gist:e518bc6006ad424b957fdd8832bb5306

Revize 1694751623c296f4cd6725d9849962eadd61cbbe

jessie2stretch.sh · 7.9 KiB · Bash Raw

Please also refer to http://www.debian.org/releases/stretch/releasenotes and use your brain! # upgrade to UTF-8 locales (http://www.debian.org/releases/stretch/amd64/release-notes/ap-old-stuff.en.html#switch-utf8) dpkg-reconfigure locales # remove unused config file rm -rf /etc/network/options /etc/environment # migrate over to systemd (before the upgrade) aptitude install systemd # Disable loading defaults.vim echo '" disable the loading of defaults.vim' >> /etc/vim/vimrc.local echo "let g:skip_defaults_vim = 1" >> /etc/vim/vimrc.local # are there 3rd party packages installed? (https://www.debian.org/releases/stretch/amd64/release-notes/ch-upgrading.de.html#system-status) aptitude search '~i(!~ODebian)' # check for ftp protocol in sources lists (https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#deprecation-of-ftp-apt-mirrors) rgrep --color "deb ftp" /etc/apt/sources.list* # Transition and remove entries from older releases sed -i /etch/d /etc/apt/sources.list* sed -i /lenny/d /etc/apt/sources.list* sed -i /sarge/d /etc/apt/sources.list* sed -i /squeeze/d /etc/apt/sources.list* sed -i /wheezy/d /etc/apt/sources.list* sed -i /volatile/d /etc/apt/sources.list* sed -i /proposed-updates/d /etc/apt/sources.list* # change distro (please move 3rd party sources to /etc/apt/sources.list.d/), maybe look into http://ftp.cyconet.org/debian/sources.list.d/ sed -i s/jessie/stretch/g /etc/apt/sources.list* sed -i "s/ stable/ stretch/g" /etc/apt/sources.list* sed -i s/jessie/stretch/g /etc/apt/preferences* sed -i s/jessie/stretch/g /etc/apt/sources.list.d/*jessie* rename s/jessie/stretch/g /etc/apt/sources.list.d/*jessie* rgrep jessie /etc/apt/sources.list* aptitude update # check package status dpkg --audit aptitude search "~ahold" | grep "^.h" dpkg --get-selections | grep hold # unmark packages auto aptitude unmarkauto vim net-tools && \ aptitude unmarkauto monitoring-plugins-standard monitoring-plugins-common monitoring-plugins-basic && \ aptitude unmarkauto $(dpkg-query -W 'linux-image-3.16*' | cut -f1) # have a look into required and free disk space apt-get -o APT::Get::Trivial-Only=true dist-upgrade || df -h # record session script -t 2>~/upgrade-stretch.time -a ~/upgrade-stretch.script # install our preseed so libc doesn't whine cat > /tmp/stretch.preseed <<EOF libc6 glibc/upgrade boolean true libc6 glibc/restart-services string libc6 libraries/restart-without-asking boolean true EOF /usr/bin/debconf-set-selections /tmp/stretch.preseed # update aptitude first [ "$(which aptitude)" = "/usr/bin/aptitude" ] && aptitude install aptitude # minimal system upgrade (keep sysvinit / see http://noone.org/talks/debian-ohne-systemd/debian-ohne-systemd-clt.html#%2811%29) aptitude upgrade ## fix our xen modification #rm -rf /etc/grub.d/09_linux_xen #dpkg-divert --divert /etc/grub.d/09_linux_xen --rename /etc/grub.d/20_linux_xen # chrony update if [ -f /etc/chrony/chrony.conf.new ]; then CFG=/etc/chrony/chrony.conf.new; else CFG=/etc/chrony/chrony.conf; fi sed -i s/2.debian.pool/0.de.pool/g $CFG # migrate unattended-upgrades config if [ -f /etc/apt/apt.conf.d/50unattended-upgrades.dpkg-new ]; then CFG=/etc/apt/apt.conf.d/50unattended-upgrades.dpkg-new; \ else CFG=/etc/apt/apt.conf.d/50unattended-upgrades; fi sed -i s/jessie/stretch/g $CFG sed -i s/crontrib/contrib/g $CFG sed -i "s#// If automatic reboot is enabled and needed, reboot at the specific#// Automatically reboot even if there are users currently logged in.