This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
bock_upgrade_debian_10_-_11 [2024/01/06 06:17] SLUUG Administration |
bock_upgrade_debian_10_-_11 [2024/03/20 21:48] (current) SLUUG Administration Add DCC |
||
---|---|---|---|
Line 2: | Line 2: | ||
// SUMMARY: Upgrade Bock from Debian 10 (Buster) to Debian 11 (Bullseye) // | // SUMMARY: Upgrade Bock from Debian 10 (Buster) to Debian 11 (Bullseye) // | ||
+ | ====== Notes of work performed ======== | ||
+ | // SUMMARY: As work is preformed, record here // | ||
+ | |||
+ | [[ Step 1 ]] - Create Bock Clone | ||
===== Goal ===== | ===== Goal ===== | ||
Line 8: | Line 12: | ||
==== Out of Scope ==== | ==== Out of Scope ==== | ||
- | Upgrading from Mailman 2 to Mailman 3 is out of scope for this task. Debian 11 (Bullseye) still supports Mailman 2.x. We can proceed with the upgrade to Debian 11 without making any major changes to mailman. | + | [[replace_mailman_2|Upgrading from Mailman 2 to Mailman 3]] is out of scope for this task. Debian 11 (Bullseye) still supports Mailman 2.x. We can proceed with the upgrade to Debian 11 without making any major changes to mailman. |
- | Once we are successfully migrated to Debian 11, a separate effort will be made to upgrade from Mailmain 2 to Mailman 3 (or switch to a different list manager altogether). | + | Once we are successfully migrated to Debian 11, a [[replace_mailman_2|separate effort]] will be made to upgrade from Mailmain 2 to Mailman 3 (or switch to a different list manager altogether). |
+ | |||
+ | ===== Configuration Details ===== | ||
+ | |||
+ | * **Hostname:** bock | ||
+ | * **Hypervisor:** [[https://xenproject.org/|Xen]] | ||
+ | * **vCPU:** 2 | ||
+ | * **RAM:** 4GB | ||
+ | * **Storage:** | ||
+ | * xvda 50GB [System] | ||
+ | * xvdb 200GB [Media] | ||
+ | * xvdc 20GB [Spare] | ||
+ | |||
+ | |||
+ | |||
+ | ==== Externally Accessible Ports ==== | ||
+ | |||
+ | Edited extracts from output of iptables -L (As of 12 Oct 2023) | ||
+ | ------------------------------------------------------------------------ | ||
+ | Chain IN_public_allow (1 references) | ||
+ | pkts bytes target prot source destination | ||
+ | 122K 6462K ACCEPT tcp 0.0.0.0/0 tcp dpt:80 ctstate NEW,UNTRACKED | ||
+ | 1741K 103M ACCEPT tcp 0.0.0.0/0 tcp dpt:443 ctstate NEW,UNTRACKED | ||
+ | 48901 2757K ACCEPT tcp 0.0.0.0/0 tcp dpt:25 ctstate NEW,UNTRACKED | ||
+ | 24000 1503K ACCEPT tcp 0.0.0.0/0 tcp dpt:993 ctstate NEW,UNTRACKED | ||
+ | 23071 1226K ACCEPT tcp 0.0.0.0/0 tcp dpt:995 ctstate NEW,UNTRACKED | ||
+ | 61544 3294K ACCEPT tcp 0.0.0.0/0 tcp dpt:465 ctstate NEW,UNTRACKED | ||
+ | 1279 66272 ACCEPT tcp 0.0.0.0/0 tcp dpt:53 ctstate NEW,UNTRACKED | ||
+ | 7645 483K ACCEPT udp 0.0.0.0/0 udp dpt:53 ctstate NEW,UNTRACKED | ||
+ | 925 54940 ACCEPT tcp 0.0.0.0/0 tcp dpt:2206 ctstate NEW,UNTRACKED | ||
+ | |||
+ | |||
+ | ==== Services ==== | ||
+ | |||
+ | These are the important services that are running on Bock. The upgrade will not be considered successful until these services are fully operational on Debian 11. | ||
+ | |||
+ | === External === | ||
+ | |||
+ | * Web - apache | ||
+ | * Email - postfix, etc. | ||
+ | * DNS - named | ||
+ | * SSH - sshd | ||
+ | |||
+ | === Internal === | ||
+ | |||
+ | * Database - mysql | ||
