jessie2stretch.sh
· 7.0 KiB · Bash
Неформатований
Please also refer to http://www.debian.org/releases/stretch/releasenotes and use your brain!
# upgrade to UTF-8 locales (http://www.debian.org/releases/stretch/amd64/release-notes/ap-old-stuff.en.html#switch-utf8)
dpkg-reconfigure locales
# remove unused config file
rm -rf /etc/network/options /etc/environment
# Transition and remove entries from older releases
sed -i /etch/d /etc/apt/sources.list*
sed -i /lenny/d /etc/apt/sources.list*
sed -i /sarge/d /etc/apt/sources.list*
sed -i /squeeze/d /etc/apt/sources.list*
sed -i /wheezy/d /etc/apt/sources.list*
sed -i /volatile/d /etc/apt/sources.list*
sed -i /proposed-updates/d /etc/apt/sources.list*
# change distro (please move 3rd party sources to /etc/apt/sources.list.d/), maybe look into http://ftp.cyconet.org/debian/sources.list.d/
sed -i s/jessie/stretch/g /etc/apt/sources.list*
sed -i "s/ stable/ stretch/g" /etc/apt/sources.list*
sed -i s/jessie/stretch/g /etc/apt/preferences*
sed -i s/jessie/stretch/g /etc/apt/sources.list.d/*jessie*
rename s/jessie/stretch/g /etc/apt/sources.list.d/*jessie*
aptitude update
# check package status
dpkg --audit
aptitude search "~ahold" | grep "^.h"
dpkg --get-selections | grep hold
# unmark packages auto
aptitude unmarkauto vim
aptitude unmarkauto monitoring-plugins-standard monitoring-plugins-common monitoring-plugins-basic
aptitude unmarkauto open-vm-tools-dkms ifenslave
aptitude unmarkauto $(dpkg-query -W 'linux-image-3.16*' | cut -f1)
# have a look into required and free disk space
apt-get -o APT::Get::Trivial-Only=true dist-upgrade || df -h
# record session
script -t 2>~/upgrade-stretch.time -a ~/upgrade-stretch.script
# install our preseed so libc doesn't whine
cat > /tmp/stretch.preseed <<EOF
libc6 glibc/upgrade boolean true
libc6 glibc/restart-services string
libc6 libraries/restart-without-asking boolean true
EOF
/usr/bin/debconf-set-selections /tmp/stretch.preseed
# update aptitude first
[ "$(which aptitude)" = "/usr/bin/aptitude" ] && aptitude install aptitude
# migrate over to systemd
aptitude install systemd
# minimal system upgrade (keep sysvinit / see http://noone.org/talks/debian-ohne-systemd/debian-ohne-systemd-clt.html#%2811%29)
aptitude upgrade
# (re)enable wheel
if [ -f /etc/pam.d/su.dpkg-new ]; then CFG=/etc/pam.d/su.dpkg-new; else CFG=/etc/pam.d/su; fi
sed -i "s/# auth required pam_wheel.so/auth required pam_wheel.so/" $CFG
# (re)configure snmpd
COMMUNITY="mycommunity"; \
if [ -f /etc/snmp/snmpd.conf.dpkg-new ]; then CFG=/etc/snmp/snmpd.conf.dpkg-new; \
else CFG=/etc/snmp/snmpd.conf; fi
sed -i "s^#rocommunity secret 10.0.0.0/16^rocommunity $COMMUNITY^g" $CFG
sed -i s/#agentAddress/agentAddress/ $CFG
sed -i "s/^ rocommunity public/# rocommunity public/" $CFG
sed -i "s/^ rocommunity6 public/# rocommunity6 public/" $CFG
sed -i "s/agentAddress udp:127/#agentAddress udp:127/" $CFG
## fix our xen modification
#rm -rf /etc/grub.d/09_linux_xen
#dpkg-divert --divert /etc/grub.d/09_linux_xen --rename /etc/grub.d/20_linux_xen
# chrony update
if [ -f /etc/chrony/chrony.conf.new ]; then CFG=/etc/chrony/chrony.conf.new; else CFG=/etc/chrony/chrony.conf; fi
