Updated 3 days ago by Jamila Khan
- Table of contents
- Debian 11 to 12
- Don't forget to restart the server!
Debian 11 to 12¶
Pre update check¶
Check / Take Backups¶
- Check that the most recent backupninja backup jobs have run successfully
- Check that the most recent backup is valid and can be used for recovery
If the server is running on linode, check that image based backups are enabled / working. Take a snapshot before running the upgrade procedure!
Stretch check¶
Check if any sources still point to buster
cd /etc/apt grep -nr buster .
If so, bring those up to bullseye and run updates first
https://redmine.palantetech.coop/projects/commons/wiki/Debian_10_to_11
Metapackage check¶
Check to make sure kernel metapackage is installed, not just specific kernel
dpkg -l "linux-image*" | grep ^ii | grep -i meta
should have results
If not, install metapackage
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#kernel-metapackage
Purged package check¶
List and purge removed packages with config files remaining
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#purge-removed-packages
aptitude search '~c' aptitude purge '~c'
Hold check¶
These commands should have no results
aptitude search "~ahold" dpkg --get-selections | grep 'hold$'
Update sources list¶
Check which sources exist that point to bullseye
cd /etc/apt grep -nr bullseye .
Full directory find and replace
grep -Irl bullseye . | xargs -I % sed -i 's/bullseye/bookworm/g' %
OR edit the main list, and any others that come up
vim /etc/apt/sources.list
replace bullseye with bookworm
:%s/bullseye/bookworm/g
Good to check but should be done if upgraded from Debian 10 to 11
replace bullseye/updates with bookworm-security
:%s/bookworm\/updates/bookworm-security/g
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#security-archive
Upgrade the system¶
Update the sources¶
apt-get update
Check for Necessary Disk Space¶
apt-get -o APT::Get::Trivial-Only=true dist-upgrade
Minimal Upgrade¶
apt-get upgradeif it asks whether to change /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg, say yes
other things it asks to change, say no, keep the existing file
Full Upgrade¶
apt-get dist-upgradeChange configs during full upgrade (install the package maintainers version)
| package | change configs |
| nrpe | no |
| sudoers | no |
| journald | no |
| backupninja | no |
| ossec.conf | no |
| mariadb conf | no |
| apache2/ports.conf | no |
| logins.def | yes |
| nginx | yes but recheck after |
| redis | yes but recheck after |
| sshd_config | yes but recheck after |
| glibc | yes |
| logrotate.d/apache2 | yes |
| grub | no |
Upgrade MySQL databases (if MySQL/MariaDB installed)¶
mysql_upgrade
Validation Testing and Auditing Changes¶
if a web server, make sure websites are up
if an infrastructure server, test and make sure all parts of the infrastructure are working properly
if a PTC server check the recovery plan entry for that server to make sure everything has recoveredCheck what packages were removed¶
cat /var/log/apt/history.log | grep Remove
copy that into ongoing updates documentation for records
Make sure there was nothing important in there
If there were important packages in there
- check aptitude to see if newer versions were already installed
- check debian package search to search for what version is appropriate (https://packages.debian.org/)
Common problems¶
NO_PUBKEY during update¶
When issues are encountered they should be listed here to ease future troubleshooting!
Backupninja changes¶
After update, backupninja likely needs to be patched
https://redmine.palantetech.coop/projects/pt/wiki/Icinga2#Patch-the-backupninja-binary
Borg backup jobs to May First need to have port = 2201 added to the destination section.
Don't forget to restart the server!¶
Go to top