Debian 12 Transition: Difference between revisions
(Created page with "This page records the pending debian 12 upgrades on various systems. Remove corresponding entry if upgrade is done without issues. == General-use servers == * corn-syrup: lo...") |
m (remove Corn-Syrup in pending machines for Debian 12 upgrade) |
||
| (4 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
== Upgrade steps == |
|||
This page records the pending debian 12 upgrades on various systems. Remove corresponding entry if upgrade is done without issues. |
|||
1. Create the /etc/apt/keyrings folder. |
|||
2. Download the CSC keyring into it: |
|||
== General-use servers == |
|||
<pre> |
|||
wget -O /etc/apt/keyrings/csclub.gpg http://debian.csclub.uwaterloo.ca/csclub.gpg |
|||
</pre> |
|||
3. Make sure that the CSC keyring is the only one in /etc/apt/trusted.gpg: |
|||
* corn-syrup: low on disk space (<10G) |
|||
<pre> |
|||
* hfcs: won't boot because it's not accepting password on IPMI |
|||
gpg --no-options --show-keys /etc/apt/trusted.gpg |
|||
** will need to enter the server room to turn it on one day |
|||
</pre> |
|||
* carbonated-water: carbonated-water-ipmi doesn't seem to be valid |
|||
| ⚫ | |||
4. Delete /etc/apt/trusted.gpg and its backup file: |
|||
| ⚫ | |||
<pre> |
|||
rm -f /etc/apt/trusted.gpg /etc/apt/trusted.gpg~ |
|||
</pre> |
|||
5. Replace the old-style /etc/apt/sources.list and /etc/apt/sources.list.d/*.list files with the new Deb822 "sources" style (see /etc/apt/sources.list.d/*.sources on sorbitol; don't copy the one for the Dell repo). Add a helpful note in /etc/apt/sources.list for other syscom members: |
|||
<pre> |
|||
# See /etc/apt/sources.list.d/*.sources |
|||
</pre> |
|||
6. apt update && apt dist-upgrade |
|||
7. apt autoremove --purge |
|||
8. During the upgrade, accept the new configuration files (choose the 'Y' option) |
|||
for the following files: |
|||
* /etc/fail2ban/fail2ban.conf |
|||
* /etc/fail2ban/jail.conf |
|||
* /etc/fail2ban/filter.d/sshd.conf |
|||
Everything else should keep the old file. |
|||
9. Copy the following files from sorbitol: |
|||
* /etc/fail2ban/fail2ban.local |
|||
* /etc/fail2ban/jail.local |
|||
* /etc/fail2ban/filter.d/sshd.local |
|||
Then restart fail2ban. |
|||
10. If the 'ntp' package is installed, purge it and install systemd-timesyncd instead. Enable the systemd-timesyncd service and copy /etc/systemd/timesyncd.conf.d/csclub.conf from sorbitol. Start the service and make sure it's working. |
|||
11. Get rid of python2 if it's still installed: |
|||
<pre> |
|||
apt purge python2.7-minimal |
|||
apt autoremove --purge |
|||
</pre> |
|||
== Pending machines == |
|||
Machines/containers that have yet to upgrade to Debian 12. Remove entry when upgrade is done. |
|||
| ⚫ | |||
* xylitol: later? |
* xylitol: later? |
||
| Line 17: | Line 58: | ||
* yerba-mate |
* yerba-mate |
||
* cobalamin |
* cobalamin |
||
| ⚫ | |||
== Cloud == |
=== Cloud === |
||
Everything. We will need to wait until ceph supports bookworm. |
Everything. We will need to wait until ceph supports bookworm. |
||
== Containers == |
=== Containers === |
||
* on xylitol |
* on xylitol |
||
Latest revision as of 08:41, 1 September 2023
Upgrade steps
1. Create the /etc/apt/keyrings folder.
2. Download the CSC keyring into it:
wget -O /etc/apt/keyrings/csclub.gpg http://debian.csclub.uwaterloo.ca/csclub.gpg
3. Make sure that the CSC keyring is the only one in /etc/apt/trusted.gpg:
gpg --no-options --show-keys /etc/apt/trusted.gpg
4. Delete /etc/apt/trusted.gpg and its backup file:
rm -f /etc/apt/trusted.gpg /etc/apt/trusted.gpg~
5. Replace the old-style /etc/apt/sources.list and /etc/apt/sources.list.d/*.list files with the new Deb822 "sources" style (see /etc/apt/sources.list.d/*.sources on sorbitol; don't copy the one for the Dell repo). Add a helpful note in /etc/apt/sources.list for other syscom members:
# See /etc/apt/sources.list.d/*.sources
6. apt update && apt dist-upgrade
7. apt autoremove --purge
8. During the upgrade, accept the new configuration files (choose the 'Y' option) for the following files:
- /etc/fail2ban/fail2ban.conf
- /etc/fail2ban/jail.conf
- /etc/fail2ban/filter.d/sshd.conf
Everything else should keep the old file.
9. Copy the following files from sorbitol:
- /etc/fail2ban/fail2ban.local
- /etc/fail2ban/jail.local
- /etc/fail2ban/filter.d/sshd.local
Then restart fail2ban.
10. If the 'ntp' package is installed, purge it and install systemd-timesyncd instead. Enable the systemd-timesyncd service and copy /etc/systemd/timesyncd.conf.d/csclub.conf from sorbitol. Start the service and make sure it's working.
11. Get rid of python2 if it's still installed:
apt purge python2.7-minimal apt autoremove --purge
Pending machines
Machines/containers that have yet to upgrade to Debian 12. Remove entry when upgrade is done.
Syscom Only
- xylitol: later?
- xylitol runs all sort of critical services
- phosphoric-acid: later?
- phosphoric-acid runs web
- yerba-mate
- cobalamin
- potassium-benzoate: ugh ubuntu and we can't shut down the mirror
Cloud
Everything. We will need to wait until ceph supports bookworm.
Containers
- on xylitol
- auth1
- chat
- on phosphoric-acid
- caffeine
- coffee
- prometheus