sed -i s/debian.pool/de.pool/g $CFG
# randomize crontab
if [ -f /etc/crontab.dpkg-new ]; then CFG=/etc/crontab.dpkg-new; else CFG=/etc/crontab; fi
sed -i 's#root cd#root perl -e "sleep int(rand(300))" \&\& cd#' $CFG
sed -i 's#root\ttest#root\tperl -e "sleep int(rand(3600))" \&\& test#' $CFG
## phpmyadmin
#if [ -f /etc/phpmyadmin/config.inc.php.dpkg-new ]; then CFG=/etc/phpmyadmin/config.inc.php.dpkg-new; \
# else CFG=/etc/phpmyadmin/config.inc.php; fi
#sed -i "s/\['auth_type'\] = 'cookie'/\['auth_type'\] = 'http'/" $CFG
#sed -i "s#//\$cfg\['Servers'\]\[\$i\]\['auth_type'\] = 'http';#\$cfg['Servers'][\$i]['auth_type'] = 'http';#" $CFG
# maybe we want to change some shorewall config stuff again
# shorewall needs to be enabled via systemctl, /etc/default is not used by systemd
systemctl enable shorewall
# full-upgrade
aptitude full-upgrade
# Upgrade postgres
if [ "$(dpkg -l | grep "postgresql-9.4" | awk {'print $2'})" = "postgresql-9.4" ]; then \
aptitude install postgresql-9.6 && \
pg_dropcluster --stop 9.6 main && \
/etc/init.d/postgresql stop && \
pg_upgradecluster -v 9.6 9.4 main && \
sed -i "s/^manual/auto/g" /etc/postgresql/9.6/main/start.conf && \
sed -i "s/^port = .*/port = 5432/" /etc/postgresql/9.6/main/postgresql.conf && \
sed -i "s/^shared_buffers = .*/shared_buffers = 128MB/" /etc/postgresql/9.6/main/postgresql.conf && \
/etc/init.d/postgresql restart; \
fi
pg_dropcluster 9.4 main
# xen: use our own bridge script again, when we did before
#[ $(grep "^(vif-script vif-bridge-local" /etc/xen/xend-config.sxp | wc -l) -gt 0 ] && \
# sed -i 's/#vif.default.script="vif-bridge"/vif.default.script="vif-bridge-local"/' /etc/xen/xl.conf
# remove old squeeze packages left around (keep eyes open!)
apt-get autoremove
aptitude search ?obsolete
dpkg -l | grep etch | grep -v xen | grep -v unbound | grep -v finch | awk '{print $2}' | xargs aptitude -y purge
dpkg -l | grep lenny | grep -v xen | awk '{print $2}' | xargs aptitude -y purge
dpkg -l | grep -E 'deb6|squeeze' | grep -v xen | awk '{print $2}' | xargs aptitude -y purge
dpkg -l | grep -E 'deb7|wheezy' | grep -v xen | grep -v -E 'linux-image|mailscanner|openswan|debian-security-support' | awk '{print $2}' | xargs aptitude -y purge
dpkg -l | grep -E 'deb8|jessie' | grep -v xen | grep -v -E 'linux-image|debian-security-support' | awk '{print $2}' | xargs aptitude -y purge
aptitude -y install deborphan && deborphan | grep -v xen | grep -v libpam-cracklib | xargs aptitude -y purge
dpkg -l | grep ^r | awk '{print $2}' | xargs aptitude -y purge
# for the brave YoloOps crowd
reboot && sleep 180; echo u > /proc/sysrq-trigger ; sleep 2 ; echo s > /proc/sysrq-trigger ; sleep 2 ; echo b > /proc/sysrq-trigger
### not needed until now
# mysql
# remove anonymous mysql access
#mysql -u root -p -e "DELETE FROM mysql.user WHERE User=''; DELETE FROM mysql.db WHERE Db='test' AND Host='%' OR Db='test\\_%' AND Host='%'; FLUSH PRIVILEGES;"
# dont use iptables when creating xen vifs
#cp /etc/xen/scripts/vif-bridge /etc/xen/scripts/vif-bridge-local
#sed -i "s/^ handle_iptable/ true/g" /etc/xen/scripts/vif-bridge-local
