-
Notifications
You must be signed in to change notification settings - Fork 825
Migrating from Debian 7 to Debian 8
Dosenpfand edited this page May 1, 2018
·
12 revisions
It is possible to upgrade from Wheezy to Jessie in place. The general approach is the folowing.
- Upgrade the server in place. There are good instructions here and, for linode users, here.
- Run the sovereign playbook for Jessie to update configurations reset by the upgrade.
- The owncloud role on the jessie branch installs the latest version of ownCloud (currently v9). If you are running v8 or earlier, you should either upgrade ownCloud before you upgrade the OS or modify the role to use the packages for your version of ownCloud.
- Let's Encrypt is used for server certificates. There is no provision for installing other certificates (self-signed or otherwise).
- The webmail role moves to Roundcube 1.2.1 and installs from source instead of packages. There is no provision for migrating the database. Roundcube settings will have to be migrated manually.
- The mailserver role uses TLS over the mail submission port (587) instead of SSL over the smtps port (465). The latter has been deprecated for some time. Mail clients must be reconfigured after the upgrade.
You will need to migrate passwords in vars/user.yml
to the secret
directory. For each ansible variable holding a password, create a file in the secret
directory with the name of the variable. Put the password in the file. So for example, if your variable db_admin_password
has the value foobar
, then you will have a file secret/db_admin_password
with the contents foobar
. There's a newline after the password.
Variables that need migrated this way are:
db_admin_password
encfs_password
mail_db_opendmarc_password
mail_db_password
owncloud_db_password
selfoss_db_password
selfoss_password_hash
- Make backups. If you are using ownCloud, back that up too, e.g., export your contacts.
- As a precaution, stop as many services as possible before starting the upgrade: apache2, dnsmasq, openvpn, dovecot, opendkim, solr, opendmarc, postfix, postgresql, mysql, collect, and monit.
- During the upgrade, some package installs will ask if you want to overwrite configurations with the package maintainer's version or keep your modified version. Choose the package maintainer's version. You will use sovereign to fix configuration files after the upgrade.
- It is not necessary to reboot if you are not upgrading the kernel. Upgrade, purge removed packages per instructions, and rerun your sovereign playbook.
- Check
/etc/rc.local
and if there is iptables setup there, remove it, since the setup has moved in Debian 8.