Project

General

Profile

Debian 11 to 12 » History » Revision 6

Revision 5 (Hannah Siwiec, 01/25/2024 04:42 PM) → Revision 6/9 (Hannah Siwiec, 01/25/2024 04:48 PM)

h1. Debian 11 to 12 

 h2. Pre update check 

 h3. Stretch check 

 Check if any sources still point to buster 

 <pre> 
 cd /etc/apt 
 grep -nr buster . 
 </pre> 

 If so, bring those up to bullseye and run updates first 
 https://redmine.palantetech.coop/projects/commons/wiki/Debian_10_to_11 

 h3. Metapackage check 

 Check to make sure kernel metapackage is installed, not just specific kernel 

 <pre> 
 dpkg -l "linux-image*" | grep ^ii | grep -i meta 
 </pre>  

 should have results 

 If not, install metapackage 
 https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#kernel-metapackage 

 h3. Purged package check 

 List and purge removed packages with config files remaining 
 https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#purge-removed-packages 

 <pre> 
 aptitude search '~c' 
 aptitude purge '~c' 
 </pre> 

 h3. Hold check 

 These commands should have no results 

 <pre> 
 aptitude search "~ahold"  
 dpkg --get-selections | grep 'hold$' 
 </pre> 


 h3. Update sources list 

 Check which sources exist that point to bullseye 

 <pre> 
 cd /etc/apt 
 grep -nr bullseye . 
 </pre> 

 Edit the main list, and any others that come up 

 <pre> 
 vim /etc/apt/sources.list 
 </pre> 

 replace bullseye with bookworm 

 <pre> 
 :%s/bullseye/bookworm/g 
 </pre> 

 replace bullseye/updates with bookworm-security (this is already done, don't need to change this) 

 <pre> 
 :%s/bookworm\/updates/bookworm-security/g 
 </pre> 

 https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#security-archive 

 h2. Upgrade the system 

 h3. Update the sources 

 <pre> 
 apt-get update 
 </pre> 

 If you get a NO_PUBKEY error, see https://redmine.palantetech.coop/projects/commons/wiki/Debian_10_to_11#Common-problems 

 h3. Check for Necessary Disk Space 

 <pre> 
 apt-get -o APT::Get::Trivial-Only=true dist-upgrade 
 </pre> 


 h3. Minimal Upgrade 

 <pre> 
  apt-get upgrade 
 </pre> 

     if it asks whether to change /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg, say yes 
     other things it asks to change, say no, keep the existing file 


 h3. Full Upgrade 

 <pre> 
 apt-get dist-upgrade 
 </pre> 


 Change configs during full upgrade? 
 |package | change configs| 
 | nrpe | no | 
 | sudoers | no | 
 | journald | no | 
 | backupninja | no | 
 | nginx | yes but recheck after | 
 | redis | yes but recheck after | 
 | sshd_config | yes but recheck after | 
 | glibc | yes | 
 | logrotate.d/apache2 | yes | 

 h3. Upgrade MySQL databases (if MySQL/MariaDB installed) 

 <pre> 
 mysql_upgrade 
 </pre> 


 h2. Check that things are up 

     if a web server, make sure websites are up 
     if an infrastructure server, test and make sure all parts of the infrastructure are working properly 
     if a PTC server check the recovery plan entry for that server to make sure everything has recovered 

 h3.  
 Check what packages were removed 

 <pre> 
     cat /var/log/apt/history.log | grep Remove 
 </pre> 
     copy that into ongoing updates documentation for records 
     Make sure there was nothing important in there 
     If there were important packages in there 
         check aptitude to see if newer versions were already installed 
         check debian package search to search for what version is appropriate 
         https://packages.debian.org/ 


 h2. Common problems 


 h3. NO_PUBKEY during update 

 W: GPG error: https://apt.postgresql.org/pub/repos/apt bullseye-pgdg InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7FCC7D46ACCC4CF8 


 Add the key for the specified repository: 

 <pre> 
 0 meat:/etc/apt# sudo gpg -a --export 7FCC7D46ACCC4CF8 | sudo apt-key add - 
 </pre> 


 See https://askubuntu.com/questions/13065/how-do-i-fix-the-gpg-error-no-pubkey for more information 

 h3. Backupninja changes 

 After update, backupninja likely needs to be patched 
 https://redmine.palantetech.coop/projects/pt/wiki/Icinga2#Patch-the-backupninja-binary 

 Borg backup jobs to May First need to have port = 2201 added to the destination section.
Go to top