#sed -i "s/^(vif-script vif-bridge)/(vif-script vif-bridge-local)/" /etc/xen/xend-config.sxp
# xen
#/bin/sed -i -e 's/^[# ]*\((dom0-min-mem\).*\().*\)$/\1 512\2/' /etc/xen/xend-config.sxp
#sed -i s/XENDOMAINS_RESTORE=true/XENDOMAINS_RESTORE=false/ /etc/default/xendomains
#sed -i s#XENDOMAINS_SAVE=/var/lib/xen/save#XENDOMAINS_SAVE=\"\"# /etc/default/xendomains
#dpkg-divert --divert /etc/grub.d/09_linux_xen --rename /etc/grub.d/20_linux_xen
#echo 'GRUB_CMDLINE_XEN="dom0_mem=512M"' >> /etc/default/grub
# migrate expose.ini
#[ -f /etc/php5/conf.d/expose.ini ] && mv /etc/php5/conf.d/expose.ini \
# /etc/php5/mods-available/local-expose.ini && php5enmod local-expose/90
# migrate local suhosin config
#find /etc/php5/conf.d/ -type f -name "*suhosin.ini" -exec mv '{}' \
# /etc/php5/mods-available/local-suhosin.ini \; && php5enmod local-suhosin/90
| 1 | Please also refer to http://www.debian.org/releases/stretch/releasenotes and use your brain! |
| 2 | |
| 3 | |
| 4 | # upgrade to UTF-8 locales (http://www.debian.org/releases/stretch/amd64/release-notes/ap-old-stuff.en.html#switch-utf8) |
| 5 | dpkg-reconfigure locales |
| 6 | |
| 7 | # remove unused config file |
| 8 | rm -rf /etc/network/options /etc/environment |
| 9 | |
| 10 | # Transition and remove entries from older releases |
| 11 | sed -i /etch/d /etc/apt/sources.list* |
| 12 | sed -i /lenny/d /etc/apt/sources.list* |
| 13 | sed -i /sarge/d /etc/apt/sources.list* |
| 14 | sed -i /squeeze/d /etc/apt/sources.list* |
| 15 | sed -i /wheezy/d /etc/apt/sources.list* |
| 16 | sed -i /volatile/d /etc/apt/sources.list* |
| 17 | sed -i /proposed-updates/d /etc/apt/sources.list* |
| 18 | # change distro (please move 3rd party sources to /etc/apt/sources.list.d/), maybe look into http://ftp.cyconet.org/debian/sources.list.d/ |
| 19 | sed -i s/jessie/stretch/g /etc/apt/sources.list* |
| 20 | sed -i "s/ stable/ stretch/g" /etc/apt/sources.list* |
| 21 | sed -i s/jessie/stretch/g /etc/apt/preferences* |
| 22 | sed -i s/jessie/stretch/g /etc/apt/sources.list.d/*jessie* |
| 23 | rename s/jessie/stretch/g /etc/apt/sources.list.d/*jessie* |
| 24 | aptitude update |
| 25 | |
| 26 | # check package status |
| 27 | dpkg --audit |
| 28 | aptitude search "~ahold" | grep "^.h" |
| 29 | dpkg --get-selections | grep hold |
| 30 | |
| 31 | # unmark packages auto |
| 32 | aptitude unmarkauto vim |
| 33 | aptitude unmarkauto monitoring-plugins-standard monitoring-plugins-common monitoring-plugins-basic |
| 34 | aptitude unmarkauto open-vm-tools-dkms ifenslave |
| 35 | aptitude unmarkauto $(dpkg-query -W 'linux-image-3.16*' | cut -f1) |
| 36 | |
| 37 | # have a look into required and free disk space |
| 38 | apt-get -o APT::Get::Trivial-Only=true dist-upgrade || df -h |
| 39 | |
| 40 | # record session |
| 41 | script -t 2>~/upgrade-stretch.time -a ~/upgrade-stretch.script |
| 42 | |
| 43 | # install our preseed so libc doesn't whine |
| 44 | cat > /tmp/stretch.preseed <<EOF |
| 45 | libc6 glibc/upgrade boolean true |
| 46 | libc6 glibc/restart-services string |
| 47 | libc6 libraries/restart-without-asking boolean true |
