wheezy2jessie.sh
· 10 KiB · Bash
原始檔案
Please also refer to http://www.debian.org/releases/jessie/releasenotes and use your brain! If you can’t figure out what one of the commands below does, this is not for you. Expert mode only :)
# upgrade to UTF-8 locales (http://www.debian.org/releases/jessie/amd64/release-notes/ap-old-stuff.en.html#switch-utf8)
dpkg-reconfigure locales
# remove unused config file
rm -rf /etc/network/options /etc/environment
# Transition and remove entries from older releases
sed -i s#/backports.org/debian#/ftp.de.debian.org/debian#g /etc/apt/sources.list*
sed -i s/debian-backports/debian/g /etc/apt/sources.list*
sed -i /etch/d /etc/apt/sources.list*
sed -i /lenny/d /etc/apt/sources.list*
sed -i /sarge/d /etc/apt/sources.list*
sed -i /squeeze/d /etc/apt/sources.list*
sed -i /volatile/d /etc/apt/sources.list*
sed -i /proposed-updates/d /etc/apt/sources.list*
# change distro (please move 3rd party sources to /etc/apt/sources.list.d/), maybe look into http://ftp.cyconet.org/debian/sources.list.d/
sed -i s/wheezy/jessie/g /etc/apt/sources.list*
sed -i "s/ stable/ jessie/g" /etc/apt/sources.list*
sed -i s/wheezy/jessie/g /etc/apt/preferences*
sed -i s/wheezy/jessie/g /etc/apt/sources.list.d/*wheezy*
rename s/wheezy/jessie/g /etc/apt/sources.list.d/*wheezy*
wget https://gist.githubusercontent.com/waja/d6f8715b0a187796212e012bf2289033/raw/jessie_fix_source_lists.sh -O /tmp/a && sh /tmp/a
aptitude update
# Set for example a package on hold
PACKAGE="mailscanner"; echo $PACKAGE hold |dpkg --set-selections; aptitude hold $PACKAGE
# check package status
dpkg --audit
aptitude search "~ahold" | grep "^.h"
dpkg --get-selections | grep hold
# unmark packages auto
aptitude unmarkauto vim && \
aptitude unmarkauto monitoring-plugins-standard monitoring-plugins-common monitoring-plugins-basic && \
aptitude unmarkauto open-vm-tools-dkms ifenslave && \
aptitude unmarkauto xen-system-amd64 && aptitude unmarkauto $(dpkg-query -W 'xen-linux-system-*' | cut -f1) \
aptitude unmarkauto $(dpkg-query -W 'linux-image-3.2.*' | cut -f1)
# have a look into required and free disk space
apt-get -o APT::Get::Trivial-Only=true dist-upgrade || df -h
# record session
script -t 2>~/upgrade-jessie.time -a ~/upgrade-jessie.script
# install our preseed so libc doesn't whine
cat > /tmp/jessie.preseed <<EOF
libc6 glibc/upgrade boolean true
libc6 glibc/restart-services string
libc6 libraries/restart-without-asking boolean true
EOF
/usr/bin/debconf-set-selections /tmp/jessie.preseed
# update aptitude first
[ "$(which aptitude)" = "/usr/bin/aptitude" ] && aptitude install aptitude
# remove php5-suhosin, which doesn't exist in jessie anymore
if [ "$( dpkg -l | grep "^ii.*php5-suhosin" | wc -l)" -ge "1" ]; then \
apt-get remove php5-suhosin
fi
# remove obsolete php5-ps
if [ "$( dpkg -l | grep "^ii.*php5-ps" | wc -l)" -ge "1" ]; then \
apt-get remove php5-ps
fi
# minimal system upgrade (keep sysvinit / see http://noone.org/talks/debian-ohne-systemd/debian-ohne-systemd-clt.html#%2811%29)
aptitude upgrade '~U' 'sysvinit-core+'
# (re)enable wheel
if [ -f /etc/pam.d/su.dpkg-new ]; then CFG=/etc/pam.d/su.dpkg-new; else CFG=/etc/pam.d/su; fi
sed -i "s/# auth required pam_wheel.so/auth required pam_wheel.so/" $CFG
# (re)configure snmpd
COMMUNITY="mycommunity"; \
if [ -f /etc/snmp/snmpd.conf.dpkg-new ]; then CFG=/etc/snmp/snmpd.conf.dpkg-new; \
else CFG=/etc/snmp/snmpd.conf; fi
sed -i "s^#rocommunity secret 10.0.0.0/16^rocommunity $COMMUNITY^g" $CFG
