Help: how to upgrade openhabian from OH 2.0x to OH 3.3 (NTTRS hits me hard)

  • Platform information:
    • Hardware: RPi
    • OS: Openhabian
    • Java Runtime Environment: which java platform is used and what version
    • openHAB version: 2.1

I am using OpenHAB since quite a while, running openhabian and OpenHab 2.1 or 2.0x.
I did not uptate for a long long time (never touch the running system = NTTRS)…
All help is related to OH 2.5 updates to OH3.x, but I cannot even get there.
I cannot solve the bintray issue fully, and sudo openhabian-config does neither show an option 3 nor can I select anything else than “2.1 stable” or “2.2 unstable” under point 40 | openHAB related.
as I cannot even update to that to finally get somewhere close to 2.5 to update to OH3.3 from that I am quite lost.

I changed to jfrog to solve the old bintray issue but still get

[20:59:32] openhabian@Gollum:~$ sudo openhabian-config

2022-11-29_21:02:23_CET [openHABian] Checking for root privileges... OK

2022-11-29_21:02:23_CET [openHABian] Loading configuration file '/etc/openhabian.conf'... OK

2022-11-29_21:05:30_CET [openHABian] Installing or switching to openHAB 2.1.0 (stable)...

$ wget -O openhab-key.asc https://bintray.com/user/downloadSubjectPublicKey?username=openhab

--2022-11-29 21:05:34-- https://bintray.com/user/downloadSubjectPublicKey?username=openhab

Auflösen des Hostnamen »bintray.com (bintray.com)«... 52.2.163.176, 3.227.81.238, 54.211.59.143

Verbindungsaufbau zu bintray.com (bintray.com)|52.2.163.176|:443... verbunden.

HTTP-Anforderung gesendet, warte auf Antwort... 410 Gone

2022-11-29 21:05:35 FEHLER 410: Gone.

$ apt-key add openhab-key.asc

gpg: Keine gültigen OpenPGP-Daten gefunden.

FAILED (key)

It is not an option to migrate step by step to a new OH 3.3 installation, as I have hundreds of rules and 229 items…

I did already try to force a manual installation to OH3 on another SD backup which worked (besides zwave and MQTT devices not responding), but that did not fully update openhabian (openhabian-config was still the old one).
I guess it will be possible for me to sort those issues out and to resolve any broken functions/bindings in my personal setup, but I need a way to update OH 2.1 or 2.0 to OH 3.3.

Any tips and hints what to do?
I cannot even find out if I need to update to 2.3 and 2.5 first or not.
After trying around updating another test backup system SD card, login console now tells me that I am on openHAB 2.5, but openhabian-config still is the old one.

Which version of the OS do you use ? I assume it is still based on jessie or stretch.
Don’t try to do an upgrade. Do a fresh installation based on the latest version of openhabian ( bullseye ).

The update from 2.X to 3.3 should be possible by fixing the repo but you need to have java package that is supported on your OS.

jessie, yes.
Fresh installation really is not preferred, I have too many things and items…
I guess you’re saying that I should get Java11 and try again?

just installed, java is 11 now, but openhabian-config is still the old one of course.

java -version

openjdk version "11.0.9" 2020-10-20 LTS

OpenJDK Runtime Environment Zulu11.43+88-CA (build 11.0.9+11-LTS)

OpenJDK Client VM Zulu11.43+88-CA (build 11.0.9+11-LTS, mixed mode)

Jessie and openhabian-config that doesn’t update itself ?
Seems you have been waiting way too long.

Install a fresh openHABian and import your old config.

We get that, but your system is so old and outdated that trying to upgrade it will inevitably cost you more time and energy than starting fresh, including the effort you’ve already put in.

Your item files can be copied directly into a new installation–you don’t need to define items in the UI.

Your rules files will be subject to breaking changes, but there’s no summary of “things that changed between OH 2.1 and OH 3.3”. This would be the same whether you upgrade or start fresh.

My suggestion is to get a new installation going, and then add your item files one by one so that you can troubleshoot them as you go. Then add your rules and do the same thing.

way too long, yes haha…

Prerequisites for OH 3 list Java 11. So you have to have it.
Jessie is end of life.
For binaries that are not in the default repository you always would require backports if they are available.
openhabian often installs latest / greatest versions like nodejs - I doubt that this is possible for jessie.

I guess you are right.
Finally I give in and will try that approach. Thanks for saving me time though, you may be right. Copying items files may still be easier.

At least: my backup procedure seems good, the system is up for years without loosing anything haha…

For sure. We’re not saying “start fresh” just to be difficult or unhelpful. If upgrading really was the faster and easier solution, we’d help you do that.

229 items really isn’t that many in an OH system, and the vast majority of them should copy into your new installation with no changes. Your rules are the bigger issue. Again, that’d be the same no matter what you do.

Speaking to NTTRS: for almost a year you’ve left a vulnerability in Log4j2 unpatched. It’s a low risk if your server is not exposed to the Internet, but it’s still a risk. (EDIT: As Rich explains below, the risk was much greater than I recalled.) The patch was applied very quickly in OH 3, but we have no way to inform users when something like this happens. This is the best reason to keep a system up to date.

Since you’re backing up regularly, there’s no risk in updating–you can always fall back if it doesn’t work.

1 Like

Just to add a little bit of detail here, the Log4Shell vulnerability (as the press labeled that one) is actually really bad. Your OH is vulnerable if it consumes any data from the Internet. Anything that would cause OH to try to log certain strings could cause it to reach out to a system that could give you a bad day. The only way to be safe would be to have your server not exposed to the Internet and deny your server access to the internet. Otherwise something you don’t even have control over could be modified to attack you through the Cloud APIs and such.

It was about as bad as it gets. And it’s a great example why it’s important to keep up with updates.

1 Like

Well, that would explain why I actually remember this being a big deal at the time. I’ve edited my previous post accordingly.

Yep. People were successfully getting pings back from Apple and Tesla servers simply by renaming their phones/cars to a proper attack string.

A fresh setup is a matter of minutes, plus it can be done on a separate SD and box so will not affect your running system.
Like @rpwong said, if it wasn’t the better (faster) option, we wouldn’t recommend it.
Fixing all the problems that originate from your big jump in OH versions is a different story, it will take the longer the larger your version difference is. But so far this was about OS and OH setup.

This topic was automatically closed 41 days after the last reply. New replies are no longer allowed.