jessie2stretch.sh
· 11 KiB · Bash
Originalformat
Please also refer to http://www.debian.org/releases/stretch/releasenotes and use your brain! If you can’t figure out what one of the commands below does, this is not for you. Expert mode only :)
# upgrade to UTF-8 locales (http://www.debian.org/releases/stretch/amd64/release-notes/ap-old-stuff.en.html#switch-utf8)
dpkg-reconfigure locales
# remove unused config file
rm -rf /etc/network/options /etc/environment
# migrate over to systemd (before the upgrade) / you might want reboot if you install systemd
cat > /etc/apt/sources.list.d/archive.debian.org.list<<EOF
#
# jessie
#
deb http://archive.debian.org/debian/ jessie main contrib non-free
deb-src http://archive.debian.org/debian/ jessie main contrib non-free
EOF
aptitude update && \
aptitude install systemd systemd-sysv libpam-systemd && rm /etc/apt/sources.list.d/archive.debian.org.list
# are there 3rd party packages installed? (https://www.debian.org/releases/stretch/amd64/release-notes/ch-upgrading.de.html#system-status)
aptitude search '~i(!~ODebian)'
# check for ftp protocol in sources lists (https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#deprecation-of-ftp-apt-mirrors)
rgrep --color "deb ftp" /etc/apt/sources.list*
# Transition and remove entries from older releases
sed -i /etch/d /etc/apt/sources.list*
sed -i /lenny/d /etc/apt/sources.list*
sed -i /sarge/d /etc/apt/sources.list*
sed -i /squeeze/d /etc/apt/sources.list*
sed -i /wheezy/d /etc/apt/sources.list*
sed -i /volatile/d /etc/apt/sources.list*
sed -i /proposed-updates/d /etc/apt/sources.list*
# change distro (please move 3rd party sources to /etc/apt/sources.list.d/), maybe look into http://ftp.cyconet.org/debian/sources.list.d/
sed -i s/jessie/stretch/g /etc/apt/sources.list*
sed -i "s/ stable/ stretch/g" /etc/apt/sources.list*
sed -i s/jessie/stretch/g /etc/apt/preferences*
sed -i s/jessie/stretch/g /etc/apt/sources.list.d/*jessie*
rename s/jessie/stretch/g /etc/apt/sources.list.d/*jessie*
sed -i 's/#\(.*stretch\-updates\)/\1/' /etc/apt/sources.list
sed -i 's/#\(.*stretch\-backports\)/\1/' /etc/apt/sources.list.d/stretch-backports.list
rgrep --color jessie /etc/apt/sources.list*
# migrate omsa source
[ -f /etc/apt/sources.list.d/stretch-dell-omsa.list ] && sed -i /openmanage/d /etc/apt/sources.list.d/stretch-dell-omsa.list && echo "deb http://linux.dell.com/repo/community/openmanage/910/stretch stretch main" >> /etc/apt/sources.list.d/stretch-dell-omsa.list
apt-get update
# check package status
dpkg --audit
aptitude search "~ahold" | grep "^.h"
dpkg --get-selections | grep hold
# unmark packages auto
aptitude unmarkauto vim net-tools && \
aptitude unmarkauto libapache2-mpm-itk && \
aptitude unmarkauto monitoring-plugins-standard monitoring-plugins-common monitoring-plugins-basic && \
aptitude unmarkauto $(dpkg-query -W 'linux-image-3.16*' | cut -f1)
# have a look into required and free disk space
apt-get -o APT::Get::Trivial-Only=true dist-upgrade || df -h
# check for a linux-image meta package
dpkg -l "linux-image*" | grep ^ii | grep -i meta || echo "Please have a look into https://www.debian.org/releases/stretch/amd64/release-notes/ch-upgrading.en.html#kernel-metapackage!"
