Benutzer:MathiasMahnke/Debian Bookworm 2024: Unterschied zwischen den Versionen
Aus Opennet
(→Vorbereitungen) |
(→Aktualisierung) |
||
Zeile 73: | Zeile 73: | ||
apt update | apt update | ||
apt upgrade --without-new-pkgs | apt upgrade --without-new-pkgs | ||
+ | ## *** adduser.conf (Y/I/N/O/D/Z) [default=N] ? Y | ||
apt full-upgrade | apt full-upgrade | ||
apt autoremove | apt autoremove |
Version vom 28. Dezember 2023, 20:50 Uhr
Status: In Arbeit.
Debian Bookworm Update Status der Opennet Server - Debian Release von 06/2023.
Status
Virtualisierungsserver:
- Server/akito -
- Server/tamago -
- Server/ryoko -
- Server/aqua -
- VM Vorlage via vhost-admin
Gateway-Server:
- Server/erina - offen: speedtest?
- Server/gai - offen: speedtest?
- Server/itsuki - Erledigt, 2023/12/28; offen: speedtest?
- Server/megumi - offen: speedtest?
- Server/subaru - offen: speedtest?
Dienste-Server:
- Server/amano - -- Besonderheit: cron vor Update stoppen (CA Jobs)
- Server/crimson - Debian Wheezy -- Mailserver + Wiki
- Server/goat - -- Besonderheit: Buildbot Web via pip installiert
- Server/haruka - derzeit kein Debian / RouterOS
- Server/heartofgold - Debian Wheezy -- DNS Hidden Primary
- Server/hikaru - offen: python(3)-mysql / mysql vs. mariadb / alte mediawiki module / /var/log/mediawiki?
- Server/hoshino -
- Server/howmei - -- Besonderheit: Nicht alle Mesh-Teilnehmer via IPv6 erreichbar.
- Server/inez - -- Besonderheit: rsnapshot nicht in Bullseye / via Upstream DEB installiert
- Server/izumi - offen: Installation DNS-Primary -- Besonderheit: Service Discovery Opennet zusätzlich via CA Zertifikat
- Server/jun - -- Besonderheit: slt nicht in Buster
- Server/kazama - offen: eth1 WAN NIC DHCP -- Besonderheit: wireguard Installation nicht abgeschlossen?
- Server/kinjo -
- Server/maki - -- Besonderheit: rsnapshot nicht in Bullseye / via Upstream DEB installiert
- Server/nagare - Debian Buster -- Besonderheit: moinmoin benötigt Python 2
- Server/ruri -
- Server/tenkawa - -- Besonderheit: Freifunk Media Mirror rsyncd.log (seit 2018)
- Server/yurika -
- DNS WAN Server IPv6
Sonstige Server
- Server/titan - In Arbeit, 2023/12/28
- Server/server-mathias - offen: InfluxDB HTTP Write
- Server/server-christoph - offen: rtpproxy (https://www.rtpbleed.com)
- Server/server-matthias -
Aktualisierung
Vorab: Ansible Ausführung.
Ablauf:
screen cat /etc/debian_version apt update && apt upgrade apt autoremove apt list '?narrow(?installed, ?not(?origin(Debian)))' find /etc -name '*.dpkg-*' -o -name '*.ucf-*' -o -name '*.merge-error' ## HIER: Ggf. alte Konfigurationsdateien entfernen. # rm /etc/cron.daily/bsdmainutils.dpkg-remove /etc/ca-certificates.conf.dpkg-old cat /etc/apt/preferences ls /etc/apt/preferences.d/ dpkg --audit apt-mark showhold apt list '~c' ## HIER: ehem. installierte Pakete & Konfigurationen final entfernen # apt purge '~c' apt clean df -h ## HIER: apt sources list anpassen ## -> Umstellung apt non-free nach non-free-firmware beachten ## -> ggf. via apt.conf.d: 'APT::Get::Update::SourceListWarnings::NonFreeFirmware "false";' apt update apt upgrade --without-new-pkgs ## *** adduser.conf (Y/I/N/O/D/Z) [default=N] ? Y apt full-upgrade apt autoremove ## HIER: olsrd Update durchführen - welches? #wget https://downloads.opennet-initiative.de/debian/olsrd_0.9.8-3_amd64+deb11.deb #wget https://downloads.opennet-initiative.de/debian/olsrd-plugins_0.9.8-3_amd64+deb11.deb # nun lokale oder IPv6 Verbindung aufbauen #dpkg -i olsrd_0.9.8-3_amd64+deb11.deb olsrd-plugins_0.9.8-3_amd64+deb11.deb #rm olsrd_0.9.8-3_amd64+deb11.deb olsrd-plugins_0.9.8-3_amd64+deb11.deb ## HIER: ggf. Ansible Lauf reboot apt list '~c' ## HIER: entfernte Pakete bereinigen # apt purge '~c' apt list '~o' # apt remove ... ## HIER: veraltete Pakete entfernen (sehr genau prüfen!; i.d.R. nicht alles entfernen) # apt #CHECKTWICE# purge '~o' ## HIER: Nachkontrolle von Diensten, ggf. manuelle Neustarts echo /nhdpinfo neighbor | nc localhost 2009 systemctl --type=service systemctl status <name.service> journalctl -u <name.service> systemctl restart <name.service> ip -6 addr show ip -6 route show ping -6 jun.opennet-initiative.de -c 3 ping -6 jun.on -c 3
Anschließend: Ansible Ausführung
Vorbereitungen
Gedanken zum Debian Release:
- systemd-timesyncd für NTP Client Timesync?
- GRUB ohne OS-Prober via /etc/default/grub: "GRUB_DISABLE_OS_PROBER=true"
- isc-dhcp geht EoL
Hinweise Changelog:
bridge-utils (1.7-2) unstable; urgency=medium We have changed the way we deal with disabling IPv6 on the interfaces, now we don't disable IPv6 but instead we disable creation of link-local addresses on them. We also added a new setting in etc/default/bridge-utils named BRIDGE_DISABLE_LINKLOCAL_IPV6_ALSO_PHYS so that you can avoid disabling creation of link-local addresses on the physical interfaces on which we create vlan ports. The default setting is "yes" so that we preserve the old behaviour, but if you set it to no, the physical interface will receive its link-local address.
isc-dhcp-client (4.4.3-1) unstable; urgency=medium ISC has decided to stop maintaining the client and relay parts of isc-dhcp, and they will be removed after the 4.4.3 release, keeping only the server component. Please, consider using an alternative for isc-dhcp-client (dhclient). More information can be found in the ISC official announcement: https://www.isc.org/blogs/dhcp-client-relay-eom/
shadow (1:4.11.1+dfsg1-0exp1) experimental; urgency=medium Login now prevents an empty password field to be interpreted as "no authentication required" for UID 0 (root account). The historical default of letting all users with empty password field in without authentication can be restored in /etc/login.defs setting PREVENT_NO_AUTH to "no".
systemd (251.3-2) unstable; urgency=medium systemd-resolved has been split into a separate package. This new systemd-resolved package will not be installed automatically on upgrades. If you are using systemd-resolved, please install this new package manually.
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.de.html