Historically, I've always upgraded my hardware and software together. In short, since I've always had new hardware I've always installed the latest distribution version from scratch. This time, however, I don't need to upgrade my hardware but I do want to upgrade my distribution to one that is still supported, i.e. receives security updates, etc. Currently, I run Postfix and Cyrus-IMAP on a Fedora 8 server. I'm considering upgrading to the new Fedora 11 (when released). I know how to set up Postfix and Cyrus-IMAP and I have good backups of all the configuration data and the actual mail so I'm not overly concerned about losing anything or getting myself into a situation that I can't get out of. What I don't have a lot of experience with is during the install process choosing the "Upgrade" option instead of the "New Install" option. My concern is that an upgrade may screw up anything from SELinux to apache (I run squirrelmail also) to who knows what in such a subtle way that I don't realize it for some time, e.g. security holes, etc. Does anyone have experience using the upgrade option and if so what do I need to be especially aware of?
This server actually provides a couple of different services but the mail service is the critical one.
Whenever I'm done with an upgrade, I check for .rpmnew and .rpmsave files in /etc, and restore things as necessary. I like to use a graphical diff tool like 'meld' to merge my .rpmsave files into the new config file -- that way, I don't miss important new configuration options.
As for SELinux, I've had good luck with upgrades not screwing up security contexts of files in my data areas (web root and /home). If I've installed custom policy, sometimes I have to tweak and redeploy it.
In my case, I use postfix and dovecot. If my memory serves me correctly, Postfix typically upgrades without issue. I've had occasional issues with dovecot. Like you, I typically back up my config files from /etc and /var/ before doing an upgrade. That way, I can recover gracefully.
If you want to create tar backups that include SELinux attributes, use 'star -xattr -H=exustar'.
As for security holes being opened up due to an upgrade -- I've never had it happen. Your mileage may vary.
It also depends on what have you installed, post the previous installation (like installation from source, or non-RPM binaries.
An easier way to check would be to clone the current system, upgrade and check and then make a note of all post-installation changes that you had to do, and then do the production upgrade.
Make sure you take a copy of your config files atleast. (of course, a full backup is always the way to go).
I'd strongly recommend reading the Fedora 11 install guide, particularly ch 18.
A few relevant snippets:
While upgrading from Fedora 10 is supported, you are more likely to have a consistent experience by backing up your data and then installing this release of Fedora 11 over your previous Fedora installation.
It is not possible to upgrade directly from Fedora 9 to Fedora 11. To upgrade Fedora 9 to Fedora 11, upgrade to Fedora 10 first.
(I'm guessing this also applies to Fedora 8 - it might be easier to just do a clean install)
Individual package configuration files may or may not work after performing an upgrade due to changes in various configuration file formats or layouts.
The upgrade process preserves existing configuration files by renaming them with an .rpmsave extension (for example, sendmail.cf.rpmsave). The upgrade process also creates a log of its actions in /root/upgrade.log.
(I always review the upgrade log after it's finished - it'll be your first indication that something may not have upgraded smoothly)
In general, I've always had very good luck doing distribution upgrades. Most of my experience is with Ubuntu desktops or RHEL servers, but my overall impression is the upgrade process has come a long way since the "fun" days of RedHat 6-9
I configured several servers and services on Fedora 10 (postfix, dovecot, Apache, vsftp, VNC) and everything worked perfectly. Then I was offered trough the software update service to upgrade to the Fedora 11. Upgrade was straightforward, I did not encounter any problems.
But the problems started after first FC 11 reboot. I was able to login, desktop applications worked OK, but all above services were not operational any more (except vsftp).
I need to modify:
httpd.conf and omit loading of two libraries, dovecot.conf and omit references to sieve, postfix mysteriously disappeared from list of services, in vncservers config file omit -nohttpd option.
Luckily the described procedure was quite straightforward. You just need to use upgrade.log, compare between conf and conf.rpmnew files, analyze services error outputs.