{"id":468,"date":"2021-01-20T12:46:10","date_gmt":"2021-01-20T12:46:10","guid":{"rendered":"https:\/\/www.micha.name\/blog\/?p=468"},"modified":"2021-01-22T08:24:48","modified_gmt":"2021-01-22T08:24:48","slug":"upgrading-debian-9-to-debian-10","status":"publish","type":"post","link":"https:\/\/www.micha.name\/blog\/2021\/01\/20\/upgrading-debian-9-to-debian-10\/","title":{"rendered":"Upgrading Debian 9 to Debian 10"},"content":{"rendered":"\n

Triggered by needing to upgrade Nextcloud,<\/a> I finally bit the bullet and decided to upgrade my virtually-hosted Debian server from Debian 9 “stretch” to Debian 10 “buster”.<\/p>\n\n\n\n

The upgrade, as usual, was fairly trivial:<\/p>\n\n\n\n

apt-get update\napt-get upgrade\n<edit \/etc\/apt\/sources.conf to point to the new version>\napt-get update\napt-get upgrade\napt-get full-upgrade\nreboot<\/code><\/pre>\n\n\n\n
There were various configuration files which needed tweaking during and after the upgrade. vimdiff <\/em>was very useful. I also learned a new screen<\/em><\/a> feature – split-screen! (Ctrl-a – |). Finally a shoutout to etckeeper<\/a><\/em> for maintaining a full history of all edits made in \/etc.<\/p>\n\n\n\n
Post-upgrade Issues and Gotchas<\/h2>\n\n\n\n
dovecot (imap server)<\/h3>\n\n\n\n
A huge issue was that I could no longer access my emails from anywhere.<\/p>\n\n\n\n
Turns out that dovecot<\/strong> was no longer letting me log in. The mail log file had numerous “Can’t load DH parameters” error entries. I had not merged in a required change to the ssl certificate configuration.<\/p>\n\n\n\n
exim4 (mail server)<\/h3>\n\n\n\n
The second huge issue was that exim was no longer processing incoming mail. Turns out that spamd wasn’t started after the reboot. Fixed by:<\/p>\n\n\n\n
systemctl start spamassassin.service\nsystemctl enable spamassassin.service<\/code><\/pre>\n\n\n\n
shorewall (firewall)<\/h3>\n\n\n\n
Another major gotcha: the shorewall firewalls were not automatically re-enabled<\/strong>, and it took me three days to notice. Yikes! I had left the server on sys-v init instead of systemctl and the upgrade had silently switched over. After restarting the firewall, use systemctl<\/em> enable <\/em>to configure it to start on bootup.<\/p>\n\n\n\n
systemctl start shorewall.service\nsystemctl enable shorewall.service\nsystemctl start shorewall6.service\nsystemctl enable shorewall6.service<\/code><\/pre>\n\n\n\n
bind9 (name server)<\/h3>\n\n\n\n
Another item was that bind<\/strong> was no longer starting up – it needed a tweak to the apparmor<\/strong> configuration. Appears that on my server the log files are written to a legacy directory and the new default configuration prevented bind from writing into it and hence failing to start up.<\/p>\n\n\n\n
Miscellaneous<\/h3>\n\n\n\n
  • I finally removed dovecot<\/strong> spam from syslog by giving it its own logfiles (tweaking fail2ban<\/strong> accordingly).<\/li>
  • Various PHP options needed tweaking and several new modules needed installing to support Nextcloud (manually installed so no dependency tracking).<\/li><\/ul>\n\n\n\n
    Later Updates<\/h2>\n\n\n\n
    • Discovered that phpldapadmin<\/strong> was broken. Manually downloaded and installed an updated version from “testing”.<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"
      Triggered by needing to upgrade Nextcloud, I finally bit the bullet and decided to upgrade my virtually-hosted Debian server from Debian 9 “stretch” to Debian 10 “buster”. The upgrade, as usual, was fairly trivial: There were various configuration files which needed tweaking during and after the upgrade. vimdiff was very useful. I also learned a new screen feature – split-screen! (Ctrl-a – |). Finally a shoutout to etckeeper for maintaining a full history of all edits made in \/etc. Post-upgrade Issues and Gotchas dovecot (imap server) A huge issue was that I could no longer access my emails from anywhere. Turns out that dovecot was no longer letting me log in. The mail log file had numerous “Can’t load DH parameters” error entries. I had not merged in a required change to the ssl certificate configuration. exim4 (mail server) The second huge issue was that exim was no longer processing incoming mail. Turns out that spamd wasn’t started after the reboot. Fixed by: shorewall (firewall) Another major gotcha: the shorewall firewalls were not automatically re-enabled, and it took me three days to notice. Yikes! I had left the server on sys-v init instead of systemctl and the upgrade had silently […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[56],"tags":[21],"_links":{"self":[{"href":"https:\/\/www.micha.name\/blog\/wp-json\/wp\/v2\/posts\/468"}],"collection":[{"href":"https:\/\/www.micha.name\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.micha.name\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.micha.name\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.micha.name\/blog\/wp-json\/wp\/v2\/comments?post=468"}],"version-history":[{"count":6,"href":"https:\/\/www.micha.name\/blog\/wp-json\/wp\/v2\/posts\/468\/revisions"}],"predecessor-version":[{"id":477,"href":"https:\/\/www.micha.name\/blog\/wp-json\/wp\/v2\/posts\/468\/revisions\/477"}],"wp:attachment":[{"href":"https:\/\/www.micha.name\/blog\/wp-json\/wp\/v2\/media?parent=468"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.micha.name\/blog\/wp-json\/wp\/v2\/categories?post=468"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.micha.name\/blog\/wp-json\/wp\/v2\/tags?post=468"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}