# record session
script -t 2>~/upgrade-stretch.time -a ~/upgrade-stretch.script
# install our preseed so libc doesn't whine
cat > /tmp/stretch.preseed <<EOF
libc6 glibc/upgrade boolean true
libc6 glibc/restart-services string
libc6 libraries/restart-without-asking boolean true
EOF
/usr/bin/debconf-set-selections /tmp/stretch.preseed
# Disable loading defaults.vim
echo '" disable the loading of defaults.vim' >> /etc/vim/vimrc.local
echo "let g:skip_defaults_vim = 1" >> /etc/vim/vimrc.local
# update aptitude first
[ "$(which aptitude)" = "/usr/bin/aptitude" ] && aptitude install aptitude
# minimal system upgrade (keep sysvinit / see http://noone.org/talks/debian-ohne-systemd/debian-ohne-systemd-clt.html#%2811%29)
aptitude upgrade
## fix our xen modification
#rm -rf /etc/grub.d/09_linux_xen
#dpkg-divert --divert /etc/grub.d/09_linux_xen --rename /etc/grub.d/20_linux_xen
# chrony update
if [ -f /etc/chrony/chrony.conf.new ]; then CFG=/etc/chrony/chrony.conf.new; else CFG=/etc/chrony/chrony.conf; fi
sed -i s/2.debian.pool/0.de.pool/g $CFG
# migrate unattended-upgrades config
if [ -f /etc/apt/apt.conf.d/50unattended-upgrades.dpkg-new ]; then CFG=/etc/apt/apt.conf.d/50unattended-upgrades.dpkg-new; \
else CFG=/etc/apt/apt.conf.d/50unattended-upgrades; fi
sed -i s/jessie/stretch/g $CFG
sed -i s/crontrib/contrib/g $CFG
sed -i "s#// If automatic reboot is enabled and needed, reboot at the specific#// Automatically reboot even if there are users currently logged in.\n//Unattended-Upgrade::Automatic-Reboot-WithUsers \"true\";\n\n// If automatic reboot is enabled and needed, reboot at the specific#" $CFG
cat >> $CFG <<EOF
// Enable logging to syslog. Default is False
// Unattended-Upgrade::SyslogEnable "false";
// Specify syslog facility. Default is daemon
// Unattended-Upgrade::SyslogFacility "daemon";
EOF
# dnsmasq config dir
if [ -f /etc/dnsmasq.conf.dpkg-new ]; then CFG=/etc/dnsmasq.conf.dpkg-new; \
else CFG=/etc/dnsmasq.conf; fi
sed -i "s%^#conf-dir=/etc/dnsmasq.d/%conf-dir=/etc/dnsmasq.d/%" $CFG
## phpmyadmin
if [ -f /etc/phpmyadmin/config.inc.php.dpkg-new ]; then CFG=/etc/phpmyadmin/config.inc.php.dpkg-new; \
else CFG=/etc/phpmyadmin/config.inc.php; fi
sed -i "s/\['auth_type'\] = 'cookie'/\['auth_type'\] = 'http'/" $CFG
sed -i "s#//\$cfg\['Servers'\]\[\$i\]\['auth_type'\] = 'http';#\$cfg['Servers'][\$i]['auth_type'] = 'http';#" $CFG
# Move configs from MySQl to MariaDB config location (e.g.)
mv /etc/mysql/conf.d/bind.cnf /etc/mysql/mariadb.conf.d/90-bind.cnf
# In some cases the upgrade of databases seems not work out (problems with mysql.proc)
source /etc/default/config-mysql-server-auth; mysql_upgrade -f --password=${MYSQLPW}
# have look into https://mariadb.com/kb/en/the-mariadb-library/moving-from-mysql-to-mariadb-in-debian-9/#configuration-options-for-advanced-database-users
# maybe we want to change some shorewall config stuff again
# shorewall needs to be enabled via systemctl, /etc/default is not used by systemd
systemctl enable shorewall
# Work around changing network interface names after update (https://github.com/systemd/systemd/issues/8446)
# Seen on VMWare guests
CFG="/etc/default/grub"; [ $(grep GRUB_CMDLINE_LINUX ${CFG} | grep 'net.ifnames=0 biosdevname=0') ] || sed -i 's/\(GRUB_CMDLINE_LINUX=".*\)"/\1 net.ifnames=0 biosdevname=0"/' ${CFG} && sed -i 's/GRUB_CMDLINE_LINUX=" /GRUB_CMDLINE_LINUX="/' ${CFG} && update-grub
# full-upgrade
apt-get dist-upgrade
# Migrate php5 packages over to php meta packages
apt install $(dpkg -l |grep php5 | awk '/^i/ { print $2 }' |grep -v ^php5$ |sed s/php5/php/| sed s/php-sqlite/php-sqlite3/)