sed -i s/#agentAddress/agentAddress/ $CFG
sed -i "s/^ rocommunity public/# rocommunity public/" $CFG
sed -i "s/^ rocommunity6 public/# rocommunity6 public/" $CFG
sed -i "s/agentAddress udp:127/#agentAddress udp:127/" $CFG
# fix our xen modification
[ -f /etc/grub.d/20_linux_xen ] && rm -rf /etc/grub.d/09_linux_xen && \
dpkg-divert --divert /etc/grub.d/09_linux_xen --rename /etc/grub.d/20_linux_xen
# chrony update
if [ -f /etc/chrony/chrony.conf.new ]; then CFG=/etc/chrony/chrony.conf.new; else CFG=/etc/chrony/chrony.conf; fi
sed -i s/debian.pool/de.pool/g $CFG
# randomize crontab
if [ -f /etc/crontab.dpkg-new ]; then CFG=/etc/crontab.dpkg-new; else CFG=/etc/crontab; fi
sed -i 's#root cd#root perl -e "sleep int(rand(300))" \&\& cd#' $CFG
sed -i 's#root\ttest#root\tperl -e "sleep int(rand(3600))" \&\& test#' $CFG
# phpmyadmin
if [ -f /etc/phpmyadmin/config.inc.php.dpkg-new ]; then CFG=/etc/phpmyadmin/config.inc.php.dpkg-new; \
else CFG=/etc/phpmyadmin/config.inc.php; fi
sed -i "s/\['auth_type'\] = 'cookie'/\['auth_type'\] = 'http'/" $CFG
sed -i "s#//\$cfg\['Servers'\]\[\$i\]\['auth_type'\] = 'http';#\$cfg['Servers'][\$i]['auth_type'] = 'http';#" $CFG
# maybe we want to change some shorewall config stuff again
if [ -f /etc/default/shorewall.dpkg-new ]; then CFG=/etc/default/shorewall.dpkg-new; else CFG=/etc/default/shorewall; fi
sed -i 's/^startup=0/startup=1/' $CFG
# nat helper needs to be install (http://shorewall.net/Helpers.html#idp8854577312)
ucf /usr/share/shorewall/configfiles/conntrack /etc/shorewall/conntrack
# full-upgrade
aptitude full-upgrade
# Apache2 config migration
# see also /usr/share/doc/apache2/NEWS.Debian.gz
#
# migrate sites into new naming scheme
perl /usr/share/doc/apache2/migrate-sites.pl
# migrate server config snippets into new directory
cat > /tmp/a2confmigrate << EOF
APACHE2BASEDIR="/etc/apache2"; for CONF in \$(ls -l \${APACHE2BASEDIR}/conf.d/ | grep -v ^l | awk '{print \$9}' | grep -v ^$); do
if ! [ "\${CONF##*.}" == "conf" ]; then
mv \${APACHE2BASEDIR}/conf.d/"\${CONF}" \${APACHE2BASEDIR}/conf.d/"\${CONF}".conf
CONF="\${CONF}.conf"
fi
mv \${APACHE2BASEDIR}/conf.d/"\${CONF}" \${APACHE2BASEDIR}/conf-available/"\${CONF}"
# enable this
CONF=\$(basename "\${CONF}" .conf)
a2enconf "\${CONF}"
done
EOF
sh /tmp/a2confmigrate
# migrate standard Options config to valid one
sed -i "s/Options ExecCGI/Options +ExecCGI/" /etc/apache2/sites-available/*
# fix probable Piped Logs
sed -i 's/|exec /| /' /etc/apache2/sites-available/*
# check for probably incompatible Apache configration statements (see https://gist.github.com/waja/86a3a055c1fedfba3c58#upstream-changes)
# Even lists conditional statements which might be not a problem
rgrep -iE "(Order|Allow|Deny|Satisfy) " /etc/apache2/conf-enabled/* | grep -v ":#" && rgrep -iE "(Order|Allow|Deny|Satisfy) " /etc/apache2/sites-enabled/* | grep -v ":#"
# just in case you have you DocumentRoots in /var/www, you might want to also check for .htaccess containing those
# Even lists conditional statements which might be not a problem
rgrep -iE "(Order|Allow|Deny|Satisfy) " --include .htaccess /var/www/ | grep -v ":#"
# serveral changes may be needed to adjust content of config files
# see https://gist.github.com/waja/86a3a055c1fedfba3c58#file-apache2.0to2.4.md
# migrate redmine plugins
mv /usr/share/redmine/vendor/plugins/* /usr/share/redmine/plugins/ && rmdir /usr/share/redmine/vendor/plugins/
