[BALUG-Admin] completed successfully(?): Re: BALUG VM Debian oldstable --> stable
Michael Paoli
Michael.Paoli@cal.berkeley.edu
Sun Apr 19 11:48:40 UTC 2020
As far as I can easily tell, the upgrade has been successfully completed.
Let me/us know if you find anything amiss or not working properly or
whatever.
Bit 'o before & after:
$ hostname; lsb_release -d; uname -m
balug-sf-lug-v2.balug.org
Debian GNU/Linux 9.12 (stretch)
x86_64
$ hostname; lsb_release -d; cat /etc/debian_version; uname -m
balug-sf-lug-v2.balug.org
Description: Debian GNU/Linux 10 (buster)
10.3
x86_64
$
Also, for the curious, this is set of outline/notes I worked
off of ... the "clone" bits, were additional steps run through with
"clone" VMs of the production balug VM - notably to avoid conflicts
with the production VM's data and operations (DNS, email, lists, IP
addresses, ...), and the "files:" bit towards the end outlines
most all the configuration files that had some specific (semi-)"manual"
changes applied to them (typically merging customizations from older
versions into newer versions, adjusting to fix any incompatibilities,
etc.):
# <balug.upgrade.notes expand -t 4
#vm=balugclone01
vm=balugclone02
clone VM --> "$vm"
see also earlier:
https://lists.balug.org/pipermail/balug-admin/2020-February/001018.html
clone:
down interface link:
(vm=balugclone02; link=down; mac=52:54:00:67:20:40; virsh
domif-setlink "$vm" "$mac" "$link" --config; virsh domif-setlink "$vm"
"$mac" "$link"; virsh domif-getlink "$vm" "$mac" --config; virsh
domif-getlink "$vm" "$mac")
change network from bridged to default
stop and disable potential conflicting services:
systemctl stop & systemctl disable:
mailman.service
exim4.service
apache2.service
spamassassin.service
rsync.service
mariadb.service
bind9.service
/etc/network/interfaces disable interfaces except lo and change
eth0 to inet dhcp
shutdown
up interface link:
(vm=balugclone02; link=up; mac=52:54:00:67:20:40; virsh
domif-setlink "$vm" "$mac" "$link" --config; virsh domif-setlink "$vm"
"$mac" "$link"; virsh domif-getlink "$vm" "$mac" --config; virsh
domif-getlink "$vm" "$mac")
boot
follow upgrade documentation from release notes
https://www.debian.org/releases/buster/amd64/release-notes/
before changing sources.list: update, upgrade
backup
(cd / && tar -cf - etc var/lib/dpkg var/lib/apt/extended_states) | xz
-9 > etc_var-lib-dpkg_var-lib-apt-extended_states.tar.xz
dpkg --get-selections \* | xz -9 > dpkg_--get-selections_\*.xz
Migrating from legacy network interface names
https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#migrate-interface-names
eth0 --> ens3
/etc/udev/rules.d/70-persistent-net.rules comment out active lines
# rm /etc/systemd/network/50-virtio-kernel-names.link
# mount -o remount,rw /boot && update-initramfs -u
/etc/fail2ban/action.d/dshield.conf eth0 --> ens3
/etc/fail2ban/action.d/mynetwatchman.conf eth0 --> ens3
/etc/network/interfaces eth0 --> ens3
/etc/sysctl.conf eth0 --> ens3
reboot
/etc/apt/sources.list stretch --> buster
# (ts=$(TZ=GMT0 date -Iseconds) && script -t
2>~/tmp/9.12_to_10/typescript."$ts".time -a
~/tmp/9.12_to_10/typescript."$ts".script)
# lvcreate -l 320 -n archives balug
# mkfs -t ext3 -L archives /dev/balug/archives
# tune2fs -r 0 /dev/balug/archives
# (umask 022 && mkdir /var/tmp/archives)
add to /etc/fstab (setting UUID accordingly in /etc/fstab):
/dev/balug/archives /var/tmp/archives ext3 nosuid,nodev 0 3 #
LABEL=archives UUID=
# rm -rf /var/cache/apt/archives/.f
# (umask 022 && apt-get -y clean)
# mount -a
# mkdir /var/tmp/archives/archives
# (cd /var/cache/apt/archives && find . -xdev -depth -print0 | pax -rw
-0d -p e /var/tmp/archives/archives)
add to /etc/fstab:
/var/tmp/archives/archives /var/cache/apt/archives none bind 0 0
mount -a
pre-fill files from cache
# (cd / && umask 022 && apt-get -y upgrade)
configuration & files:
Automatic font hinting style: 2 (Slight)
/etc/init.d/rsync
/etc/crontab
/etc/fail2ban/action.d/dshield.conf
save downloaded packages to cache
# apt-get clean
pre-fill files from cache
# (cd / && umask 022 && apt full-upgrade)
configuration & files:
Insert headers before changelogs? [yes/no] no
Show changes in reverse order? [yes/no] no
Allow ordinary users to run ip vrf exec using capabilities? [yes/no] no
/etc/exim4/exim4.conf.template
/etc/sysctl.conf
PAM profiles to enable: 1. Unix authentication
/etc/sysstat/sysstat
/etc/logrotate.d/apache2