# Fix IfModule mod_php5 in apache2 vHosts
sed -i "s/IfModule mod_php5/IfModule mod_php7/g" /etc/apache2/sites-available/*
# are there config needed to me migrated over to php my hand?
ls -la /etc/php5/{apache2,cli}/conf.d/
a2dismod php5; a2enmod php7.0 && systemctl restart apache2; ls -la /etc/apache2/mods-enabled/*php*
# Fix our ssh pub key package configuration
[ -x /var/lib/dpkg/info/config-openssh-server-authorizedkeys-core.postinst ] && \
/var/lib/dpkg/info/config-openssh-server-authorizedkeys-core.postinst configure
# snmpd now runs as Debian-snmp user, fixing sudo config
sed -i s/snmp/Debian-snmp/ /etc/sudoers.d/*
# Upgrade postgres
# See also https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.de.html#plperl
if [ "$(dpkg -l | grep "postgresql-9.4" | awk {'print $2'})" = "postgresql-9.4" ]; then \
aptitude install postgresql-9.6 && \
pg_dropcluster --stop 9.6 main && \
/etc/init.d/postgresql stop && \
pg_upgradecluster -v 9.6 9.4 main && \
sed -i "s/^manual/auto/g" /etc/postgresql/9.6/main/start.conf && \
sed -i "s/^port = .*/port = 5432/" /etc/postgresql/9.6/main/postgresql.conf && \
sed -i "s/^shared_buffers = .*/shared_buffers = 128MB/" /etc/postgresql/9.6/main/postgresql.conf && \
/etc/init.d/postgresql restart; \
fi
pg_dropcluster 9.4 main
# Fix forbitten dovecot ssl_protocols
sed -i "s/\!SSLv2 \!SSLv3/\!SSLv3/g" /etc/dovecot/local.conf && service dovecot restart
# If you are using bind9 named and chrooted it, apparmor needs to know about it now
echo "/var/lib/named/** rwm," >> /etc/apparmor.d/local/usr.sbin.named && apparmor_parser -r /etc/apparmor.d/usr.sbin.named && systemctl restart bind9
# Install / Upgrade ruby-rmagick to have correct version for redmine
aptitude install ruby-rmagick apache2
# xen: use our own bridge script again, when we did before
[ $(grep '^vif.default.script="vif-bridge-local"' /etc/xen/xl.conf.dpkg-old | wc -l) -gt 0 ] && \
sed -i 's/#vif.default.script="vif-bridge"/vif.default.script="vif-bridge-local"/' /etc/xen/xl.conf