# Remove inconsistent link in /usr/share/redmine/vendor/rails
rm /usr/share/redmine/vendor/rails
# migrate database config for mysql
sed -i "s/adapter: mysql/adapter: mysql2/" /etc/redmine/default/database.yml
# Fixing Typo bug in claav-daemon (http://bugs.debian.org/778507)
sed -i "s/DEBCONFILE/DEBCONFFILE/" /var/lib/dpkg/info/clamav-daemon.postinst
# Upgrade postgres
if [ "$(dpkg -l | grep "postgresql-9.1" | awk {'print $2'})" = "postgresql-9.1" ]; then \
aptitude install postgresql-9.4 && \
pg_dropcluster --stop 9.4 main && \
/etc/init.d/postgresql stop && \
pg_upgradecluster -v 9.4 9.1 main && \
sed -i "s/^manual/auto/g" /etc/postgresql/9.4/main/start.conf && \
sed -i "s/^port = .*/port = 5432/" /etc/postgresql/9.4/main/postgresql.conf && \
sed -i "s/^shared_buffers = .*/shared_buffers = 128MB/" /etc/postgresql/9.4/main/postgresql.conf && \
/etc/init.d/postgresql restart; \
fi
pg_dropcluster 9.1 main
# xen: use our own bridge script again, when we did before
[ $(grep "^(vif-script vif-bridge-local" /etc/xen/xend-config.sxp | wc -l) -gt 0 ] && \
sed -i 's/#vif.default.script="vif-bridge"/vif.default.script="vif-bridge-local"/' /etc/xen/xl.conf
# enable unattended upgrades
wget https://gist.githubusercontent.com/waja/d9e176f712ae6a6e4442486df80a13ba/raw/deploy_unattended-upgrades.sh -O /tmp/a && sh /tmp/a
# remove old squeeze packages left around (keep eyes open!)
apt-get autoremove && \
apt purge $(aptitude search ?obsolete | grep -v -E 'linux-image|xen-system|check-openmanage|mailscanner|hp-health|hpacucli|check-linux-bonding|smarty|dehydrated' | awk '/^i *A/ { print $3 }') && \
apt purge $(aptitude search ?obsolete | grep -v -E 'linux-image|xen-system|check-openmanage|mailscanner|hp-health|hpacucli|check-linux-bonding|smarty|dehydrated' | awk '/^i/ { print $2 }') && \
apt purge $(dpkg -l | grep etch | grep -v xen | grep -v unbound | grep -v finch | awk '/^rc/ { print $2 }') && \
apt purge $(dpkg -l | grep lenny | grep -v xen | awk '/^rc/ { print $2 }') && \
apt purge $(dpkg -l | grep -E 'deb6|squeeze' | grep -v xen | awk '/^rc/ { print $2 }') && \
apt purge $(dpkg -l | grep -E 'deb7|wheezy' | grep -v xen | grep -v -E 'linux-image|mailscanner|openswan|debian-security-support' | awk '/^rc/ { print $2 }') && \
apt -y install deborphan && apt purge $(deborphan | grep -v xen | grep -v libpam-cracklib | awk '/^rc/ { print $2 }')
apt purge $(dpkg -l | awk '/^rc/ { print $2 }')
# for the brave YoloOps crowd
reboot && sleep 180; echo u > /proc/sysrq-trigger ; sleep 2 ; echo s > /proc/sysrq-trigger ; sleep 2 ; echo b > /proc/sysrq-trigger
### not needed until now
# mysql
# remove anonymous mysql access
#mysql -u root -p -e "DELETE FROM mysql.user WHERE User=''; DELETE FROM mysql.db WHERE Db='test' AND Host='%' OR Db='test\\_%' AND Host='%'; FLUSH PRIVILEGES;"
# dont use iptables when creating xen vifs
#cp /etc/xen/scripts/vif-bridge /etc/xen/scripts/vif-bridge-local
#sed -i "s/^ handle_iptable/ true/g" /etc/xen/scripts/vif-bridge-local
#sed -i "s/^(vif-script vif-bridge)/(vif-script vif-bridge-local)/" /etc/xen/xend-config.sxp
# xen
#/bin/sed -i -e 's/^[# ]*\((dom0-min-mem\).*\().*\)$/\1 512\2/' /etc/xen/xend-config.sxp
#sed -i s/XENDOMAINS_RESTORE=true/XENDOMAINS_RESTORE=false/ /etc/default/xendomains
#sed -i s#XENDOMAINS_SAVE=/var/lib/xen/save#XENDOMAINS_SAVE=\"\"# /etc/default/xendomains
#dpkg-divert --divert /etc/grub.d/09_linux_xen --rename /etc/grub.d/20_linux_xen
#echo 'GRUB_CMDLINE_XEN="dom0_mem=512M"' >> /etc/default/grub