===== Bock-Specific PreUpgrade Concerns/Complications ===== | ===== Bock-Specific PreUpgrade Concerns/Complications ===== | ||
Line 30: | Line 79: | ||
Will we be forced to change iptables to netfilter/nftables? | Will we be forced to change iptables to netfilter/nftables? | ||
+ | |||
+ | ==== Software of special concern: ==== | ||
+ | |||
+ | * Packages installed outside of Debian origins (As of 1 Jun 2023): | ||
+ | * Dokuwiki is installed outside Debian packages: Current is 2023-04-04a "Jack Jackrum", SLUUG has 2018-04-22a "Greebo". Interestingly, the current in Debian 11 is 20180422.a-2.1, while 10 has 0.0.20180422.a-2 and 12 has 20220731.a-2. | ||
+ | * Perhaps switch to the Debian package when upgrade to Debian 11? | ||
+ | * 20200729-0.1~bpo11+1 in backports. | ||
+ | * ncpa - "Nagios Cross-Platform Agent" - Not a Debian package? | ||
+ | * [[https://en.wikipedia.org/wiki/Distributed_Checksum_Clearinghouse|Distributed Checksum Clearinghouse]] - [[bock-2018-spamassassin|SLUUG installation for SpamAssassin]]. | ||
+ | * Abandoned, ancient, local tools, or unknown origin: | ||
+ | * /srv/www/test.sluug.org/drupal-20070608/ | ||
+ | * /srv/www/a.sluug.org/postfixadmin-2.3.2/ | ||
+ | * /usr/local/*bin/ | ||
+ | * /usr/src/certbot/ | ||
+ | * Old web site CGI scripting? | ||
+ | |||
+ | ==== Summary of packages without a replacement in Debian 12: ==== | ||
+ | |||
+ | * Mailman 2 | ||
+ | * Details discussed in depth elsewhere. | ||
+ | * geoip-database-extra | ||
+ | * "find the country that any IP address or hostname originates from". | ||
+ | * Use by Spamassassin to determine countries. A better system was not used before because of licensing, etc. | ||
+ | * multiarch-support | ||
+ | * "Transitional package to ensure multiarch compatibility". | ||
+ | * ncpa | ||
+ | * "Nagios Cross-Platform Agent". | ||
+ | * Not a Debian package. | ||
+ | * postfixadmin | ||
+ | * "administrators to delegate account handling" | ||
+ | * python-backports.functools-lru-cache | ||
+ | * "backport of functools.lru_cache from Python 3.3 to Python 2". | ||
+ | * webalizer | ||
+ | * "scan web server log files ... produce usage statistics". | ||
+ | * This package is in 10 and 12, but not 11. | ||
+ | * libcilkrts5 | ||
+ | * "Intel Cilk Plus language extensions". | ||
+ | * liblogging-stdlog0 | ||
+ | * "lightweight logging library". | ||
+ | * This is a 9 package, not in 10. | ||
+ | * libmpx2 | ||
+ | * "Intel memory protection extensions". | ||
+ | * libparse-debianchangelog-perl | ||
+ | * "parse Debian changelogs and output". | ||
+ | * libpolkit-backend-1-0 | ||
+ | * "policy that allows unprivileged ... speak to privileged". | ||
+ | |||
+ | ^ Currently installed on bock 2, but not exactly matched in Debian 11 ^^ | ||
+ | ^ Currently installed ^ Replacement in Debian 11 ^ | ||
+ | | cpp-6, cpp-8 | cpp-10 | | ||
+ | | g++-8 | g++-10 | | ||
+ | | gcc-6, gcc-8 | gcc-10 | | ||
+ | | gcc-6-base, gcc-7-base, gcc-8-base | gcc-10-base | | ||
+ | | geoip-database-extra | Direct replacement not found. | | ||
+ | | libapache2-mod-php7.0, libapache2-mod-php7.3 | libapache2-mod-php7.4 | | ||
+ | | libapt-inst2.0 | Direct replacement not found. | | ||
+ | | libapt-pkg5.0 | libapt-pkg6.0 | | ||
+ | | libasan3 | libasan5 - Already installed | | ||