| 48 | EOF |
| 49 | /usr/bin/debconf-set-selections /tmp/stretch.preseed |
| 50 | |
| 51 | # update aptitude first |
| 52 | [ "$(which aptitude)" = "/usr/bin/aptitude" ] && aptitude install aptitude |
| 53 | |
| 54 | # migrate over to systemd |
| 55 | aptitude install systemd |
| 56 | |
| 57 | # minimal system upgrade (keep sysvinit / see http://noone.org/talks/debian-ohne-systemd/debian-ohne-systemd-clt.html#%2811%29) |
| 58 | aptitude upgrade |
| 59 | |
| 60 | # (re)enable wheel |
| 61 | if [ -f /etc/pam.d/su.dpkg-new ]; then CFG=/etc/pam.d/su.dpkg-new; else CFG=/etc/pam.d/su; fi |
| 62 | sed -i "s/# auth required pam_wheel.so/auth required pam_wheel.so/" $CFG |
| 63 | |
| 64 | # (re)configure snmpd |
| 65 | COMMUNITY="mycommunity"; \ |
| 66 | if [ -f /etc/snmp/snmpd.conf.dpkg-new ]; then CFG=/etc/snmp/snmpd.conf.dpkg-new; \ |
| 67 | else CFG=/etc/snmp/snmpd.conf; fi |
| 68 | sed -i "s^#rocommunity secret 10.0.0.0/16^rocommunity $COMMUNITY^g" $CFG |
| 69 | sed -i s/#agentAddress/agentAddress/ $CFG |
| 70 | sed -i "s/^ rocommunity public/# rocommunity public/" $CFG |
| 71 | sed -i "s/^ rocommunity6 public/# rocommunity6 public/" $CFG |
| 72 | sed -i "s/agentAddress udp:127/#agentAddress udp:127/" $CFG |
| 73 | |
| 74 | ## fix our xen modification |
| 75 | #rm -rf /etc/grub.d/09_linux_xen |
| 76 | #dpkg-divert --divert /etc/grub.d/09_linux_xen --rename /etc/grub.d/20_linux_xen |
| 77 | |
| 78 | # chrony update |
| 79 | if [ -f /etc/chrony/chrony.conf.new ]; then CFG=/etc/chrony/chrony.conf.new; else CFG=/etc/chrony/chrony.conf; fi |
| 80 | sed -i s/debian.pool/de.pool/g $CFG |
| 81 | |
| 82 | # randomize crontab |
| 83 | if [ -f /etc/crontab.dpkg-new ]; then CFG=/etc/crontab.dpkg-new; else CFG=/etc/crontab; fi |
| 84 | sed -i 's#root cd#root perl -e "sleep int(rand(300))" \&\& cd#' $CFG |
| 85 | sed -i 's#root\ttest#root\tperl -e "sleep int(rand(3600))" \&\& test#' $CFG |
| 86 | |
| 87 | ## phpmyadmin |
| 88 | #if [ -f /etc/phpmyadmin/config.inc.php.dpkg-new ]; then CFG=/etc/phpmyadmin/config.inc.php.dpkg-new; \ |
| 89 | # else CFG=/etc/phpmyadmin/config.inc.php; fi |
| 90 | #sed -i "s/\['auth_type'\] = 'cookie'/\['auth_type'\] = 'http'/" $CFG |
| 91 | #sed -i "s#//\$cfg\['Servers'\]\[\$i\]\['auth_type'\] = 'http';#\$cfg['Servers'][\$i]['auth_type'] = 'http';#" $CFG |
| 92 | |
| 93 | # maybe we want to change some shorewall config stuff again |
| 94 | # shorewall needs to be enabled via systemctl, /etc/default is not used by systemd |
| 95 | systemctl enable shorewall |
| 96 | |
| 97 | # full-upgrade |
| 98 | aptitude full-upgrade |
| 99 | |
| 100 | # Upgrade postgres |
| 101 | if [ "$(dpkg -l | grep "postgresql-9.4" | awk {'print $2'})" = "postgresql-9.4" ]; then \ |
| 102 | aptitude install postgresql-9.6 && \ |
| 103 | pg_dropcluster --stop 9.6 main && \ |
| 104 | /etc/init.d/postgresql stop && \ |
| 105 | pg_upgradecluster -v 9.6 9.4 main && \ |
| 106 | sed -i "s/^manual/auto/g" /etc/postgresql/9.6/main/start.conf && \ |
| 107 | sed -i "s/^port = .*/port = 5432/" /etc/postgresql/9.6/main/postgresql.conf && \ |