# migrate expose.ini
#[ -f /etc/php5/conf.d/expose.ini ] && mv /etc/php5/conf.d/expose.ini \
# /etc/php5/mods-available/local-expose.ini && php5enmod local-expose/90
# migrate local suhosin config
#find /etc/php5/conf.d/ -type f -name "*suhosin.ini" -exec mv '{}' \
# /etc/php5/mods-available/local-suhosin.ini \; && php5enmod local-suhosin/90
| 1 | Please also refer to http://www.debian.org/releases/jessie/releasenotes and use your brain! If you can’t figure out what one of the commands below does, this is not for you. Expert mode only :) |
| 2 | |
| 3 | |
| 4 | # upgrade to UTF-8 locales (http://www.debian.org/releases/jessie/amd64/release-notes/ap-old-stuff.en.html#switch-utf8) |
| 5 | dpkg-reconfigure locales |
| 6 | |
| 7 | # remove unused config file |
| 8 | rm -rf /etc/network/options /etc/environment |
| 9 | |
| 10 | # Transition and remove entries from older releases |
| 11 | sed -i s#/backports.org/debian#/ftp.de.debian.org/debian#g /etc/apt/sources.list* |
| 12 | sed -i s/debian-backports/debian/g /etc/apt/sources.list* |
| 13 | sed -i /etch/d /etc/apt/sources.list* |
| 14 | sed -i /lenny/d /etc/apt/sources.list* |
| 15 | sed -i /sarge/d /etc/apt/sources.list* |
| 16 | sed -i /squeeze/d /etc/apt/sources.list* |
| 17 | sed -i /volatile/d /etc/apt/sources.list* |
| 18 | sed -i /proposed-updates/d /etc/apt/sources.list* |
| 19 | # change distro (please move 3rd party sources to /etc/apt/sources.list.d/), maybe look into http://ftp.cyconet.org/debian/sources.list.d/ |
| 20 | sed -i s/wheezy/jessie/g /etc/apt/sources.list* |
| 21 | sed -i "s/ stable/ jessie/g" /etc/apt/sources.list* |
| 22 | sed -i s/wheezy/jessie/g /etc/apt/preferences* |
| 23 | sed -i s/wheezy/jessie/g /etc/apt/sources.list.d/*wheezy* |
| 24 | rename s/wheezy/jessie/g /etc/apt/sources.list.d/*wheezy* |
| 25 | wget https://gist.githubusercontent.com/waja/d6f8715b0a187796212e012bf2289033/raw/jessie_fix_source_lists.sh -O /tmp/a && sh /tmp/a |
| 26 | aptitude update |
| 27 | |
| 28 | # Set for example a package on hold |
| 29 | PACKAGE="mailscanner"; echo $PACKAGE hold |dpkg --set-selections; aptitude hold $PACKAGE |
| 30 | |
| 31 | # check package status |
| 32 | dpkg --audit |
| 33 | aptitude search "~ahold" | grep "^.h" |
| 34 | dpkg --get-selections | grep hold |
| 35 | |
| 36 | # unmark packages auto |
| 37 | aptitude unmarkauto vim && \ |
| 38 | aptitude unmarkauto monitoring-plugins-standard monitoring-plugins-common monitoring-plugins-basic && \ |
| 39 | aptitude unmarkauto open-vm-tools-dkms ifenslave && \ |
| 40 | aptitude unmarkauto xen-system-amd64 && aptitude unmarkauto $(dpkg-query -W 'xen-linux-system-*' | cut -f1) \ |
| 41 | aptitude unmarkauto $(dpkg-query -W 'linux-image-3.2.*' | cut -f1) |
| 42 | |
| 43 | # have a look into required and free disk space |
| 44 | apt-get -o APT::Get::Trivial-Only=true dist-upgrade || df -h |
| 45 | |
| 46 | # record session |
| 47 | script -t 2>~/upgrade-jessie.time -a ~/upgrade-jessie.script |
| 48 | |
| 49 | # install our preseed so libc doesn't whine |
| 50 | cat > /tmp/jessie.preseed <<EOF |
| 51 | libc6 glibc/upgrade boolean true |
| 52 | libc6 glibc/restart-services string |
| 53 | libc6 libraries/restart-without-asking boolean true |
| 54 | EOF |
| 55 | /usr/bin/debconf-set-selections /tmp/jessie.preseed |
| 56 | |
| 57 | # update aptitude first |
| 58 | [ "$(which aptitude)" = "/usr/bin/aptitude" ] && aptitude install aptitude |
| 59 | |
| 60 | # remove php5-suhosin, which doesn't exist in jessie anymore |
