. code-block:: bash

     samba -V
     systemctl restart samba
     samba-tool dbcheck --cross-ncs
     samba-tool dbcheck --cross-ncs --fix --yes