Project

General

Profile

Actions

Updated over 1 year ago by Jamila Khan

Debian 10 to 11

Pre update check

Stretch check

Check if any sources still point to stretch

cd /etc/apt
grep -nr stretch .

If so, bring those up to buster and run updates first
https://redmine.palantetech.coop/projects/commons/wiki/Debian_9_to_10

Metapackage check

Check to make sure kernel metapackage is installed, not just specific kernel

dpkg -l "linux-image*" | grep ^ii | grep -i meta should have results
If not, install metapackage
https://www.debian.org/releases/bullseye/amd64/release-notes/ch-upgrading.en.html#kernel-metapackage

Purged package check

List and purge removed packages with config files remaining
https://www.debian.org/releases/bullseye/amd64/release-notes/ch-upgrading.en.html#purge-removed-packages

aptitude search '~c'
aptitude purge '~c'

Hold check

These commands should have no results

aptitude search "~ahold" 
dpkg --get-selections | grep 'hold$'

Update sources list

Check which sources exist that point to buster

cd /etc/apt
grep -nr buster .

Edit the main list, and any others that come up

vim /etc/apt/sources.list

replace buster with bullseye

:%s/buster/bullseye/g

replace bullseye/updates with bullseye-security

:%s/bullseye\/updates/bullseye-security/g

https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#security-archive

Upgrade the system

Update the sources

apt-get update

If you get a NO_PUBKEY error, see https://redmine.palantetech.coop/projects/commons/wiki/Debian_10_to_11#Common-problems

Check for Necessary Disk Space

apt-get -o APT::Get::Trivial-Only=true dist-upgrade

Minimal Upgrade

 apt-get upgrade
  • if it asks whether to change /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg, say yes
  • other things it asks to change, say no, keep the existing file

Full Upgrade

apt-get dist-upgrade

Change configs during full upgrade?

package change configs
nrpe no
sudoers no
journald no
backupninja no
nginx yes but recheck after
redis yes but recheck after
sshd_config yes but recheck after
glibc yes
logrotate.d/apache2 yes

Upgrade MySQL databases (if MySQL/MariaDB installed)

mysql_upgrade

Check that things are up

  • if a web server, make sure websites are up
  • if an infrastructure server, test and make sure all parts of the infrastructure are working properly
  • if a PTC server check the recovery plan entry for that server to make sure everything has recovered

Check what packages were removed

  • cat /var/log/apt/history.log | grep Remove
  • copy that into ongoing updates documentation for records
  • Make sure there was nothing important in there
  • If there were important packages in there
    • check aptitude to see if newer versions were already installed
    • check debian package search to search for what version is appropriate
    • https://packages.debian.org/

Common problems

NO_PUBKEY during update

W: GPG error: https://apt.postgresql.org/pub/repos/apt bullseye-pgdg InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7FCC7D46ACCC4CF8

Add the key for the specified repository:
0 meat:/etc/apt# sudo gpg -a --export 7FCC7D46ACCC4CF8 | sudo apt-key add -

See https://askubuntu.com/questions/13065/how-do-i-fix-the-gpg-error-no-pubkey for more information

Backupninja changes

After update, backupninja likely needs to be patched
https://redmine.palantetech.coop/projects/pt/wiki/Icinga2#Patch-the-backupninja-binary

Borg backup jobs to May First need to have port = 2201 added to the destination section.

Updated by Jamila Khan over 1 year ago · 19 revisions

Also available in: PDF HTML TXT

Go to top