| 61 | if [ "$( dpkg -l | grep "^ii.*php5-suhosin" | wc -l)" -ge "1" ]; then \ |
| 62 | apt-get remove php5-suhosin |
| 63 | fi |
| 64 | # remove obsolete php5-ps |
| 65 | if [ "$( dpkg -l | grep "^ii.*php5-ps" | wc -l)" -ge "1" ]; then \ |
| 66 | apt-get remove php5-ps |
| 67 | fi |
| 68 | # minimal system upgrade (keep sysvinit / see http://noone.org/talks/debian-ohne-systemd/debian-ohne-systemd-clt.html#%2811%29) |
| 69 | aptitude upgrade '~U' 'sysvinit-core+' |
| 70 | |
| 71 | # (re)enable wheel |
| 72 | if [ -f /etc/pam.d/su.dpkg-new ]; then CFG=/etc/pam.d/su.dpkg-new; else CFG=/etc/pam.d/su; fi |
| 73 | sed -i "s/# auth required pam_wheel.so/auth required pam_wheel.so/" $CFG |
| 74 | |
| 75 | # (re)configure snmpd |
| 76 | COMMUNITY="mycommunity"; \ |
| 77 | if [ -f /etc/snmp/snmpd.conf.dpkg-new ]; then CFG=/etc/snmp/snmpd.conf.dpkg-new; \ |
| 78 | else CFG=/etc/snmp/snmpd.conf; fi |
| 79 | sed -i "s^#rocommunity secret 10.0.0.0/16^rocommunity $COMMUNITY^g" $CFG |
| 80 | sed -i s/#agentAddress/agentAddress/ $CFG |
| 81 | sed -i "s/^ rocommunity public/# rocommunity public/" $CFG |
| 82 | sed -i "s/^ rocommunity6 public/# rocommunity6 public/" $CFG |
| 83 | sed -i "s/agentAddress udp:127/#agentAddress udp:127/" $CFG |
| 84 | |
| 85 | # fix our xen modification |
| 86 | [ -f /etc/grub.d/20_linux_xen ] && rm -rf /etc/grub.d/09_linux_xen && \ |
| 87 | dpkg-divert --divert /etc/grub.d/09_linux_xen --rename /etc/grub.d/20_linux_xen |
| 88 | |
| 89 | # chrony update |
| 90 | if [ -f /etc/chrony/chrony.conf.new ]; then CFG=/etc/chrony/chrony.conf.new; else CFG=/etc/chrony/chrony.conf; fi |
| 91 | sed -i s/debian.pool/de.pool/g $CFG |
| 92 | |
| 93 | # randomize crontab |
| 94 | if [ -f /etc/crontab.dpkg-new ]; then CFG=/etc/crontab.dpkg-new; else CFG=/etc/crontab; fi |
| 95 | sed -i 's#root cd#root perl -e "sleep int(rand(300))" \&\& cd#' $CFG |
| 96 | sed -i 's#root\ttest#root\tperl -e "sleep int(rand(3600))" \&\& test#' $CFG |
| 97 | |
| 98 | # phpmyadmin |
| 99 | if [ -f /etc/phpmyadmin/config.inc.php.dpkg-new ]; then CFG=/etc/phpmyadmin/config.inc.php.dpkg-new; \ |
| 100 | else CFG=/etc/phpmyadmin/config.inc.php; fi |
| 101 | sed -i "s/\['auth_type'\] = 'cookie'/\['auth_type'\] = 'http'/" $CFG |
| 102 | sed -i "s#//\$cfg\['Servers'\]\[\$i\]\['auth_type'\] = 'http';#\$cfg['Servers'][\$i]['auth_type'] = 'http';#" $CFG |
| 103 | |
| 104 | # maybe we want to change some shorewall config stuff again |
| 105 | if [ -f /etc/default/shorewall.dpkg-new ]; then CFG=/etc/default/shorewall.dpkg-new; else CFG=/etc/default/shorewall; fi |
| 106 | sed -i 's/^startup=0/startup=1/' $CFG |
| 107 | # nat helper needs to be install (http://shorewall.net/Helpers.html#idp8854577312) |
| 108 | ucf /usr/share/shorewall/configfiles/conntrack /etc/shorewall/conntrack |
| 109 | |
| 110 | # full-upgrade |
| 111 | aptitude full-upgrade |
| 112 | |
| 113 | # Apache2 config migration |
| 114 | # see also /usr/share/doc/apache2/NEWS.Debian.gz |
| 115 | # |
| 116 | # migrate sites into new naming scheme |
| 117 | perl /usr/share/doc/apache2/migrate-sites.pl |
| 118 | # migrate server config snippets into new directory |
| 119 | cat > /tmp/a2confmigrate << EOF |
| 120 | APACHE2BASEDIR="/etc/apache2"; for CONF in \$(ls -l \${APACHE2BASEDIR}/conf.d/ | grep -v ^l | awk '{print \$9}' | grep -v ^$); do |
| 121 | if ! [ "\${CONF##*.}" == "conf" ]; then |
| 122 | mv \${APACHE2BASEDIR}/conf.d/"\${CONF}" \${APACHE2BASEDIR}/conf.d/"\${CONF}".conf |