# migrate/backup your images (before) migrating to docker overlay2 storage driver
# umount /var/lib/docker/aufs; rm -rf /var/lib/docker/aufs
# remove old squeeze packages left around (keep eyes open!)
apt autoremove && \
apt purge $(dpkg -l | awk '/gcc-4.9/ { print $2 }') && \
apt purge $(aptitude search ?obsolete | grep -v -E 'linux-image|mailscanner|kerio|hpacucli|check-openmanage|check-linux-bonding|hp-health' | awk '/^i *A/ { print $3 }') && \
apt purge $(aptitude search ?obsolete | grep -v -E 'linux-image|mailscanner|kerio|hpacucli|check-openmanage|check-linux-bonding|hp-health' | awk '/^i/ { print $2 }') && \
apt purge $(dpkg -l | grep etch | grep -v xen | grep -v unbound | grep -v finch | awk '/^rc/ { print $2 }') && \
apt purge $(dpkg -l | grep lenny | grep -v xen | awk '/^rc/ { print $2 }') && \
apt purge $(dpkg -l | grep -E 'deb6|squeeze' | grep -v xen | awk '/^rc/ { print $2 }') && \
apt purge $(dpkg -l | grep -E 'deb7|wheezy' | grep -v xen | grep -v -E 'linux-image|mailscanner|openswan|debian-security-support' | awk '/^rc/ { print $2 }') && \
apt purge $(dpkg -l | grep -E 'deb8|jessie' | grep -v xen | grep -v -E 'linux-image|debian-security-support' | awk '{ print $2 }') && \
apt -y install deborphan && apt purge $(deborphan | grep -v xen | grep -v -E 'libpam-cracklib|libapache2-mpm-itk')
apt purge $(dpkg -l | awk '/^rc/ { print $2 }')
# for the brave YoloOps crowd
reboot && sleep 180; echo u > /proc/sysrq-trigger ; sleep 2 ; echo s > /proc/sysrq-trigger ; sleep 2 ; echo b > /proc/sysrq-trigger
### not needed until now
# mysql
# remove anonymous mysql access
#mysql -u root -p -e "DELETE FROM mysql.user WHERE User=''; DELETE FROM mysql.db WHERE Db='test' AND Host='%' OR Db='test\\_%' AND Host='%'; FLUSH PRIVILEGES;"
# dont use iptables when creating xen vifs
#cp /etc/xen/scripts/vif-bridge /etc/xen/scripts/vif-bridge-local
#sed -i "s/^ handle_iptable/ true/g" /etc/xen/scripts/vif-bridge-local
#sed -i "s/^(vif-script vif-bridge)/(vif-script vif-bridge-local)/" /etc/xen/xend-config.sxp
# xen
#/bin/sed -i -e 's/^[# ]*\((dom0-min-mem\).*\().*\)$/\1 512\2/' /etc/xen/xend-config.sxp
#sed -i s/XENDOMAINS_RESTORE=true/XENDOMAINS_RESTORE=false/ /etc/default/xendomains
#sed -i s#XENDOMAINS_SAVE=/var/lib/xen/save#XENDOMAINS_SAVE=\"\"# /etc/default/xendomains
#dpkg-divert --divert /etc/grub.d/09_linux_xen --rename /etc/grub.d/20_linux_xen
#echo 'GRUB_CMDLINE_XEN="dom0_mem=512M"' >> /etc/default/grub
# migrate expose.ini
#[ -f /etc/php5/conf.d/expose.ini ] && mv /etc/php5/conf.d/expose.ini \
# /etc/php5/mods-available/local-expose.ini && php5enmod local-expose/90
# migrate local suhosin config
#find /etc/php5/conf.d/ -type f -name "*suhosin.ini" -exec mv '{}' \
# /etc/php5/mods-available/local-suhosin.ini \; && php5enmod local-suhosin/90
| 1 | Please also refer to http://www.debian.org/releases/stretch/releasenotes and use your brain! If you can’t figure out what one of the commands below does, this is not for you. Expert mode only :) |
| 2 | |
| 3 | |
| 4 | # upgrade to UTF-8 locales (http://www.debian.org/releases/stretch/amd64/release-notes/ap-old-stuff.en.html#switch-utf8) |
| 5 | dpkg-reconfigure locales |
| 6 | |
| 7 | # remove unused config file |
| 8 | rm -rf /etc/network/options /etc/environment |
| 9 | |
