Skip to content

Migrating from Debian 7 to Debian 8

Jump to bottom Edit New page
Dosenpfand edited this page May 1, 2018 · 12 revisions

It is possible to upgrade from Wheezy to Jessie in place. The general approach is the folowing.

  • Upgrade the server in place. There are good instructions here and, for linode users, here.
  • Run the sovereign playbook for Jessie to update configurations reset by the upgrade.

Backwards-incompatible changes

  • The owncloud role on the jessie branch installs the latest version of ownCloud (currently v9). If you are running v8 or earlier, you should either upgrade ownCloud before you upgrade the OS or modify the role to use the packages for your version of ownCloud.
  • Let's Encrypt is used for server certificates. There is no provision for installing other certificates (self-signed or otherwise).
  • The webmail role moves to Roundcube 1.2.1 and installs from source instead of packages. There is no provision for migrating the database. Roundcube settings will have to be migrated manually.
  • The mailserver role uses TLS over the mail submission port (587) instead of SSL over the smtps port (465). The latter has been deprecated for some time. Mail clients must be reconfigured after the upgrade.

Preparing for the Sovereign upgrade

You will need to migrate passwords in vars/user.yml to the secret directory. For each ansible variable holding a password, create a file in the secret directory with the name of the variable. Put the password in the file. So for example, if your variable db_admin_password has the value foobar, then you will have a file secret/db_admin_password with the contents foobar. There's a newline after the password.

Variables that need migrated this way are:

  • db_admin_password
  • encfs_password
  • mail_db_opendmarc_password
  • mail_db_password
  • owncloud_db_password
  • selfoss_db_password
  • selfoss_password_hash

Upgrade details

  • Make backups. If you are using ownCloud, back that up too, e.g., export your contacts.
  • As a precaution, stop as many services as possible before starting the upgrade: apache2, dnsmasq, openvpn, dovecot, opendkim, solr, opendmarc, postfix, postgresql, mysql, collect, and monit.
  • During the upgrade, some package installs will ask if you want to overwrite configurations with the package maintainer's version or keep your modified version. Choose the package maintainer's version. You will use sovereign to fix configuration files after the upgrade.
  • It is not necessary to reboot if you are not upgrading the kernel. Upgrade, purge removed packages per instructions, and rerun your sovereign playbook.

Cleanup

  • Check /etc/rc.local and if there is iptables setup there, remove it, since the setup has moved in Debian 8.
Add a custom footer
Add a custom sidebar
Clone this wiki locally