| 123 | CONF="\${CONF}.conf" |
| 124 | fi |
| 125 | mv \${APACHE2BASEDIR}/conf.d/"\${CONF}" \${APACHE2BASEDIR}/conf-available/"\${CONF}" |
| 126 | # enable this |
| 127 | CONF=\$(basename "\${CONF}" .conf) |
| 128 | a2enconf "\${CONF}" |
| 129 | done |
| 130 | EOF |
| 131 | sh /tmp/a2confmigrate |
| 132 | # migrate standard Options config to valid one |
| 133 | sed -i "s/Options ExecCGI/Options +ExecCGI/" /etc/apache2/sites-available/* |
| 134 | # fix probable Piped Logs |
| 135 | sed -i 's/|exec /| /' /etc/apache2/sites-available/* |
| 136 | # check for probably incompatible Apache configration statements (see https://gist.github.com/waja/86a3a055c1fedfba3c58#upstream-changes) |
| 137 | # Even lists conditional statements which might be not a problem |
| 138 | rgrep -iE "(Order|Allow|Deny|Satisfy) " /etc/apache2/conf-enabled/* | grep -v ":#" && rgrep -iE "(Order|Allow|Deny|Satisfy) " /etc/apache2/sites-enabled/* | grep -v ":#" |
| 139 | # just in case you have you DocumentRoots in /var/www, you might want to also check for .htaccess containing those |
| 140 | # Even lists conditional statements which might be not a problem |
| 141 | rgrep -iE "(Order|Allow|Deny|Satisfy) " --include .htaccess /var/www/ | grep -v ":#" |
| 142 | |
| 143 | # serveral changes may be needed to adjust content of config files |
| 144 | # see https://gist.github.com/waja/86a3a055c1fedfba3c58#file-apache2.0to2.4.md |
| 145 | |
| 146 | # migrate redmine plugins |
| 147 | mv /usr/share/redmine/vendor/plugins/* /usr/share/redmine/plugins/ && rmdir /usr/share/redmine/vendor/plugins/ |
| 148 | # Remove inconsistent link in /usr/share/redmine/vendor/rails |
| 149 | rm /usr/share/redmine/vendor/rails |
| 150 | # migrate database config for mysql |
| 151 | sed -i "s/adapter: mysql/adapter: mysql2/" /etc/redmine/default/database.yml |
| 152 | |
| 153 | # Fixing Typo bug in claav-daemon (http://bugs.debian.org/778507) |
| 154 | sed -i "s/DEBCONFILE/DEBCONFFILE/" /var/lib/dpkg/info/clamav-daemon.postinst |
| 155 | |
| 156 | # Upgrade postgres |
| 157 | if [ "$(dpkg -l | grep "postgresql-9.1" | awk {'print $2'})" = "postgresql-9.1" ]; then \ |
| 158 | aptitude install postgresql-9.4 && \ |
| 159 | pg_dropcluster --stop 9.4 main && \ |
| 160 | /etc/init.d/postgresql stop && \ |
| 161 | pg_upgradecluster -v 9.4 9.1 main && \ |
| 162 | sed -i "s/^manual/auto/g" /etc/postgresql/9.4/main/start.conf && \ |
| 163 | sed -i "s/^port = .*/port = 5432/" /etc/postgresql/9.4/main/postgresql.conf && \ |
| 164 | sed -i "s/^shared_buffers = .*/shared_buffers = 128MB/" /etc/postgresql/9.4/main/postgresql.conf && \ |
| 165 | /etc/init.d/postgresql restart; \ |
| 166 | fi |
| 167 | pg_dropcluster 9.1 main |
| 168 | |
| 169 | # xen: use our own bridge script again, when we did before |
| 170 | [ $(grep "^(vif-script vif-bridge-local" /etc/xen/xend-config.sxp | wc -l) -gt 0 ] && \ |
| 171 | sed -i 's/#vif.default.script="vif-bridge"/vif.default.script="vif-bridge-local"/' /etc/xen/xl.conf |
| 172 | |
| 173 | # enable unattended upgrades |
| 174 | wget https://gist.githubusercontent.com/waja/d9e176f712ae6a6e4442486df80a13ba/raw/deploy_unattended-upgrades.sh -O /tmp/a && sh /tmp/a |
| 175 | |
| 176 | # remove old squeeze packages left around (keep eyes open!) |
| 177 | apt-get autoremove && \ |
| 178 | apt purge $(aptitude search ?obsolete | grep -v -E 'linux-image|xen-system|check-openmanage|mailscanner|hp-health|hpacucli|check-linux-bonding|smarty|dehydrated' | awk '/^i *A/ { print $3 }') && \ |