| 10 | # migrate over to systemd (before the upgrade) / you might want reboot if you install systemd |
| 11 | cat > /etc/apt/sources.list.d/archive.debian.org.list<<EOF |
| 12 | # |
| 13 | # jessie |
| 14 | # |
| 15 | deb http://archive.debian.org/debian/ jessie main contrib non-free |
| 16 | deb-src http://archive.debian.org/debian/ jessie main contrib non-free |
| 17 | EOF |
| 18 | aptitude update && \ |
| 19 | aptitude install systemd systemd-sysv libpam-systemd && rm /etc/apt/sources.list.d/archive.debian.org.list |
| 20 | |
| 21 | # are there 3rd party packages installed? (https://www.debian.org/releases/stretch/amd64/release-notes/ch-upgrading.de.html#system-status) |
| 22 | aptitude search '~i(!~ODebian)' |
| 23 | |
| 24 | # check for ftp protocol in sources lists (https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#deprecation-of-ftp-apt-mirrors) |
| 25 | rgrep --color "deb ftp" /etc/apt/sources.list* |
| 26 | |
| 27 | # Transition and remove entries from older releases |
| 28 | sed -i /etch/d /etc/apt/sources.list* |
| 29 | sed -i /lenny/d /etc/apt/sources.list* |
| 30 | sed -i /sarge/d /etc/apt/sources.list* |
| 31 | sed -i /squeeze/d /etc/apt/sources.list* |
| 32 | sed -i /wheezy/d /etc/apt/sources.list* |
| 33 | sed -i /volatile/d /etc/apt/sources.list* |
| 34 | sed -i /proposed-updates/d /etc/apt/sources.list* |
| 35 | # change distro (please move 3rd party sources to /etc/apt/sources.list.d/), maybe look into http://ftp.cyconet.org/debian/sources.list.d/ |
| 36 | sed -i s/jessie/stretch/g /etc/apt/sources.list* |
| 37 | sed -i "s/ stable/ stretch/g" /etc/apt/sources.list* |
| 38 | sed -i s/jessie/stretch/g /etc/apt/preferences* |
| 39 | sed -i s/jessie/stretch/g /etc/apt/sources.list.d/*jessie* |
| 40 | rename s/jessie/stretch/g /etc/apt/sources.list.d/*jessie* |
| 41 | sed -i 's/#\(.*stretch\-updates\)/\1/' /etc/apt/sources.list |
| 42 | sed -i 's/#\(.*stretch\-backports\)/\1/' /etc/apt/sources.list.d/stretch-backports.list |
| 43 | rgrep --color jessie /etc/apt/sources.list* |
| 44 | # migrate omsa source |
| 45 | [ -f /etc/apt/sources.list.d/stretch-dell-omsa.list ] && sed -i /openmanage/d /etc/apt/sources.list.d/stretch-dell-omsa.list && echo "deb http://linux.dell.com/repo/community/openmanage/910/stretch stretch main" >> /etc/apt/sources.list.d/stretch-dell-omsa.list |
| 46 | apt-get update |
| 47 | |
| 48 | # check package status |
| 49 | dpkg --audit |
| 50 | aptitude search "~ahold" | grep "^.h" |
| 51 | dpkg --get-selections | grep hold |
| 52 | |
| 53 | # unmark packages auto |
| 54 | aptitude unmarkauto vim net-tools && \ |
| 55 | aptitude unmarkauto libapache2-mpm-itk && \ |
| 56 | aptitude unmarkauto monitoring-plugins-standard monitoring-plugins-common monitoring-plugins-basic && \ |
| 57 | aptitude unmarkauto $(dpkg-query -W 'linux-image-3.16*' | cut -f1) |
| 58 | |
| 59 | # have a look into required and free disk space |
| 60 | apt-get -o APT::Get::Trivial-Only=true dist-upgrade || df -h |
| 61 | |
| 62 | # check for a linux-image meta package |
| 63 | dpkg -l "linux-image*" | grep ^ii | grep -i meta || echo "Please have a look into https://www.debian.org/releases/stretch/amd64/release-notes/ch-upgrading.en.html#kernel-metapackage!" |
| 64 | |
| 65 | # record session |
| 66 | script -t 2>~/upgrade-stretch.time -a ~/upgrade-stretch.script |