+ | | libboost-iostreams1.67.0 | libboost-iostreams1.74.0 | | ||
+ | | libboost-system1.67.0 | libboost-system1.74.0 | | ||
+ | | libcilkrts5 | Direct replacement not found. | | ||
+ | | libcryptsetup4 | libcryptsetup12 - Already installed | | ||
+ | | libcwidget3v5 | libcwidget4 | | ||
+ | | libdns-export162 | ? | | ||
+ | | libdns-export1104 | libdns-export1110 | | ||
+ | | libdns1104 | libdns1110 | | ||
+ | | libevent-2.1-6 | libevent-2.1-7 | | ||
+ | | libffi6 | libffi7 | | ||
+ | | libgc1c2 | libgc1 | | ||
+ | | libgcc-6-dev, libgcc-8-dev | libgcc-10-dev | | ||
+ | | libgdbm3 | libgdbm6 - Already installed | | ||
+ | | libhogweed4 | libhogweed6 | | ||
+ | | libicu63 | libicu67 | | ||
+ | | libip4tc0 | libip4tc2 | | ||
+ | | libip6tc0 | libip6tc2 | | ||
+ | | libipset11 | libipset13 | | ||
+ | | libisc-export1100 | libisc-export1105 | | ||
+ | | libisc-export160 | libisccc-export161 - Not exact name! | | ||
+ | | libisc1100 | libisc1105 | | ||
+ | | libisl15, libisl19 | libisl23 | | ||
+ | | libjson-c3 | libjson-c5 | | ||
+ | | liblinear3 | liblinear4 | | ||
+ | | libllvm7 | libllvm9, libllvm11, libllvm13 | | ||
+ | | liblogging-stdlog0 - This is a 9 package, not in 10 | Direct replacement not found. | | ||
+ | | libmailutils5 | libmailutils7 | | ||
+ | | libmpdec2 | libmpcdec6 | | ||
+ | | libmpfr4 | libmpfr6 - Already installed | | ||
+ | | libmpx2 | Direct replacement not found. | | ||
+ | | libnettle6 | libnettle8 | | ||
+ | | libnftables0 | libnftables1 | | ||
+ | | libparse-debianchangelog-perl | Direct replacement not found. | | ||
+ | | libperl5.28 | libperl5.32 | | ||
+ | | libpolkit-backend-1-0 | Direct replacement not found. | | ||
+ | | libpoppler82 | libpoppler102 | | ||
+ | | libprocps6, libprocps7 | libprocps8 | | ||
+ | | libpython-dev | libpython3-dev | | ||
+ | | libpython-stdlib, libpython3.7-stdlib | libpython3.9-stdlib | | ||
+ | | libreadline5, libreadline7 | libreadline8 | | ||
+ | | libruby2.5 | libruby2.7 | | ||
+ | | libsensors4 | libsensors5 - Already installed | | ||
+ | | libssl1.0.2 | libssl1.1 - Already installed | | ||
+ | | libstdc++-8-dev | libstdc++-10-dev | | ||
+ | | libubsan0 | libubsan1-amd64-cross ???? | | ||
+ | | libunistring0 | libunistring2 | | ||
+ | | linux-compiler-gcc-8-x86 | linux-compiler-gcc-10-x86 | | ||
+ | | linux-headers-4.19.0-??-amd64 | linux-headers-5.10.0-??-amd64 | | ||
+ | | linux-headers-4.19.0-??-common | linux-headers-5.10.0-??-common | | ||
+ | | linux-image-4.9.0-??-amd64, linux-image-4.19.0-??-amd64 | linux-image-5.10.0-??-amd64 | | ||
+ | | linux-kbuild-4.19 | linux-kbuild-5.10 | | ||
+ | | lynx-cur | lynx - Already installed | | ||
+ | | mailman | mailman3 - Available for Debain 10 | | ||
+ | | mariadb-client-10.1, mariadb-client-10.3 | mariadb-client-10.5 | | ||
+ | | mariadb-server-10.1, mariadb-server-10.3 | mariadb-server-10.5 | | ||
+ | | multiarch-support | Direct replacement not found. | | ||
+ | | ncpa - Not a Debian package? | Direct replacement not found. | | ||
+ | | perl-modules-5.24, perl-modules-5.28 | perl-modules-5.32 | | ||
+ | | php7.0-cli, php7.3-cli | php7.4-cli | | ||
+ | | php7.0-common, php7.3-common | php7.4-common | | ||
+ | | php7.0-imap, php7.3-imap | php7.4-imap | | ||
+ | | php7.0-json, php7.3-json | php7.4-json | | ||