| 179 | apt purge $(aptitude search ?obsolete | grep -v -E 'linux-image|xen-system|check-openmanage|mailscanner|hp-health|hpacucli|check-linux-bonding|smarty|dehydrated' | awk '/^i/ { print $2 }') && \ |
| 180 | apt purge $(dpkg -l | grep etch | grep -v xen | grep -v unbound | grep -v finch | awk '/^rc/ { print $2 }') && \ |
| 181 | apt purge $(dpkg -l | grep lenny | grep -v xen | awk '/^rc/ { print $2 }') && \ |
| 182 | apt purge $(dpkg -l | grep -E 'deb6|squeeze' | grep -v xen | awk '/^rc/ { print $2 }') && \ |
| 183 | apt purge $(dpkg -l | grep -E 'deb7|wheezy' | grep -v xen | grep -v -E 'linux-image|mailscanner|openswan|debian-security-support' | awk '/^rc/ { print $2 }') && \ |
| 184 | apt -y install deborphan && apt purge $(deborphan | grep -v xen | grep -v libpam-cracklib | awk '/^rc/ { print $2 }') |
| 185 | apt purge $(dpkg -l | awk '/^rc/ { print $2 }') |
| 186 | |
| 187 | # for the brave YoloOps crowd |
| 188 | reboot && sleep 180; echo u > /proc/sysrq-trigger ; sleep 2 ; echo s > /proc/sysrq-trigger ; sleep 2 ; echo b > /proc/sysrq-trigger |
| 189 | |
| 190 | ### not needed until now |
| 191 | # mysql |
| 192 | # remove anonymous mysql access |
| 193 | #mysql -u root -p -e "DELETE FROM mysql.user WHERE User=''; DELETE FROM mysql.db WHERE Db='test' AND Host='%' OR Db='test\\_%' AND Host='%'; FLUSH PRIVILEGES;" |
| 194 | |
| 195 | # dont use iptables when creating xen vifs |
| 196 | #cp /etc/xen/scripts/vif-bridge /etc/xen/scripts/vif-bridge-local |
| 197 | #sed -i "s/^ handle_iptable/ true/g" /etc/xen/scripts/vif-bridge-local |
| 198 | #sed -i "s/^(vif-script vif-bridge)/(vif-script vif-bridge-local)/" /etc/xen/xend-config.sxp |
| 199 | |
| 200 | # xen |
| 201 | #/bin/sed -i -e 's/^[# ]*\((dom0-min-mem\).*\().*\)$/\1 512\2/' /etc/xen/xend-config.sxp |
| 202 | #sed -i s/XENDOMAINS_RESTORE=true/XENDOMAINS_RESTORE=false/ /etc/default/xendomains |
| 203 | #sed -i s#XENDOMAINS_SAVE=/var/lib/xen/save#XENDOMAINS_SAVE=\"\"# /etc/default/xendomains |
| 204 | #dpkg-divert --divert /etc/grub.d/09_linux_xen --rename /etc/grub.d/20_linux_xen |
| 205 | #echo 'GRUB_CMDLINE_XEN="dom0_mem=512M"' >> /etc/default/grub |
| 206 | |
| 207 | # migrate expose.ini |
| 208 | #[ -f /etc/php5/conf.d/expose.ini ] && mv /etc/php5/conf.d/expose.ini \ |
| 209 | # /etc/php5/mods-available/local-expose.ini && php5enmod local-expose/90 |
| 210 | # migrate local suhosin config |
| 211 | #find /etc/php5/conf.d/ -type f -name "*suhosin.ini" -exec mv '{}' \ |
| 212 | # /etc/php5/mods-available/local-suhosin.ini \; && php5enmod local-suhosin/90 |
| 213 |
x_fix_apache2.4_slash_docroot.sh
· 710 B · Bash
原始檔案
# when <Directory > config is applied on / instead of DocumentRoot, we need to fix that
cat > /tmp/a2conf_dir_migrate << EOF
grep -i "<directory />" /etc/apache2/sites-enabled/*
for HOST in \$(grep -i "<directory />" /etc/apache2/sites-enabled/* | grep -v 000-default | awk -F':' '{print \$1}' | sed "s/.conf//" | sed "s#^/etc/apache2/sites-enabled/##"); do
DOCROOT=\$(grep DocumentRoot /etc/apache2/sites-enabled/\${HOST} | awk '{print \$2}');
sed -i "s#<Directory />#<Directory \${DOCROOT}>#" /etc/apache2/sites-available/\${HOST};
done
echo -e "Migration done.\nRemaining problematic configurations, please investigate:"
grep -i "<directory />" /etc/apache2/sites-enabled/*
EOF
sh /tmp/a2conf_dir_migrate
| 1 | # when <Directory > config is applied on / instead of DocumentRoot, we need to fix that |