| 67 | |
| 68 | # install our preseed so libc doesn't whine |
| 69 | cat > /tmp/stretch.preseed <<EOF |
| 70 | libc6 glibc/upgrade boolean true |
| 71 | libc6 glibc/restart-services string |
| 72 | libc6 libraries/restart-without-asking boolean true |
| 73 | EOF |
| 74 | /usr/bin/debconf-set-selections /tmp/stretch.preseed |
| 75 | |
| 76 | # Disable loading defaults.vim |
| 77 | echo '" disable the loading of defaults.vim' >> /etc/vim/vimrc.local |
| 78 | echo "let g:skip_defaults_vim = 1" >> /etc/vim/vimrc.local |
| 79 | |
| 80 | # update aptitude first |
| 81 | [ "$(which aptitude)" = "/usr/bin/aptitude" ] && aptitude install aptitude |
| 82 | |
| 83 | # minimal system upgrade (keep sysvinit / see http://noone.org/talks/debian-ohne-systemd/debian-ohne-systemd-clt.html#%2811%29) |
| 84 | aptitude upgrade |
| 85 | |
| 86 | ## fix our xen modification |
| 87 | #rm -rf /etc/grub.d/09_linux_xen |
| 88 | #dpkg-divert --divert /etc/grub.d/09_linux_xen --rename /etc/grub.d/20_linux_xen |
| 89 | |
| 90 | # chrony update |
| 91 | if [ -f /etc/chrony/chrony.conf.new ]; then CFG=/etc/chrony/chrony.conf.new; else CFG=/etc/chrony/chrony.conf; fi |
| 92 | sed -i s/2.debian.pool/0.de.pool/g $CFG |
| 93 | |
| 94 | # migrate unattended-upgrades config |
| 95 | if [ -f /etc/apt/apt.conf.d/50unattended-upgrades.dpkg-new ]; then CFG=/etc/apt/apt.conf.d/50unattended-upgrades.dpkg-new; \ |
| 96 | else CFG=/etc/apt/apt.conf.d/50unattended-upgrades; fi |
| 97 | sed -i s/jessie/stretch/g $CFG |
| 98 | sed -i s/crontrib/contrib/g $CFG |
| 99 | sed -i "s#// If automatic reboot is enabled and needed, reboot at the specific#// Automatically reboot even if there are users currently logged in.\n//Unattended-Upgrade::Automatic-Reboot-WithUsers \"true\";\n\n// If automatic reboot is enabled and needed, reboot at the specific#" $CFG |
| 100 | cat >> $CFG <<EOF |
| 101 | |
| 102 | // Enable logging to syslog. Default is False |
| 103 | // Unattended-Upgrade::SyslogEnable "false"; |
| 104 | |
| 105 | // Specify syslog facility. Default is daemon |
| 106 | // Unattended-Upgrade::SyslogFacility "daemon"; |
| 107 | |
| 108 | EOF |
| 109 | |
| 110 | # dnsmasq config dir |
| 111 | if [ -f /etc/dnsmasq.conf.dpkg-new ]; then CFG=/etc/dnsmasq.conf.dpkg-new; \ |
| 112 | else CFG=/etc/dnsmasq.conf; fi |
| 113 | sed -i "s%^#conf-dir=/etc/dnsmasq.d/%conf-dir=/etc/dnsmasq.d/%" $CFG |
| 114 | |
| 115 | ## phpmyadmin |
| 116 | if [ -f /etc/phpmyadmin/config.inc.php.dpkg-new ]; then CFG=/etc/phpmyadmin/config.inc.php.dpkg-new; \ |
| 117 | else CFG=/etc/phpmyadmin/config.inc.php; fi |
| 118 | sed -i "s/\['auth_type'\] = 'cookie'/\['auth_type'\] = 'http'/" $CFG |
| 119 | sed -i "s#//\$cfg\['Servers'\]\[\$i\]\['auth_type'\] = 'http';#\$cfg['Servers'][\$i]['auth_type'] = 'http';#" $CFG |
| 120 | |
| 121 | # Move configs from MySQl to MariaDB config location (e.g.) |
| 122 | mv /etc/mysql/conf.d/bind.cnf /etc/mysql/mariadb.conf.d/90-bind.cnf |
| 123 | # In some cases the upgrade of databases seems not work out (problems with mysql.proc) |
| 124 | source /etc/default/config-mysql-server-auth; mysql_upgrade -f --password=${MYSQLPW} |
| 125 | # have look into https://mariadb.com/kb/en/the-mariadb-library/moving-from-mysql-to-mariadb-in-debian-9/#configuration-options-for-advanced-database-users |
