PT Commons

{{lastupdated_at}} by {{lastupdated_by}}

{{>toc}}

h1. Debian 11 to 12

h2. Pre update check

h3. Stretch check

Check if any sources still point to buster

<pre>

cd /etc/apt

grep -nr buster .

</pre>

If so, bring those up to bullseye and run updates first

https://redmine.palantetech.coop/projects/commons/wiki/Debian_10_to_11

h3. Metapackage check

Check to make sure kernel metapackage is installed, not just specific kernel

<pre>

dpkg -l "linux-image*" | grep ^ii | grep -i meta

</pre> 

should have results

If not, install metapackage

https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#kernel-metapackage

h3. Purged package check

List and purge removed packages with config files remaining

https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#purge-removed-packages

<pre>

aptitude search '~c'

aptitude purge '~c'

</pre>

h3. Hold check

These commands should have no results

<pre>

aptitude search "~ahold" 

dpkg --get-selections | grep 'hold$'

</pre>

h3. Update sources list

Check which sources exist that point to bullseye

<pre>

cd /etc/apt

grep -nr bullseye .

</pre>

Edit the main list, and any others that come up

<pre>

vim /etc/apt/sources.list

</pre>

replace bullseye with bookworm

<pre>

:%s/bullseye/bookworm/g

</pre>

replace bullseye/updates with bookworm-security (this is already done, don't need to change this)

<pre>

:%s/bookworm\/updates/bookworm-security/g

</pre>

https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#security-archive

h2. Upgrade the system

h3. Update the sources

<pre>

apt-get update

</pre>

If you get a NO_PUBKEY error, see https://redmine.palantetech.coop/projects/commons/wiki/Debian_10_to_11#Common-problems

h3. Check for Necessary Disk Space

<pre>

apt-get -o APT::Get::Trivial-Only=true dist-upgrade

</pre>

h3. Minimal Upgrade

<pre>

 apt-get upgrade

</pre>

    if it asks whether to change /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg, say yes

    other things it asks to change, say no, keep the existing file

h3. Full Upgrade

<pre>

apt-get dist-upgrade

</pre>

Change configs during full upgrade?

|package | change configs|

| nrpe | no |

| sudoers | no |

| journald | no |

| backupninja | no |

| nginx | yes but recheck after |

| redis | yes but recheck after |

| sshd_config | yes but recheck after |

| glibc | yes |

| logrotate.d/apache2 | yes |

h3. Upgrade MySQL databases (if MySQL/MariaDB installed)

<pre>

mysql_upgrade

</pre>

h2. Validation Testing and Auditing Changes

    if a web server, make sure websites are up

    if an infrastructure server, test and make sure all parts of the infrastructure are working properly

    if a PTC server check the recovery plan entry for that server to make sure everything has recovered

h3. Check what packages were removed

<pre>

    cat /var/log/apt/history.log | grep Remove

</pre>

    copy that into ongoing updates documentation for records

    Make sure there was nothing important in there

    If there were important packages in there

        check aptitude to see if newer versions were already installed

        check debian package search to search for what version is appropriate

        https://packages.debian.org/

h2. Common problems

h3. NO_PUBKEY during update

W: GPG error: https://apt.postgresql.org/pub/repos/apt bullseye-pgdg InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7FCC7D46ACCC4CF8

Add the key for the specified repository:

<pre>

0 meat:/etc/apt# sudo gpg -a --export 7FCC7D46ACCC4CF8 | sudo apt-key add -

</pre>

See https://askubuntu.com/questions/13065/how-do-i-fix-the-gpg-error-no-pubkey for more information

h3. Backupninja changes

After update, backupninja likely needs to be patched

https://redmine.palantetech.coop/projects/pt/wiki/Icinga2#Patch-the-backupninja-binary

Borg backup jobs to May First need to have port = 2201 added to the destination section.