\n//Unattended-Upgrade::Automatic-Reboot-WithUsers \"true\";\n\n// If automatic reboot is enabled and needed, reboot at the specific#" $CFG cat >> $CFG <<EOF // Enable logging to syslog. Default is False // Unattended-Upgrade::SyslogEnable "false"; // Specify syslog facility. Default is daemon // Unattended-Upgrade::SyslogFacility "daemon"; EOF ## randomize crontab #if [ -f /etc/crontab.dpkg-new ]; then CFG=/etc/crontab.dpkg-new; else CFG=/etc/crontab; fi #sed -i 's#root cd#root perl -e "sleep int(rand(300))" \&\& cd#' $CFG #sed -i 's#root\ttest#root\tperl -e "sleep int(rand(3600))" \&\& test#' $CFG ## phpmyadmin #if [ -f /etc/phpmyadmin/config.inc.php.dpkg-new ]; then CFG=/etc/phpmyadmin/config.inc.php.dpkg-new; \ # else CFG=/etc/phpmyadmin/config.inc.php; fi #sed -i "s/\['auth_type'\] = 'cookie'/\['auth_type'\] = 'http'/" $CFG #sed -i "s#//\$cfg\['Servers'\]\[\$i\]\['auth_type'\] = 'http';#\$cfg['Servers'][\$i]['auth_type'] = 'http';#" $CFG # maybe we want to change some shorewall config stuff again # shorewall needs to be enabled via systemctl, /etc/default is not used by systemd systemctl enable shorewall # full-upgrade apt-get dist-upgrade # Upgrade postgres # See also https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.de.html#plperl if [ "$(dpkg -l | grep "postgresql-9.4" | awk {'print $2'})" = "postgresql-9.4" ]; then \ aptitude install postgresql-9.6 && \ pg_dropcluster --stop 9.6 main && \ /etc/init.d/postgresql stop && \ pg_upgradecluster -v 9.6 9.4 main && \ sed -i "s/^manual/auto/g" /etc/postgresql/9.6/main/start.conf && \ sed -i "s/^port = .*/port = 5432/" /etc/postgresql/9.6/main/postgresql.conf && \ sed -i "s/^shared_buffers = .*/shared_buffers = 128MB/" /etc/postgresql/9.6/main/postgresql.conf && \ /etc/init.d/postgresql restart; \ fi pg_dropcluster 9.4 main # xen: use our own bridge script again, when we did before #[ $(grep "^(vif-script vif-bridge-local" /etc/xen/xend-config.sxp | wc -l) -gt 0 ] && \ # sed -i 's/#vif.default.script="vif-bridge"/vif.default.script="vif-bridge-local"/' /etc/xen/xl.conf # remove old squeeze packages left around (keep eyes open!) apt-get autoremove && \ apt-get purge $(dpkg -l | awk '/gcc-4.9/ { print $2 }') && \ apt-get purge $(aptitude search ?obsolete | grep -v linux-image | awk '/^i/ { print $2 }') && \ apt-get purge $(dpkg -l | grep etch | grep -v xen | grep -v unbound | grep -v finch | awk '/^rc/ { print $2 }') && \ apt-get purge $(dpkg -l | grep lenny | grep -v xen | awk '/^rc/ { print $2 }') && \ apt-get purge $(dpkg -l | grep -E 'deb6|squeeze' | grep -v xen | awk '/^rc/ { print $2 }') && \ apt-get purge $(dpkg -l | grep -E 'deb7|wheezy' | grep -v xen | grep -v -E 'linux-image|mailscanner|openswan|debian-security-support' | awk '/^rc/ { print $2 }') && \ apt-get purge $(dpkg -l | grep -E 'deb8|jessie' | grep -v xen | grep -v -E 'linux-image|debian-security-support' | awk '{ print $2 }') && \ aptitude -y install deborphan && apt-get purge $(deborphan | grep -v xen | grep -v libpam-cracklib | awk '/^rc/ { print $2 }') apt-get purge $(dpkg -l | awk '/^rc/ { print $2 }') # for the brave YoloOps crowd reboot && sleep 180; echo u > /proc/sysrq-trigger ; sleep 2 ; echo s > /proc/sysrq-trigger ; sleep 2 ; echo b > /proc/sysrq-trigger ### not needed until now # mysql # remove anonymous mysql access #mysql -u root -p -e "DELETE FROM mysql.user WHERE User=''; DELETE FROM mysql.db WHERE Db='test' AND Host='%' OR Db='test\\_%' AND Host='%'; FLUSH PRIVILEGES;" # dont use iptables when creating xen vifs #cp /etc/xen/scripts/vif-bridge /etc/xen/scripts/vif-bridge-local #sed -i "s/^ handle_iptable/ true/g" /etc/xen/scripts/vif-bridge-local #sed -i "s/^(vif-script vif-bridge)/(vif-script vif-bridge-local)/" /etc/xen/xend-config.sxp # xen #/bin/sed -i -e 's/^[# ]*$(dom0-min-mem$.