| 126 | |
| 127 | # maybe we want to change some shorewall config stuff again |
| 128 | # shorewall needs to be enabled via systemctl, /etc/default is not used by systemd |
| 129 | systemctl enable shorewall |
| 130 | |
| 131 | # Work around changing network interface names after update (https://github.com/systemd/systemd/issues/8446) |
| 132 | # Seen on VMWare guests |
| 133 | CFG="/etc/default/grub"; [ $(grep GRUB_CMDLINE_LINUX ${CFG} | grep 'net.ifnames=0 biosdevname=0') ] || sed -i 's/\(GRUB_CMDLINE_LINUX=".*\)"/\1 net.ifnames=0 biosdevname=0"/' ${CFG} && sed -i 's/GRUB_CMDLINE_LINUX=" /GRUB_CMDLINE_LINUX="/' ${CFG} && update-grub |
| 134 | |
| 135 | # full-upgrade |
| 136 | apt-get dist-upgrade |
| 137 | |
| 138 | # Migrate php5 packages over to php meta packages |
| 139 | apt install $(dpkg -l |grep php5 | awk '/^i/ { print $2 }' |grep -v ^php5$ |sed s/php5/php/| sed s/php-sqlite/php-sqlite3/) |
| 140 | # Fix IfModule mod_php5 in apache2 vHosts |
| 141 | sed -i "s/IfModule mod_php5/IfModule mod_php7/g" /etc/apache2/sites-available/* |
| 142 | # are there config needed to me migrated over to php my hand? |
| 143 | ls -la /etc/php5/{apache2,cli}/conf.d/ |
| 144 | a2dismod php5; a2enmod php7.0 && systemctl restart apache2; ls -la /etc/apache2/mods-enabled/*php* |
| 145 | |
| 146 | # Fix our ssh pub key package configuration |
| 147 | [ -x /var/lib/dpkg/info/config-openssh-server-authorizedkeys-core.postinst ] && \ |
| 148 | /var/lib/dpkg/info/config-openssh-server-authorizedkeys-core.postinst configure |
| 149 | |
| 150 | # snmpd now runs as Debian-snmp user, fixing sudo config |
| 151 | sed -i s/snmp/Debian-snmp/ /etc/sudoers.d/* |
| 152 | |
| 153 | # Upgrade postgres |
| 154 | # See also https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.de.html#plperl |
| 155 | if [ "$(dpkg -l | grep "postgresql-9.4" | awk {'print $2'})" = "postgresql-9.4" ]; then \ |
| 156 | aptitude install postgresql-9.6 && \ |
| 157 | pg_dropcluster --stop 9.6 main && \ |
| 158 | /etc/init.d/postgresql stop && \ |
| 159 | pg_upgradecluster -v 9.6 9.4 main && \ |
| 160 | sed -i "s/^manual/auto/g" /etc/postgresql/9.6/main/start.conf && \ |
| 161 | sed -i "s/^port = .*/port = 5432/" /etc/postgresql/9.6/main/postgresql.conf && \ |
| 162 | sed -i "s/^shared_buffers = .*/shared_buffers = 128MB/" /etc/postgresql/9.6/main/postgresql.conf && \ |
| 163 | /etc/init.d/postgresql restart; \ |
| 164 | fi |
| 165 | pg_dropcluster 9.4 main |
| 166 | |
| 167 | # Fix forbitten dovecot ssl_protocols |
| 168 | sed -i "s/\!SSLv2 \!SSLv3/\!SSLv3/g" /etc/dovecot/local.conf && service dovecot restart |
| 169 | |
| 170 | # If you are using bind9 named and chrooted it, apparmor needs to know about it now |
| 171 | echo "/var/lib/named/** rwm," >> /etc/apparmor.d/local/usr.sbin.named && apparmor_parser -r /etc/apparmor.d/usr.sbin.named && systemctl restart bind9 |
| 172 | |
| 173 | # Install / Upgrade ruby-rmagick to have correct version for redmine |
| 174 | aptitude install ruby-rmagick apache2 |
| 175 | |
| 176 | # xen: use our own bridge script again, when we did before |
| 177 | [ $(grep '^vif.default.script="vif-bridge-local"' /etc/xen/xl.conf.dpkg-old | wc -l) -gt 0 ] && \ |