+ | | php7.0-mbstring, php7.3-mbstring | php7.4-mbstring | | ||
+ | | php7.0-mysql, php7.3-mysql | php7.4-mysql | | ||
+ | | php7.0-opcache, php7.3-opcache | php7.4-opcache | | ||
+ | | php7.0-readline, php7.3-readline | php7.4-readline | | ||
+ | | postfixadmin | Direct replacement not found. | | ||
+ | | python-backports.functools-lru-cache| Direct replacement not found. | | ||
+ | | python-bs4 | python3-bs4 | | ||
+ | | python-certbot-apache | python3-certbot-apache - Already inst | | ||
+ | | python-chardet | python3-chardet - Already installed | | ||
+ | | python-dnspython | python3-dnspython - Already installed | | ||
+ | | python-html5lib | python3-html5lib | | ||
+ | | python-lxml | python3-lxml | | ||
+ | | python-minimal | python3-minimal - Already installed | | ||
+ | | python-pbr | python3-pbr - Already installed | | ||
+ | | python3.7 | python3.9 | | ||
+ | | python3.5-minimal, python3.7-minimal | python3.9-minimal | | ||
+ | | ruby2.5 | ruby2.7 | | ||
+ | | webalizer | Direct replacement not found. | | ||
===== Plan ===== | ===== Plan ===== | ||
Line 41: | Line 228: | ||
- (?) Simulate Upgrade failure on Bock-Clone to document Rollback Procedure | - (?) Simulate Upgrade failure on Bock-Clone to document Rollback Procedure | ||
- Upgrade Bock by performing the steps listed in Procedure section. | - Upgrade Bock by performing the steps listed in Procedure section. | ||
+ | - Ensure important services are fully functional on Debian 11. | ||
- (If necessary) Rollback using Backout Plan. | - (If necessary) Rollback using Backout Plan. | ||
Line 47: | Line 235: | ||
This section will contain all actions that need to be performed to execute the Plan. | This section will contain all actions that need to be performed to execute the Plan. | ||
+ | |||
+ | === Service Validation === | ||
+ | |||
+ | This section will contain all the actions that need to be performed to ensure the important services are fully operational after the upgrade. | ||
===== Backout Plan ===== | ===== Backout Plan ===== | ||
Line 60: | Line 252: | ||
===== References ===== | ===== References ===== | ||
+ | Debian 10 ( Buster ) Long Term Support ( LTS ) End of Life is 30 June 2024: | ||
+ | * [[https://endoflife.date/debian ]] | ||
- | [[https://www.debian.org/releases/buster/|Debian 10 (Buster)]] | + | [[https://www.debian.org/releases/buster/|Debian 10 (Buster) |
* [[https://packages.debian.org/buster/mailman|Mailman Version in Package Archive]] | * [[https://packages.debian.org/buster/mailman|Mailman Version in Package Archive]] | ||
Line 71: | Line 265: | ||
* [[https://www.debian.org/releases/bullseye/amd64/release-notes/ch-upgrading.en.html|Upgrading from Debian 10]] | * [[https://www.debian.org/releases/bullseye/amd64/release-notes/ch-upgrading.en.html|Upgrading from Debian 10]] | ||
* [[https://www.debian.org/releases/oldstable/amd64/release-notes/ch-information.en.html|Issues to be aware of]] | * [[https://www.debian.org/releases/oldstable/amd64/release-notes/ch-information.en.html|Issues to be aware of]] | ||
- | * [[https://packages.debian.org/bullseye/mailman|Mailman Version in Package Archive]] | + | * [[https://packages.debian.org/bullseye/mailman3|Mailman Version in Package Archive]] |
+ | [[https://raphaelhertzog.com/mastering-debian/|Mastering Debian and Ubuntu]] |