Debian upgrade notes: jessie and openjdk 8

Jonathan A Rees edited this page Feb 8, 2016 · 14 revisions

Objective: make openjdk 8 work in the opentree EC2 instances.

There are openjdk packages in the 'unstable' (i.e. bleeding edge) Debian, but not in any stable distributions. We want to stick to stable distributions both because of QA and because security updates are made available sooner for stable distros vs. unstable.

Openjdk 8 has dependencies that are not met by wheezy (Debian 7), but are met by jessie (Debian 8). So the first step is to upgrade. After that we can install openjdk 8 from the unstable distribution.

Upgrading to jessie

I followed the instructions here. Logging in as admin:

Make sure wheezy is up to date:

sudo apt-get update
sudo apt-get upgrade

Changes sources lists to point to jessie packages:

cd /etc/apt
sudo sed -i.bak -e 's/wheezy/jessie/' sources.list
cd sources.list.d
sudo sed -i.bak -e 's/wheezy/jessie/' backports.list

Preliminary upgrade:

sudo apt-get update
sudo apt-get upgrade
... Restart services during package upgrades without asking? y
... What do you want to do about modified configuration file grub? 2

Main part of upgrade (7 minutes):

sudo apt-get dist-upgrade
... Disable SSH password authentication for root? y
... *** ssl.conf (Y/I/N/O/D/Z) [default=N] ? Y
... some difficulty with SSLMutex when restarting apache ...

Some housekeeping

sudo apt-get purge $(dpkg -l | awk '/^rc/ { print $2 }')
sudo apt-get autoremove

The instructions recommend upgrading the kernel, but I'm not doing that (now, at least).

At this point the system is in more or less the state it would be in had we provisioned the EC2 instance with 'jessie' in the first place.

Fixing apache

I got an error in the above upgrade answering 'N' to the ssl question, and apache didn't start. Stackoverflow says "the SSLMutex has been dropped after 2.2". Fortunately we have no custom modifications to ssl.conf and can just use the distributed version, i.e. answer 'Y'. If the answer was 'N' then do the following:

cd /etc/apache2/mods-available
mv ssl.conf.dpkg-dist ssl.conf

Apache 2.4 is incompatible with Apache 2.2 in several ways.

First, vhost configuration file names must now end in '.conf'. So our 000-opentree symbolic link in sites-enabled/ must be changed to 000-opentree.conf. Similarly for the ssl vhost.

Second, the 'Order', 'Allow', and 'Deny' directives are all obsolete, and have been replaced by 'Require'. To allow access to something, say 'Require all granted', and to deny, say 'Require all denied'. (Don't try to read these as English; their English meaning has little relation their Apache meaning.) This affects all three of our vhost configuration files.

There are a few miscellaneous issues related to SSL, see here.

These changes should all be taken care of automatically by the deployment system (

Upgrading the python virtualenv

The virtualenv stashes versions of python libraries that are now obsolete. Force a rebuild:

rm -r ~opentree/venv

Configuring to allow installation of backports

As of 31 July 2015 there is a Java 8 backport. To install it, first add this line at the end of /etc/apt/sources.list:

deb jessie-backports main

Then teach the system about available backports:

sudo apt-get update

Then install per commands in section after next.

Installing Java 8

The deployment system will do this.

sudo apt-get install openjdk-8-jre-headless
sudo apt-get install openjdk-8-jdk

If Java 7 was installed previously, you will need to change the main 'java' and 'javac' commands to point to Java 8:

sudo /usr/sbin/update-java-alternatives -s java-1.8.0-openjdk-amd64

Setting the time zone to UTC

If the time zone is Europe/London or anything other than UTC, set it to UTC.

sudo dpkg-reconfigure tzdata
Geographic area: 13     -- i.e. none of the above
Time zone: 33           -- UTC

Refreshing the venv

It's recommended to refresh the open tree 'virtualenv' on every major Debian upgrade. Just delete ~/venv and reinstall the webapp(s). See this issue.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.