*$).*$$/\1 512\2/' /etc/xen/xend-config.sxp #sed -i s/XENDOMAINS_RESTORE=true/XENDOMAINS_RESTORE=false/ /etc/default/xendomains #sed -i s#XENDOMAINS_SAVE=/var/lib/xen/save#XENDOMAINS_SAVE=\"\"# /etc/default/xendomains #dpkg-divert --divert /etc/grub.d/09_linux_xen --rename /etc/grub.d/20_linux_xen #echo 'GRUB_CMDLINE_XEN="dom0_mem=512M"' >> /etc/default/grub # migrate expose.ini #[ -f /etc/php5/conf.d/expose.ini ] && mv /etc/php5/conf.d/expose.ini \ # /etc/php5/mods-available/local-expose.ini && php5enmod local-expose/90 # migrate local suhosin config #find /etc/php5/conf.d/ -type f -name "*suhosin.ini" -exec mv '{}' \ # /etc/php5/mods-available/local-suhosin.ini \; && php5enmod local-suhosin/90

1	Please also refer to http://www.debian.org/releases/stretch/releasenotes and use your brain!
2
3
4	# upgrade to UTF-8 locales (http://www.debian.org/releases/stretch/amd64/release-notes/ap-old-stuff.en.html#switch-utf8)
5	dpkg-reconfigure locales
6
7	# remove unused config file
8	rm -rf /etc/network/options /etc/environment
9
10	# migrate over to systemd (before the upgrade)
11	aptitude install systemd
12
13	# Disable loading defaults.vim
14	echo '" disable the loading of defaults.vim' >> /etc/vim/vimrc.local
15	echo "let g:skip_defaults_vim = 1" >> /etc/vim/vimrc.local
16
17	# are there 3rd party packages installed? (https://www.debian.org/releases/stretch/amd64/release-notes/ch-upgrading.de.html#system-status)
18	aptitude search '~i(!~ODebian)'
19
20	# check for ftp protocol in sources lists (https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#deprecation-of-ftp-apt-mirrors)
21	rgrep --color "deb ftp" /etc/apt/sources.list*
22
23	# Transition and remove entries from older releases
24	sed -i /etch/d /etc/apt/sources.list*
25	sed -i /lenny/d /etc/apt/sources.list*
26	sed -i /sarge/d /etc/apt/sources.list*
27	sed -i /squeeze/d /etc/apt/sources.list*
28	sed -i /wheezy/d /etc/apt/sources.list*
29	sed -i /volatile/d /etc/apt/sources.list*
30	sed -i /proposed-updates/d /etc/apt/sources.list*
31	# change distro (please move 3rd party sources to /etc/apt/sources.list.d/), maybe look into http://ftp.cyconet.org/debian/sources.list.d/
32	sed -i s/jessie/stretch/g /etc/apt/sources.list*
33	sed -i "s/ stable/ stretch/g" /etc/apt/sources.list*
34	sed -i s/jessie/stretch/g /etc/apt/preferences*
35	sed -i s/jessie/stretch/g /etc/apt/sources.list.d/jessie
36	rename s/jessie/stretch/g /etc/apt/sources.list.d/jessie
37	rgrep jessie /etc/apt/sources.list*
38	aptitude update
39
40	# check package status
41	dpkg --audit
42	aptitude search "~ahold" \| grep "^.h"
43	dpkg --get-selections \| grep hold
44
45	# unmark packages auto
46	aptitude unmarkauto vim net-tools && \
47	aptitude unmarkauto monitoring-plugins-standard monitoring-plugins-common monitoring-plugins-basic && \
48	aptitude unmarkauto $(dpkg-query -W 'linux-image-3.16*' \| cut -f1)
49
50	# have a look into required and free disk space
51	apt-get -o APT::Get::Trivial-Only=true dist-upgrade \|\| df -h
52
53	# record session
54	script -t 2>~/upgrade-stretch.time -a ~/upgrade-stretch.script
55
56	# install our preseed so libc doesn't whine
57	cat > /tmp/stretch.preseed <<EOF