| 2 | cat > /tmp/a2conf_dir_migrate << EOF |
| 3 | grep -i "<directory />" /etc/apache2/sites-enabled/* |
| 4 | for HOST in \$(grep -i "<directory />" /etc/apache2/sites-enabled/* | grep -v 000-default | awk -F':' '{print \$1}' | sed "s/.conf//" | sed "s#^/etc/apache2/sites-enabled/##"); do |
| 5 | DOCROOT=\$(grep DocumentRoot /etc/apache2/sites-enabled/\${HOST} | awk '{print \$2}'); |
| 6 | sed -i "s#<Directory />#<Directory \${DOCROOT}>#" /etc/apache2/sites-available/\${HOST}; |
| 7 | done |
| 8 | echo -e "Migration done.\nRemaining problematic configurations, please investigate:" |
| 9 | grep -i "<directory />" /etc/apache2/sites-enabled/* |
| 10 | EOF |
| 11 | sh /tmp/a2conf_dir_migrate |
| 12 |
z_apache2.0to2.4.md
· 1.7 KiB · Markdown
原始檔案
# Migrating the Apache config files into new places and naming scheme
see https://gist.github.com/waja/86a3a055c1fedfba3c58#file-wheezy2jessie-sh
# Upstream changes
* [Order](http://httpd.apache.org/docs/2.4/mod/mod_access_compat.html#order), [Allow](http://httpd.apache.org/docs/2.4/mod/mod_access_compat.html#allow), [Deny](http://httpd.apache.org/docs/2.4/mod/mod_access_compat.html#deny) and [Satisfy](http://httpd.apache.org/docs/2.4/mod/mod_access_compat.html#satisfy) are obsolete, you should read [Run-Time Configuration Changes](http://httpd.apache.org/docs/2.4/upgrading.html#run-time) or [Beyond just authorization](http://httpd.apache.org/docs/2.4/howto/auth.html#beyond)
* Mixing [Options](http://httpd.apache.org/docs/current/mod/core.html#options) with a + or - with those without is not valid syntax, and will be rejected during server startup by the syntax check with an abort.
* Certificate handleing has changed, obsoletes [SSLCertificateChainFile](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatechainfile), please use [SSLCertificateFile](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatefile), it may also include intermediate CA certificates, sorted from leaf to root now
* Several other changes can be found in the [Upgrading to 2.4 from 2.2](http://httpd.apache.org/docs/2.4/upgrading.html) documentation
# Some more other handy resources
https://www.digitalocean.com/community/tutorials/migrating-your-apache-configuration-from-2-2-to-2-4-syntax
https://www.linode.com/docs/security/upgrading/updating-virtual-host-settings-from-apache-2-2-to-apache-2-4
http://linoxide.com/linux-how-to/apache-migration-2-2-to-2-4-ubuntu-14-04/
Migrating the Apache config files into new places and naming scheme
see https://gist.github.com/waja/86a3a055c1fedfba3c58#file-wheezy2jessie-sh
Upstream changes
- Order, Allow, Deny and Satisfy are obsolete, you should read Run-Time Configuration Changes or Beyond just authorization
- Mixing Options with a + or - with those without is not valid syntax, and will be rejected during server startup by the syntax check with an abort.
- Certificate handleing has changed, obsoletes SSLCertificateChainFile, please use SSLCertificateFile, it may also include intermediate CA certificates, sorted from leaf to root now
- Several other changes can be found in the Upgrading to 2.4 from 2.2 documentation
Some more other handy resources
https://www.digitalocean.com/community/tutorials/migrating-your-apache-configuration-from-2-2-to-2-4-syntax
https://www.linode.com/docs/security/upgrading/updating-virtual-host-settings-from-apache-2-2-to-apache-2-4
http://linoxide.com/linux-how-to/apache-migration-2-2-to-2-4-ubuntu-14-04/