| 108 | sed -i "s/^shared_buffers = .*/shared_buffers = 128MB/" /etc/postgresql/9.6/main/postgresql.conf && \ |
| 109 | /etc/init.d/postgresql restart; \ |
| 110 | fi |
| 111 | pg_dropcluster 9.4 main |
| 112 | |
| 113 | # xen: use our own bridge script again, when we did before |
| 114 | #[ $(grep "^(vif-script vif-bridge-local" /etc/xen/xend-config.sxp | wc -l) -gt 0 ] && \ |
| 115 | # sed -i 's/#vif.default.script="vif-bridge"/vif.default.script="vif-bridge-local"/' /etc/xen/xl.conf |
| 116 | |
| 117 | # remove old squeeze packages left around (keep eyes open!) |
| 118 | apt-get autoremove |
| 119 | aptitude search ?obsolete |
| 120 | dpkg -l | grep etch | grep -v xen | grep -v unbound | grep -v finch | awk '{print $2}' | xargs aptitude -y purge |
| 121 | dpkg -l | grep lenny | grep -v xen | awk '{print $2}' | xargs aptitude -y purge |
| 122 | dpkg -l | grep -E 'deb6|squeeze' | grep -v xen | awk '{print $2}' | xargs aptitude -y purge |
| 123 | dpkg -l | grep -E 'deb7|wheezy' | grep -v xen | grep -v -E 'linux-image|mailscanner|openswan|debian-security-support' | awk '{print $2}' | xargs aptitude -y purge |
| 124 | dpkg -l | grep -E 'deb8|jessie' | grep -v xen | grep -v -E 'linux-image|debian-security-support' | awk '{print $2}' | xargs aptitude -y purge |
| 125 | aptitude -y install deborphan && deborphan | grep -v xen | grep -v libpam-cracklib | xargs aptitude -y purge |
| 126 | dpkg -l | grep ^r | awk '{print $2}' | xargs aptitude -y purge |
| 127 | |
| 128 | # for the brave YoloOps crowd |
| 129 | reboot && sleep 180; echo u > /proc/sysrq-trigger ; sleep 2 ; echo s > /proc/sysrq-trigger ; sleep 2 ; echo b > /proc/sysrq-trigger |
| 130 | |
| 131 | ### not needed until now |
| 132 | # mysql |
| 133 | # remove anonymous mysql access |
| 134 | #mysql -u root -p -e "DELETE FROM mysql.user WHERE User=''; DELETE FROM mysql.db WHERE Db='test' AND Host='%' OR Db='test\\_%' AND Host='%'; FLUSH PRIVILEGES;" |
| 135 | |
| 136 | # dont use iptables when creating xen vifs |
| 137 | #cp /etc/xen/scripts/vif-bridge /etc/xen/scripts/vif-bridge-local |
| 138 | #sed -i "s/^ handle_iptable/ true/g" /etc/xen/scripts/vif-bridge-local |
| 139 | #sed -i "s/^(vif-script vif-bridge)/(vif-script vif-bridge-local)/" /etc/xen/xend-config.sxp |
| 140 | |
| 141 | # xen |
| 142 | #/bin/sed -i -e 's/^[# ]*\((dom0-min-mem\).*\().*\)$/\1 512\2/' /etc/xen/xend-config.sxp |
| 143 | #sed -i s/XENDOMAINS_RESTORE=true/XENDOMAINS_RESTORE=false/ /etc/default/xendomains |
| 144 | #sed -i s#XENDOMAINS_SAVE=/var/lib/xen/save#XENDOMAINS_SAVE=\"\"# /etc/default/xendomains |
| 145 | #dpkg-divert --divert /etc/grub.d/09_linux_xen --rename /etc/grub.d/20_linux_xen |
| 146 | #echo 'GRUB_CMDLINE_XEN="dom0_mem=512M"' >> /etc/default/grub |
| 147 | |
| 148 | # migrate expose.ini |
| 149 | #[ -f /etc/php5/conf.d/expose.ini ] && mv /etc/php5/conf.d/expose.ini \ |
| 150 | # /etc/php5/mods-available/local-expose.ini && php5enmod local-expose/90 |
| 151 | # migrate local suhosin config |
| 152 | #find /etc/php5/conf.d/ -type f -name "*suhosin.ini" -exec mv '{}' \ |
| 153 | # /etc/php5/mods-available/local-suhosin.ini \; && php5enmod local-suhosin/90 |
| 154 |