Upgrade from bullseye to bookworm
Coordinating
Make sure to coordinate with whoever uses the host, be it the buildd operator, the QA team, the ftp team or just announce it on IRC if it's a general developer box.
Warning
NOTE: THIS IS A WORK IN PROGRESS. IT HAS NOT BEEN FINISHED, OR COMPLETELY TESTED YET NOTE: THIS IS A WORK IN PROGRESS. IT HAS NOT BEEN FINISHED, OR COMPLETELY TESTED YET NOTE: THIS IS A WORK IN PROGRESS. IT HAS NOT BEEN FINISHED, OR COMPLETELY TESTED YET NOTE: THIS IS A WORK IN PROGRESS. IT HAS NOT BEEN FINISHED, OR COMPLETELY TESTED YET
Important: before starting
Upgrading to puppet 7 means it won't be possible to renew puppet certificates until handel's upgrade. Make sure to renew the puppet certificate before the upgrade.
Upgrading
upgrade stuff:
- answer question to libc6 "Restart services automaticaly" with "yes"
- let the system change the homedir of the irc user
- keep our pam configuration
- say no (or "keep the local version currently installed") to other questions.
commands:
avoid "lookup not DNSSEC" errors and failures from exim4 during the upgrade:
service exim4 stop &&
update-rc.d exim4 disable
(note that puppet will in fact start exim4 during the upgrade process, but this step prevents package upgrades from doing so and is thus usually sufficient to avoid the precise combination of package versions that leads to the issues.)
upgrade (run in a screen as root in case the connection is interrupted):
sed -i "s#bullseye#bookworm#g" /etc/apt/sources.list.d/debian.list &&
dpkg --clear-avail &&
apt-get update &&
service samhain stop &&
rm -f /var/state/samhain/samhain_file /var/lib/samhain/samhain_file &&
UCF_FORCE_CONFFOLD=1 apt-get -o Dpkg::Options::="--force-confdef" install dpkg apt samhain &&
service samhain stop &&
UCF_FORCE_CONFFOLD=1 apt-get -o Dpkg::Options::="--force-confdef" dist-upgrade &&
service samhain stop &&
rm -f /var/state/samhain/samhain_file /var/lib/samhain/samhain_file &&
samhain --foreground -t init -p none -s none -l none -m none &&
(puppet agent -t || true) &&
: sometimes puppet resets our sources back to bullseye. insist &&
sed -i "s#bullseye#bookworm#g" /etc/apt/sources.list.d/debian.list &&
apt-get update &&
apt-get install debian.org-recommended-bullseye zstd &&
UCF_FORCE_CONFFOLD=1 apt-get -o Dpkg::Options::="--force-confdef" dist-upgrade &&
apt-get --purge autoremove &&
while [ "$(deborphan -n | wc -l)" -gt 0 ] ; do apt-get purge $(deborphan -n); done &&
apt-get --purge autoremove &&
dpkg --clear-avail &&
apt-get clean
purge removed packages
dpkg --get-selections | awk '$2=="deinstall" {print $1}' &&
echo "really purge these [y/N]?" && read ans && [ "$ans" = "y" ] && dpkg --purge `dpkg --get-selections | awk '$2=="deinstall" {print $1}'` &&
echo "These are not at install:" && dpkg --get-selections | awk '$2!="install" {print $1}'
more clean ups:
apt-get update &&
/usr/lib/nagios/plugins/dsa-check-packages | tr -d ,
(apt-get purge them)
apt-get --purge autoremove &&
while [ "$(deborphan -n | wc -l)" -gt 0 ] ; do apt-get purge $(deborphan -n); done
(puppet agent -t || true) && (puppet agent -t || true)
(update-rc.d exim4 enable || true)
update dsa-nagios.git (add host to bookworm hostgroup)
update samhain and finish with a reboot
(puppet agent -t || true) &&
(puppet agent -t || true) &&
(puppet agent -t || true) &&
ud-replicate &&
samhain --foreground -t update -p none -s none -l none -m none &&
dsa-update-apt-status -f &&
reboot < /dev/null
consider more cleanup
apt-get autoremove &&
(puppet agent -t || true) &&
samhain --foreground -t update -p none -s none -l none -m none &&
dsa-update-apt-status -f