Debian 4.0 has been released. It is recommended that you upgrade the system to latest version. Upgrading remote Debian server is a piece of cake :D
Currently many of our boxes are powered by Debian 3.1 Sarge. For example typical web server may have following packages only:
=> Apache
=> PHP
=> Postfix and other mail server software
=> Iptables and backup scripts
=> MySQL 5.x etc
Procedure
Following are essential steps to upgrade your system:
1. Verify current system
2. Update package list
3. Update distribution
4. Update /etc/apt/sources.list file
5. Reboot system
6. Test everything is working
Backup your system
Before upgrading your Debian systems make sure you have backup (I’m assuming that you make backup copies of all important data/files everyday:):
- User data / files / Emails (/home, /var/www etc)
- Important system files and configuration file stored in /etc
- MySQL and other database backup
- Backup Installed package list [Get list of installed software for reinstallation / restore software]
Step # 1: Verify current system
File /etc/debian_version stores current Debian version number :
$ cat /etc/debian_version
Output:
3.1
Find out kernel version
$ uname -mrs
Output:
Linux 2.6.8-3-386 i686
Step #2: Update package list
Use apt-get command:
# apt-get update
Step #3 : Update distribution
Pass dist-upgrade option to apt-get command. This will upgrade Sarge to Etch. dist-upgrade' in addition to performing the function of upgrade, also intelligently handles changing dependencies with new versions of packages; apt-get has a "smart" conflict resolution system, and it will attempt to upgrade the most important packages at the expense of less important ones if necessary.
# apt-get dist-upgrade
This upgrade procedure takes time. Depend upon installed softwares and other factors such as network-speed you may need to wait from 10 minutes to 1+ hour(s).
Step #4 : Update /etc/apt/sources.list file
There seems to be a small bug in upgrade procedure. You need to manually update Debian security source line. You will see an error as follows:
W: Conflicting distribution: http://security.debian.org stable/updates Release (expected stable but got sarge)
W: You may want to run apt-get update to correct these problems
Just open /etc/apt/sources.list file:
# vi /etc/apt/sources.list
Find line that read as follows:
deb http://security.debian.org/ stable/updates main contrib
Replace with :
deb http://security.debian.org/ etch/updates main contrib non-free
Save and close the file. Now type the following command:
# apt-get update
Step #5: Reboot system
You are done. Just reboot the system:
# reboot
Step #6: Make sure everything is working...
See Debian distro version:
$ cat /etc/debian_version
Output:
4.0
Make sure all services are running, just go thought all log files once.
# netstat -tulpn
# tail -f /var/log/log-file-name
# less /var/log/dmesg
# top
....
...
....
Use apt-key command to manage the list of keys used by apt to authenticate packages. Packages which have been authenticated using these keys will be considered trusted. Make sure you see package etch related keys:
# apt-key list
/etc/apt/trusted.gpg -------------------- pub 1024D/2D230C5F 2006-01-03 [expired: 2007-02-07] uid Debian Archive Automatic Signing Key (2006) <ftpmaster@debian.org> pub 1024D/6070D3A1 2006-11-20 [expires: 2009-07-01] uid Debian Archive Automatic Signing Key (4.0/etch) <ftpmaster@debian.org> pub 1024D/ADB11277 2006-09-17 uid Etch Stable Release Key <debian-release@lists.debian.org>
If there is a problem use following command to update the local keyring with the keyring of Debian archive keys and removes from the keyring the archive keys which are no longer valid.
# apt-key update
# apt-key list
Finally just see if any new updates/security updates are available:
# apt-get update
# apt-get upgrade
Further readings
- Above instructions is server specific only. I’ve tested them on 3 different production web servers. The release notes for Debian GNU/Linux 4.0 ("etch"), Intel x86 has additional information about Upgrades from previous releases including special information about Debian Linux desktop system and other troubleshooting hints.
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 17 comments… read them below or add one }
Simple, straight forward, good work … keep it up!
You probably want to use aptitude instead of apt-get which is now the recommended upgrade method.
A few notes;
Because Etch is now stable, you don’t need to change lines in the sources.list file. Doing that means the user will have to change that line in the future when the new testing is made stable.
Changing from stable, testing or unstable in the sources.list file to the code name means that you’ve locked yourself to that version. In fact people that don’t want to upgrade would change stable to Sarge to keep the same repositories they already have.
@Chmouel, Yes you can use aptitude :)
@chris, I Need to change because of an error otherwise no need to change the sources.list file.
Appreciate your posts!
Warning. Before you reboot check you mdadm settings. This bit me baddly. There was a major change in mdadm and if you do remove and file and update /etc/mdadm/mdadm.conf before you reboot you will have a paper wait if you depend on raid at all.
Thanks
robert
Or you can do it properly and follow the release notes:
http://www.us.debian.org/releases/stable/releasenotes
There are a couple of issues to be aware of.
@Robert
Good hint.
@Jon
Yup, upgrade may create a problem.
Appreciate your posts!
if your debian server runs as a mail server with postfix with amavis (and some more), please keep in mind that amavis changes configuration file and layout completely.
after the upgrade, your old config file will be renamed and amavis is not able to start again. this means, that your postfix will accept mail, put them in the mailqueue because it is not able to connect to amavis for the virus and spam checks.
you need to manually configure amavis with the new config layout and move your old config file to somewhere else. after this, you can restart amavis again.
after amavis is up and running again, use “postqueue -f” to deliver the deferred mails from the mailqueue.
there are some more things to keep an eye on, but generally, the upgrade is not a problem for some medium experienced people.
It’s Sarge not Sarga.
John,
Thanks for the heads up!
I´ve upgrade from a lenny/sid and now when I look to /etc/debian_version it remains like lenny/sid, Help me please!!!!
As mentioned, upgrading amavisd-new may result in a broken mail system. I have put together a few notes that may give you ideas on how to make the amavisd-new upgrade painless.
http://www200.pair.com/mecham/spam/upgrade_amavisd-new.html
nice guidelines thanks :-)
please add ministep
/usr/sbin/update-grub
before step #5 reboot
Hello!
May i get info on how to upgrade
Debian sarge 3.1r2 kernel 2.4
to
Debian etch 4.0r1 kernel 2.6
Thanking You
I did this and now lib_php5.so is not recognized as an apache module? Also, at end of upgrade
the deb ver is 4.0 but kernel is still 2.4.27-2-386???? The upgrade doesn’t upgrade the kernel?
Thanks,
Joe
I guess that you are aware that the main upgrade can take a long
time and probably will recommend that you reboot, whereas your
recommended reboot after changing the sources.list strictly spoken
is not necessary as far as I know.
Otherwise I appreciate the text, which takes you by the hand nicely.
I Googled your blog becuase I needed to know why the system suddenly
whines about “stable” not being “etch”.
You should run aptitude up_grade_ once in a while, as far as I know.
I can’t find “deb http://security.debian.org/ stable/updates main contrib” Help anyone?