PT Commons

{{lastupdated_at}} by {{lastupdated_by}}

{{>toc}}

h1. Debian 10 to 11

h2. Pre update check

h3. Stretch check

Check if any sources still point to stretch

<pre>

cd /etc/apt

grep -nr stretch .

</pre>

If so, bring those up to buster and run updates first

https://redmine.palantetech.coop/projects/commons/wiki/Debian_9_to_10

h3. Metapackage check

Check to make sure kernel metapackage is installed, not just specific kernel

@dpkg -l "linux-image*" | grep ^ii | grep -i meta@ should have results

If not, install metapackage

https://www.debian.org/releases/bullseye/amd64/release-notes/ch-upgrading.en.html#kernel-metapackage

h3. Purged package check

List and purge removed packages with config files remaining

https://www.debian.org/releases/bullseye/amd64/release-notes/ch-upgrading.en.html#purge-removed-packages

<pre>

aptitude search '~c'

aptitude purge '~c'

</pre>

h3. Hold check

These commands should have no results

<pre>

aptitude search "~ahold" 

dpkg --get-selections | grep 'hold$'

</pre>

h2. Update sources list

Check which sources exist that point to buster

<pre>

cd /etc/apt

grep -nr buster .

</pre>

Edit the main list, and any others that come up

<pre>

vim /etc/apt/sources.list

</pre>

replace buster with bullseye

<pre>

:%s/buster/bullseye/g

</pre>

replace bullseye/updates with bullseye-security

<pre>

:%s/bullseye\/updates/bullseye-security/g

</pre>

https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#security-archive

h2. Upgrade the system

h3. Update the sources

<pre>

apt-get update

</pre>

If you get a NO_PUBKEY error, see https://redmine.palantetech.coop/projects/commons/wiki/Debian_10_to_11#Common-problems

h3. Check for Necessary Disk Space

<pre>apt-get -o APT::Get::Trivial-Only=true dist-upgrade</pre>

h3. Minimal Upgrade

<pre> apt-get upgrade</pre>

* if it asks whether to change /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg, say yes

* other things it asks to change, say no, keep the existing file

h3. Full Upgrade

<pre>

apt-get dist-upgrade

</pre>

h4. Change configs during full upgrade?

|package | change configs|

| nrpe | no |

| sudoers | no |

| journald | no |

| backupninja | no |

| nginx | yes but recheck after |

| redis | yes but recheck after |

| sshd_config | yes but recheck after |

| glibc | yes |

| logrotate.d/apache2 | yes |

h3. Upgrade MySQL databases (if MySQL/MariaDB installed)

<pre>

mysql_upgrade

</pre>

h3. Check that things are up

* if a web server, make sure websites are up

* if an infrastructure server, test and make sure all parts of the infrastructure are working properly

* if a PTC server check the "recovery plan":https://redmine.palantetech.coop/projects/pt/wiki/Recovery_Plan entry for that server to make sure everything has recovered

h3. Check what packages were removed

* @cat /var/log/apt/history.log | grep Remove@

* copy that into ongoing updates documentation for records

* Make sure there was nothing important in there

* If there were important packages in there

** check aptitude to see if newer versions were already installed 

** check debian package search to search for what version is appropriate

** https://packages.debian.org/

h2. Common problems

h3. NO_PUBKEY during update

<pre>

W: GPG error: https://apt.postgresql.org/pub/repos/apt bullseye-pgdg InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7FCC7D46ACCC4CF8

</pre>

Add the key for the specified repository:

<pre>

0 meat:/etc/apt# sudo gpg -a --export 7FCC7D46ACCC4CF8 | sudo apt-key add -

</pre>

See https://askubuntu.com/questions/13065/how-do-i-fix-the-gpg-error-no-pubkey for more information

h3. Backupninja changes

After update, backupninja likely needs to be patched

https://redmine.palantetech.coop/projects/pt/wiki/Icinga2#Patch-the-backupninja-binary

Borg backup jobs to May First need to have @port = 2201@ added to the destination section.