SUMMARY: Upgrade Bock from Debian 10 (Buster) to Debian 11 (Bullseye)

During our recent discussions on the SysAdmin Mailing List, the decision was made to upgrade bock.sluug.org from Debian 10 (Buster) to Debian 11 (Bullseye). Both of these Debian versions support Mailman 2.x.

Upgrading from Mailman 2 to Mailman 3 is out of scope for this task. Debian 11 (Bullseye) still supports Mailman 2.x. We can proceed with the upgrade to Debian 11 without making any major changes to mailman.

Once we are successfully migrated to Debian 11, a separate effort will be made to upgrade from Mailmain 2 to Mailman 3 (or switch to a different list manager altogether).

• Hostname: bock
• Hypervisor: Xen
• vCPU: 2
• RAM: 4GB
• Storage:
  • xvda 50GB [System]
  • xvdb 200GB [Media]
  • xvdc 20GB [Spare]

  Edited extracts from output of iptables -L (As of 12 Oct 2023)
  ------------------------------------------------------------------------
  Chain IN_public_allow (1 references)
   pkts bytes target  prot   source     destination
   122K 6462K ACCEPT  tcp    0.0.0.0/0  tcp dpt:80 ctstate NEW,UNTRACKED
  1741K  103M ACCEPT  tcp    0.0.0.0/0  tcp dpt:443 ctstate NEW,UNTRACKED
  48901 2757K ACCEPT  tcp    0.0.0.0/0  tcp dpt:25 ctstate NEW,UNTRACKED
  24000 1503K ACCEPT  tcp    0.0.0.0/0  tcp dpt:993 ctstate NEW,UNTRACKED
  23071 1226K ACCEPT  tcp    0.0.0.0/0  tcp dpt:995 ctstate NEW,UNTRACKED
  61544 3294K ACCEPT  tcp    0.0.0.0/0  tcp dpt:465 ctstate NEW,UNTRACKED
   1279 66272 ACCEPT  tcp    0.0.0.0/0  tcp dpt:53 ctstate NEW,UNTRACKED
   7645  483K ACCEPT  udp    0.0.0.0/0  udp dpt:53 ctstate NEW,UNTRACKED
    925 54940 ACCEPT  tcp    0.0.0.0/0  tcp dpt:2206 ctstate NEW,UNTRACKED

These are the important services that are running on Bock. The upgrade will not be considered successful until these services are fully operational on Debian 11.

• Web - apache
• Email - postfix, etc.
• DNS - named
• SSH - sshd

• Database - mysql

This section describes issues raised on the mailing lists that may need to be researched or addressed prior to execution of the Plan.

This section will only list complications that are specific to Bock. The Upgrading from Debian 10 documentation describes many "general" steps to prepare the system for an upgrade. Things listed in the official documentation will not be duplicated here.

Way back in 2023, there was an attempt to use "ufw" to change ports, but it didn't seem to affect things. Probably because ports were previously configured with "firewalld". Also blocking some incoming connections with "fail2ban", which is unrelated to the ufw problem.

  firewalld = dynamically managed firewall with support for network zones
  ufw       = program for managing a Netfilter firewall
  fail2ban  = ban hosts that cause multiple authentication errors

Will we be forced to change iptables to netfilter/nftables?

This section describes our plan to upgrade Bock to Debian 11.

1. Review documentation linked in the References section.
2. Create a clone of Bock (Bock-Clone)
3. Upgrade Bock-Clone by following the Upgrading from Debian 10 documentation.
   1. Document all actions taken in the Procedure section.
4. (?) Simulate Upgrade failure on Bock-Clone to document Rollback Procedure
5. Upgrade Bock by performing the steps listed in Procedure section.
6. Ensure important services are fully functional on Debian 11.
7. (If necessary) Rollback using Backout Plan.

This section will contain all actions that need to be performed to execute the Plan.

This section will contain all the actions that need to be performed to ensure the important services are fully operational after the upgrade.

This section describes our plan for restoring Bock to a working Debian 10 state, if the upgrade goes poorly and needs to be reverted.

1. (?) Rollback VM Snapshot
2. (?) Restore VM from backup

This section will contain all actions that need to be performed to execute the Backout Plan.

Debian 10 (Buster)

• Mailman Version in Package Archive

Debian 11 (Bullseye)

• Release Notes
• Errata
• Upgrading from Debian 10
• Issues to be aware of
• Mailman Version in Package Archive

Mastering Debian and Ubuntu