/etc/bind/named.conf.options.local
/etc/bind/named.conf.options
/etc/bind/named.conf.local
/etc/lvm/lvm.conf
(umask 077 && cd / && echo -e 'usr/share/dns\nusr/share\nusr' |
pax -rw -d -p e /var/lib/named/)
/etc/fstab:
/usr/share/dns /var/lib/named/usr/share/dns none bind 0 0
# mount -a
# rm /etc/systemd/system/bind9.service.d/bind9.conf
# systemctl daemon-reload
clone:
bind9 all notify off (no)
comment out notify-source and notify-source-v6
systemctl enable bind9.service
/etc/exim4/eximconfig/config/exim4.conf &
/etc/exim4/eximconfig/messages/en/eximconfig:
:%s/TEXT_LOG_ALLOWED/TEXT_LOG__ALLOWED/g
:%s/TEXT_LOG_ETRN_PROHIBITED/TEXT_LOG__ETRN_PROHIBITED/g
:%s/TEXT_LOG_SUBJECT/TEXT_LOG__SUBJECT/g
save downloaded packages to cache
remove from /etc/fstab:
/dev/balug/archives /var/tmp/archives ext3 nosuid,nodev 0 3 #
LABEL=archives UUID=
/var/tmp/archives/archives /var/cache/apt/archives none bind 0 0
# umount /var/cache/apt/archives
# umount /var/tmp/archives
# rmdir /var/tmp/archives
# lvchange -a n /dev/balug/archives
# lvremove /dev/balug/archives
reboot
(cd / && umask 022 && apt-get --purge -y remove linux-image-4.9.0-12-amd64)
(cd / && umask 022 && apt-get --purge -y autoremove)
(cd / && umask 022 && apt-get -y --purge remove $(dpkg -l | awk
'{if($1=="rc")print $2;}'))
clone:
down interface link:
(vm=balugclone02; link=down; mac=52:54:00:67:20:40; virsh
domif-setlink "$vm" "$mac" "$link" --config; virsh domif-setlink "$vm"
"$mac" "$link"; virsh domif-getlink "$vm" "$mac" --config; virsh
domif-getlink "$vm" "$mac")
systemctl enable:
mariadb.service
spamassassin.service
exim4.service
mailman.service
apache2.service
rsync.service
reboot
stop and disable services:
(set -x; for s in rsync apache2 mailman exim4 spamassassin
mariadb; do { systemctl stop "$s" && systemctl disable "$s"; } ||
break; done)
up interface link:
(vm=balugclone02; link=up; mac=52:54:00:67:20:40; virsh
domif-setlink "$vm" "$mac" "$link" --config; virsh domif-setlink "$vm"
"$mac" "$link"; virsh domif-getlink "$vm" "$mac" --config; virsh
domif-getlink "$vm" "$mac")
files:
/etc/network/interfaces
/etc/network/interfaces.nominal
/etc/udev/rules.d/70-persistent-net.rules comment out active lines
# rm /etc/systemd/network/50-virtio-kernel-names.link
/etc/fail2ban/action.d/dshield.conf eth0 --> ens3
/etc/fail2ban/action.d/mynetwatchman.conf eth0 --> ens3
/etc/network/interfaces eth0 --> ens3
/etc/sysctl.conf eth0 --> ens3
/etc/apt/sources.list stretch --> buster
/etc/init.d/rsync
/etc/crontab
/etc/fail2ban/action.d/dshield.conf
/etc/exim4/exim4.conf.template
/etc/sysctl.conf
/etc/sysstat/sysstat
/etc/logrotate.d/apache2
/etc/bind/named.conf.options.local
/etc/bind/named.conf.options
/etc/bind/named.conf.local
/etc/lvm/lvm.conf
# rm /etc/systemd/system/bind9.service.d/bind9.conf
/etc/exim4/eximconfig/config/exim4.conf &
/etc/exim4/eximconfig/messages/en/eximconfig:
TEXT_LOG_ALLOWED --> TEXT_LOG__ALLOWED
TEXT_LOG_ETRN_PROHIBITED --> TEXT_LOG__ETRN_PROHIBITED
TEXT_LOG_SUBJECT --> TEXT_LOG__SUBJECT
#
> From: "Michael Paoli" <Michael.Paoli@cal.berkeley.edu>
> Subject: BALUG VM Debian oldstable --> stable
> Date: Sun, 19 Apr 2020 02:08:49 -0700
> Okay, one more time ... hopefully relatively smoothly this time.
> Have done fair bit more thorough testing, essentially on
> "cloned" virtual machines (while also taking the appropriate
> precautions to avoid conflicts with the running production).
>
> Anyway, will restart the upgrade process soon.
> If all goes relatively smoothly, should be complete after
> a few hours or so.
>
> Services - for the most part will mostly remain up and operational
> throughout, but there will definitely be at least some disruptions,
> due to some required reboot(s) and stopping and restarting of
> services. I'll update once things have completed and things
> look good ... or any substantially different results.
>
> This BALUG VM is the host that supports essentially all (except some
> additional DNS slaves) services of:
> BALUG
> and likewise excepting list services, for:
> SF-LUG
> BerkeleyLUG
>
> references/excerpts:
> https://lists.balug.org/pipermail/balug-admin/2020-February/001017.html
> https://lists.balug.org/pipermail/balug-admin/2020-February/001018.html
> http://linuxmafia.com/pipermail/conspire/2020-April/010521.html
> http://linuxmafia.com/pipermail/conspire/2020-April/010525.html
More information about the BALUG-Admin
mailing list