Upgrade Plesk 11.5 to Plesk 12 on Debian Wheezy 7.6, fixing OpenDKIM and DK

I wanted to upgrade to the newer edition of Plesk as it has some interesting features for controlling outgoing mail that make my life easier. So I wanted to upgrade and ran into some weird issues during the upgrade.

After downloading the newest Parallels autoinstall script from their webpage, and running it produced the following error.

Components validation detected at least one important issue:
Parallels Panel pre-upgrade check...
dpkg-query: no packages found matching psa-atmail
dpkg-query: no packages found matching psa-horde
dpkg-query: no packages found matching libapache2-modsecurity
WARNING: IP address registered in Plesk is invalid or broken: xxx.xxx.xxx.xxx

The OS version details are as follow

# lbs_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 7.6 (wheezy)
Release:	7.6
Codename:	wheezy

The panel version is 11.5.30 Update #47

It was a little weird why is stuff missing, so I decided to check if the packages are in the repo.

So running this command will give you the list of all the packages in the repository.

apt-get install grep-dctrl
grep-dctrl -sPackage . /var/lib/apt/lists/autoinstall.plesk.com_debian_*_Packages | sort | uniq

So it looks like the 3 packages psa-atmail, psa-horde, libapache2-modsecurity are not present in the repository.

Turns out that atmail is deprecated, and it doesn’t mater, but the other 2 packages I want them.

And the autoinstaller adds the following lines into /etc/apt/sources.list

## This is temporary appended by Autoinstaller for 
## specify source of product's packages for APT.
deb http://autoinstall.plesk.com/debian/PSA_12.0.18 wheezy all
deb http://autoinstall.plesk.com/debian/SITEBUILDER_12.0.5 all all
deb http://autoinstall.plesk.com/debian/BILLING_12.0.18 all all
deb http://autoinstall.plesk.com/debian/NGINX_1.6.0 wheezy all

You can safely ignore these, for some reason after the upgrade, they appear in the repository, but not during the upgrade, but you won’t have any issues with this, at least I didn’t.

Lets see about the next error:

WARNING: IP address registered in Plesk is invalid or broken: xxx.xxx.xxx.xxx

Turns out that according the Plesk, this is an IP registered in the panel but it’s not present in the system, to see which ones are present and which ones are not we can just run the following commands.

# brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.d43d7edb0649	no		eth0

And the info about the IP addresses.

# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet xx.xx.xx.xx/27 brd xx.xx.xx.xx scope global br0
    inet xx.xx.xx.xx/32 scope global br0
    inet xx.xx.xx.xx/32 scope global br0
    inet6 xxxx::xxxx:xxxx:xxxx:xxxx/64 scope link 
       valid_lft forever preferred_lft forever
4: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 500
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet6 xxxx::xxxx:xxxx:xxxx:xxxx/64 scope link 
       valid_lft forever preferred_lft forever

And the biggest problem is that the IP is there but plesk for some reason doesn’t detect it, as you can see I have 3 IP’s assigned to the network card, and it’s not detected one of them, and also I’m running a KVM machine with a dedicated IP address. And I’m using a bridge for all of them to be present in the system.

If this can happen with one IP, I don’t know, but it shouldn’t happen, as to why it showed an error with the bridge I have no idea.

So you can just remove the IP temporarily from the system and the run the installer again, then after the upgrade you can just rerun the Reread IP from Tools & Settings > IP Addresses.

Also one more thing if you have followed my guide about Setting up SPF + DK + DKIM with Postfix in Plesk 11.5 on Debian Wheezy, you will notice that DKIM signing is not working for some reason. But turns out to be really easy fix.

Open /etc/postfix/main.cf with your favorite editor, and edit the following line.

# OpenDKIM
smtpd_milters = , inet:, inet:


# OpenDKIM
smtpd_milters = , inet:, inet:

And that’s it for DKIM, now let’s see about DK (Domain Keys) you will notice that it’s not signing them anymore, well that is also a simple matter to fix, by doing the following.

If you have one or two domains it’s simple then, just run this for the domain.

/usr/local/psa/bin/domain_pref -u www.example.com -sign_outgoing_mail false
/usr/local/psa/bin/domain_pref -u www.example.com -sign_outgoing_mail true

This will re-enable the signing for the domain in question, it will take a little while until it’s actually working, but for some reason in Plesk you need to disable it then enable it again for it to work.

But in my case I had a lot of domains and I have to go through a big list of domains, so I wrote this script that will do this for all the domains.

pass=`cat /etc/psa/.psa.shadow`
domains=`mysql --skip-column-names -u admin -p$pass -e 'select name from domains where parentDomainId = 0;' psa | tr '\t' ','`
for domain in $domains; do
echo "Processing: $domain"
/usr/local/psa/bin/domain_pref -u "$domain" -sign_outgoing_mail false
/usr/local/psa/bin/domain_pref -u "$domain" -sign_outgoing_mail true

And that’s it, now we have everything in place, and you can start using your panel with the new version.

**UPDATE: ** The packages are now present in the repository, so looks like they added them afterwards, don’t know why they weren’t present when I was upgrading but now they are so it’s OK, either way you can continue ignoring that info about the packages, but the IP has to be resolved before continuing.