| 178 | sed -i 's/#vif.default.script="vif-bridge"/vif.default.script="vif-bridge-local"/' /etc/xen/xl.conf |
| 179 | |
| 180 | # migrate/backup your images (before) migrating to docker overlay2 storage driver |
| 181 | # umount /var/lib/docker/aufs; rm -rf /var/lib/docker/aufs |
| 182 | |
| 183 | # remove old squeeze packages left around (keep eyes open!) |
| 184 | apt autoremove && \ |
| 185 | apt purge $(dpkg -l | awk '/gcc-4.9/ { print $2 }') && \ |
| 186 | apt purge $(aptitude search ?obsolete | grep -v -E 'linux-image|mailscanner|kerio|hpacucli|check-openmanage|check-linux-bonding|hp-health' | awk '/^i *A/ { print $3 }') && \ |
| 187 | apt purge $(aptitude search ?obsolete | grep -v -E 'linux-image|mailscanner|kerio|hpacucli|check-openmanage|check-linux-bonding|hp-health' | awk '/^i/ { print $2 }') && \ |
| 188 | apt purge $(dpkg -l | grep etch | grep -v xen | grep -v unbound | grep -v finch | awk '/^rc/ { print $2 }') && \ |
| 189 | apt purge $(dpkg -l | grep lenny | grep -v xen | awk '/^rc/ { print $2 }') && \ |
| 190 | apt purge $(dpkg -l | grep -E 'deb6|squeeze' | grep -v xen | awk '/^rc/ { print $2 }') && \ |
| 191 | apt purge $(dpkg -l | grep -E 'deb7|wheezy' | grep -v xen | grep -v -E 'linux-image|mailscanner|openswan|debian-security-support' | awk '/^rc/ { print $2 }') && \ |
| 192 | apt purge $(dpkg -l | grep -E 'deb8|jessie' | grep -v xen | grep -v -E 'linux-image|debian-security-support' | awk '{ print $2 }') && \ |
| 193 | apt -y install deborphan && apt purge $(deborphan | grep -v xen | grep -v -E 'libpam-cracklib|libapache2-mpm-itk') |
| 194 | apt purge $(dpkg -l | awk '/^rc/ { print $2 }') |
| 195 | |
| 196 | # for the brave YoloOps crowd |
| 197 | reboot && sleep 180; echo u > /proc/sysrq-trigger ; sleep 2 ; echo s > /proc/sysrq-trigger ; sleep 2 ; echo b > /proc/sysrq-trigger |
| 198 | |
| 199 | ### not needed until now |
| 200 | # mysql |
| 201 | # remove anonymous mysql access |
| 202 | #mysql -u root -p -e "DELETE FROM mysql.user WHERE User=''; DELETE FROM mysql.db WHERE Db='test' AND Host='%' OR Db='test\\_%' AND Host='%'; FLUSH PRIVILEGES;" |
| 203 | |
| 204 | # dont use iptables when creating xen vifs |
| 205 | #cp /etc/xen/scripts/vif-bridge /etc/xen/scripts/vif-bridge-local |
| 206 | #sed -i "s/^ handle_iptable/ true/g" /etc/xen/scripts/vif-bridge-local |
| 207 | #sed -i "s/^(vif-script vif-bridge)/(vif-script vif-bridge-local)/" /etc/xen/xend-config.sxp |
| 208 | |
| 209 | # xen |
| 210 | #/bin/sed -i -e 's/^[# ]*\((dom0-min-mem\).*\().*\)$/\1 512\2/' /etc/xen/xend-config.sxp |
| 211 | #sed -i s/XENDOMAINS_RESTORE=true/XENDOMAINS_RESTORE=false/ /etc/default/xendomains |
| 212 | #sed -i s#XENDOMAINS_SAVE=/var/lib/xen/save#XENDOMAINS_SAVE=\"\"# /etc/default/xendomains |
| 213 | #dpkg-divert --divert /etc/grub.d/09_linux_xen --rename /etc/grub.d/20_linux_xen |
| 214 | #echo 'GRUB_CMDLINE_XEN="dom0_mem=512M"' >> /etc/default/grub |
| 215 | |
| 216 | # migrate expose.ini |
| 217 | #[ -f /etc/php5/conf.d/expose.ini ] && mv /etc/php5/conf.d/expose.ini \ |
| 218 | # /etc/php5/mods-available/local-expose.ini && php5enmod local-expose/90 |
| 219 | # migrate local suhosin config |
| 220 | #find /etc/php5/conf.d/ -type f -name "*suhosin.ini" -exec mv '{}' \ |
| 221 | # /etc/php5/mods-available/local-suhosin.ini \; && php5enmod local-suhosin/90 |
| 222 |