58	libc6 glibc/upgrade boolean true
59	libc6 glibc/restart-services string
60	libc6 libraries/restart-without-asking boolean true
61	EOF
62	/usr/bin/debconf-set-selections /tmp/stretch.preseed
63
64	# update aptitude first
65	[ "$(which aptitude)" = "/usr/bin/aptitude" ] && aptitude install aptitude
66
67	# minimal system upgrade (keep sysvinit / see http://noone.org/talks/debian-ohne-systemd/debian-ohne-systemd-clt.html#%2811%29)
68	aptitude upgrade
69
70	## fix our xen modification
71	#rm -rf /etc/grub.d/09_linux_xen
72	#dpkg-divert --divert /etc/grub.d/09_linux_xen --rename /etc/grub.d/20_linux_xen
73
74	# chrony update
75	if [ -f /etc/chrony/chrony.conf.new ]; then CFG=/etc/chrony/chrony.conf.new; else CFG=/etc/chrony/chrony.conf; fi
76	sed -i s/2.debian.pool/0.de.pool/g $CFG
77
78	# migrate unattended-upgrades config
79	if [ -f /etc/apt/apt.conf.d/50unattended-upgrades.dpkg-new ]; then CFG=/etc/apt/apt.conf.d/50unattended-upgrades.dpkg-new; \
80	else CFG=/etc/apt/apt.conf.d/50unattended-upgrades; fi
81	sed -i s/jessie/stretch/g $CFG
82	sed -i s/crontrib/contrib/g $CFG
83	sed -i "s#// If automatic reboot is enabled and needed, reboot at the specific#// Automatically reboot even if there are users currently logged in.\n//Unattended-Upgrade::Automatic-Reboot-WithUsers \"true\";\n\n// If automatic reboot is enabled and needed, reboot at the specific#" $CFG
84	cat >> $CFG <<EOF
85
86	// Enable logging to syslog. Default is False
87	// Unattended-Upgrade::SyslogEnable "false";
88
89	// Specify syslog facility. Default is daemon
90	// Unattended-Upgrade::SyslogFacility "daemon";
91
92	EOF
93
94	## randomize crontab
95	#if [ -f /etc/crontab.dpkg-new ]; then CFG=/etc/crontab.dpkg-new; else CFG=/etc/crontab; fi
96	#sed -i 's#root cd#root perl -e "sleep int(rand(300))" \&\& cd#' $CFG
97	#sed -i 's#root\ttest#root\tperl -e "sleep int(rand(3600))" \&\& test#' $CFG
98
99	## phpmyadmin
100	#if [ -f /etc/phpmyadmin/config.inc.php.dpkg-new ]; then CFG=/etc/phpmyadmin/config.inc.php.dpkg-new; \
101	# else CFG=/etc/phpmyadmin/config.inc.php; fi
102	#sed -i "s/\['auth_type'\] = 'cookie'/\['auth_type'\] = 'http'/" $CFG
103	#sed -i "s#//\$cfg\['Servers'\]\[\$i\]\['auth_type'\] = 'http';#\$cfg['Servers'][\$i]['auth_type'] = 'http';#" $CFG
104
105	# maybe we want to change some shorewall config stuff again
106	# shorewall needs to be enabled via systemctl, /etc/default is not used by systemd
107	systemctl enable shorewall
108
109	# full-upgrade
110	apt-get dist-upgrade
111
112	# Upgrade postgres
113	# See also https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.de.html#plperl
114	if [ "$(dpkg -l \| grep "postgresql-9.4" \| awk {'print $2'})" = "postgresql-9.4" ]; then \
115	aptitude install postgresql-9.6 && \
116	pg_dropcluster --stop 9.6 main && \
117	/etc/init.d/postgresql stop && \
118	pg_upgradecluster -v 9.6 9.4 main && \
119	sed -i "s/^manual/auto/g" /etc/postgresql/9.6/main/start.conf && \
120	sed -i "s/^port = .*/port = 5432/" /etc/postgresql/9.6/main/postgresql.conf && \
121	sed -i "s/^shared_buffers = .*/shared_buffers = 128MB/" /etc/postgresql/9.6/main/postgresql.conf && \
122	/etc/init.d/postgresql restart; \
123	fi
124	pg_dropcluster 9.4 main
125
126	# xen: use our own bridge script again, when we did before
127	#[ $(grep "^(vif-script vif-bridge-local" /etc/xen/xend-config.sxp \| wc -l) -gt 0 ] && \
128	# sed -i 's/#vif.default.script="vif-bridge"/vif.default.script="vif-bridge-local"/' /etc/xen/xl.conf
129
130	# remove old squeeze packages left around (keep eyes open!)
