Debian 12 Transition

From CSCWiki
Revision as of 22:57, 30 July 2023 by Y266shen (talk | contribs)
Jump to navigation Jump to search

Upgrade steps

1. Create the /etc/apt/keyrings folder.

2. Download the CSC keyring into it:

wget -O /etc/apt/keyrings/csclub.gpg http://debian.csclub.uwaterloo.ca/csclub.gpg

3. Make sure that the CSC keyring is the only one in /etc/apt/trusted.gpg:

gpg --no-options --show-keys /etc/apt/trusted.gpg

4. Delete /etc/apt/trusted.gpg and its backup file:

rm -f /etc/apt/trusted.gpg /etc/apt/trusted.gpg~

5. Replace the old-style /etc/apt/sources.list and /etc/apt/sources.list.d/*.list files with the new Deb822 "sources" style (see /etc/apt/sources.list.d/*.sources on sorbitol; don't copy the one for the Dell repo). Add a helpful note in /etc/apt/sources.list for other syscom members:

# See /etc/apt/sources.list.d/*.sources

6. apt update && apt dist-upgrade

7. apt autoremove --purge

8. During the upgrade, accept the new configuration files (choose the 'Y' option) for the following files:

  • /etc/fail2ban/fail2ban.conf
  • /etc/fail2ban/jail.conf
  • /etc/fail2ban/filter.d/sshd.conf

Everything else should keep the old file.

9. Copy the following files from sorbitol:

  • /etc/fail2ban/fail2ban.local
  • /etc/fail2ban/jail.local
  • /etc/fail2ban/filter.d/sshd.local

Then restart fail2ban.

10. If the 'ntp' package is installed, purge it and install systemd-timesyncd instead. Enable the systemd-timesyncd service and copy /etc/systemd/timesyncd.conf.d/csclub.conf from sorbitol. Start the service and make sure it's working.

11. Get rid of python2 if it's still installed:

apt purge python2.7-minimal
apt autoremove --purge

Pending machines

Machines/containers that have yet to upgrade to Debian 12. Remove entry when upgrade is done.

General-use servers

  • corn-syrup: low on disk space (<10G)

Syscom Only

  • xylitol: later?
    • xylitol runs all sort of critical services
  • phosphoric-acid: later?
    • phosphoric-acid runs web
  • yerba-mate
  • cobalamin
  • potassium-benzoate: ugh ubuntu and we can't shut down the mirror

Cloud

Everything. We will need to wait until ceph supports bookworm.

Containers

  • on xylitol
    • auth1
    • mail
    • chat
  • on phosphoric-acid
    • caffeine
    • coffee
    • prometheus