131	apt-get autoremove && \
132	apt-get purge $(dpkg -l \| awk '/gcc-4.9/ { print $2 }') && \
133	apt-get purge $(aptitude search ?obsolete \| grep -v linux-image \| awk '/^i/ { print $2 }') && \
134	apt-get purge $(dpkg -l \| grep etch \| grep -v xen \| grep -v unbound \| grep -v finch \| awk '/^rc/ { print $2 }') && \
135	apt-get purge $(dpkg -l \| grep lenny \| grep -v xen \| awk '/^rc/ { print $2 }') && \
136	apt-get purge $(dpkg -l \| grep -E 'deb6\|squeeze' \| grep -v xen \| awk '/^rc/ { print $2 }') && \
137	apt-get purge $(dpkg -l \| grep -E 'deb7\|wheezy' \| grep -v xen \| grep -v -E 'linux-image\|mailscanner\|openswan\|debian-security-support' \| awk '/^rc/ { print $2 }') && \
138	apt-get purge $(dpkg -l \| grep -E 'deb8\|jessie' \| grep -v xen \| grep -v -E 'linux-image\|debian-security-support' \| awk '{ print $2 }') && \
139	aptitude -y install deborphan && apt-get purge $(deborphan \| grep -v xen \| grep -v libpam-cracklib \| awk '/^rc/ { print $2 }')
140	apt-get purge $(dpkg -l \| awk '/^rc/ { print $2 }')
141
142	# for the brave YoloOps crowd
143	reboot && sleep 180; echo u > /proc/sysrq-trigger ; sleep 2 ; echo s > /proc/sysrq-trigger ; sleep 2 ; echo b > /proc/sysrq-trigger
144
145	### not needed until now
146	# mysql
147	# remove anonymous mysql access
148	#mysql -u root -p -e "DELETE FROM mysql.user WHERE User=''; DELETE FROM mysql.db WHERE Db='test' AND Host='%' OR Db='test\\_%' AND Host='%'; FLUSH PRIVILEGES;"
149
150	# dont use iptables when creating xen vifs
151	#cp /etc/xen/scripts/vif-bridge /etc/xen/scripts/vif-bridge-local
152	#sed -i "s/^ handle_iptable/ true/g" /etc/xen/scripts/vif-bridge-local
153	#sed -i "s/^(vif-script vif-bridge)/(vif-script vif-bridge-local)/" /etc/xen/xend-config.sxp
154
155	# xen
156	#/bin/sed -i -e 's/^[# ]$(dom0-min-mem$.$).*$$/\1 512\2/' /etc/xen/xend-config.sxp
157	#sed -i s/XENDOMAINS_RESTORE=true/XENDOMAINS_RESTORE=false/ /etc/default/xendomains
158	#sed -i s#XENDOMAINS_SAVE=/var/lib/xen/save#XENDOMAINS_SAVE=\"\"# /etc/default/xendomains
159	#dpkg-divert --divert /etc/grub.d/09_linux_xen --rename /etc/grub.d/20_linux_xen
160	#echo 'GRUB_CMDLINE_XEN="dom0_mem=512M"' >> /etc/default/grub
161
162	# migrate expose.ini
163	#[ -f /etc/php5/conf.d/expose.ini ] && mv /etc/php5/conf.d/expose.ini \
164	# /etc/php5/mods-available/local-expose.ini && php5enmod local-expose/90
165	# migrate local suhosin config
166	#find /etc/php5/conf.d/ -type f -name "*suhosin.ini" -exec mv '{}' \
167	# /etc/php5/mods-available/local-suhosin.ini \; && php5enmod local-suhosin/90
168