Archiwa Patching

This script send you e-mail notification about new updates:

# cat /root/check_update.sh
#!/bin/bash
email=soban@soban.pl
hostnam=`hostname`
apt-get update
# sometimes change number of lines (for example proxmox 4.4 - 4; proxmox 5 - 5)
if [ `apt-get --just-print upgrade | wc -l` != 5 ]
then
        apt-get --just-print upgrade |  mail -s "Update checker $hostnam" $email
fi

# cat /root/check_update.sh

#!/bin/bash

email=soban@soban.pl

hostnam=`hostname`

apt-get update

# sometimes change number of lines (for example proxmox 4.4 - 4; proxmox 5 - 5)

if [ `apt-get --just-print upgrade | wc -l` != 5 ]

then

apt-get --just-print upgrade | mail -s "Update checker $hostnam" $email

You can download the script from:

$ cd /root/
$ wget https://soban.pl/bash/check_update.sh

1 2	$ cd /root/ $ wget https://soban.pl/bash/check_update.sh

You should set the correct e-mail address in the script, for now it is soban@soban.pl
Notification it’s looks something like that:

Should the script be executed:

# chmod +x /root/check_update.sh

1	# chmod +x /root/check_update.sh

Also added to the crontab, every day to extend a new update:

00 06 * * * /root/check_update.sh > /dev/null 2>&1

1	00 06 * * * /root/check_update.sh > /dev/null 2>&1

Remember don’t to upgrade your system on Friday! Good luck!

Before we start upgrading the Debian system version, please make a snapshot or a possible backup of the system. Such a change entails significant changes that can damage the system. Of course, before you upgrade the system in production, it is best to upgrade to the testing environment first. The upgrade process affects the entire system. Services may not be available at this time. If the system is doing the hosting for your website then it may not be available!

Always bear in mind that the production environment is different from test environment, so I recommend that you do it carefully. A good practice is to keep a time interval between the upgrade of test and production environment, in my case it is a week. Remember not to make changes to production on Friday!

This is how we check the version of the system:

And now, we going to update OS, but before we do that – we will make copy of:

cp /etc/apt/sources.list /root/sources.list_buster

1	cp /etc/apt/sources.list /root/sources.list_buster

There is sorces setup for buster:

# cat /etc/apt/sources.list
deb http://ftp.debian.org/debian buster main contrib
deb http://ftp.debian.org/debian buster-updates main contrib
deb http://security.debian.org buster/updates main contrib
deb http://nginx.org/packages/debian/ buster nginx
deb-src http://nginx.org/packages/debian/ buster nginx

# cat /etc/apt/sources.list

deb http://ftp.debian.org/debian buster main contrib

deb http://ftp.debian.org/debian buster-updates main contrib

deb http://security.debian.org buster/updates main contrib

deb http://nginx.org/packages/debian/ buster nginx

deb-src http://nginx.org/packages/debian/ buster nginx

Before we upgrade the debian system version to 11, we need to do a full upgrade:

# apt update && apt upgrade -q -y && apt dist-upgrade -q -y && apt autoremove -y -q

1	# apt update && apt upgrade -q -y && apt dist-upgrade -q -y && apt autoremove -y -q

Then we use sed to replace “buster” on “bullseye”:

# sed -i 's/buster/bullseye/g' /etc/apt/sources.list

1	# sed -i 's/buster/bullseye/g' /etc/apt/sources.list

There here’s the effect:

# cat /etc/apt/sources.list

1	# cat /etc/apt/sources.list

To be sure, we will do a comparison of the backed up file:

And then we can do update:

# apt update && apt upgrade -q -y && apt dist-upgrade -q -y && apt autoremove -y -q

1	# apt update && apt upgrade -q -y && apt dist-upgrade -q -y && apt autoremove -y -q

So that it is not too easy, to start the task in the form of:

Specifically about this error:

Err:5 http://security.debian.org bullseye/updates Release
  404  Not Found [IP: 199.232.150.132 80]
Reading package lists... Done
E: The repository 'http://security.debian.org bullseye/updates Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Err:5 http://security.debian.org bullseye/updates Release

404 Not Found [IP: 199.232.150.132 80]

Reading package lists... Done

E: The repository 'http://security.debian.org bullseye/updates Release' does not have a Release file.

N: Updating from such a repository can't be done securely, and is therefore disabled by default.

N: See apt-secure(8) manpage for repository creation and user configuration details.

To fix it, use any editor on the file (vi in my case):

# vi /etc/apt/sources.list

1	# vi /etc/apt/sources.list

We remove line 4 – “deb http://security.debian.org buster/updates main contrib” as you can see, we go out and save :

Of course, any other editor like nano is also good for this case.
The contents of the /etc/apt/sources.list file now looks like this:

# cat /etc/apt/sources.list
deb http://ftp.debian.org/debian bullseye main contrib
deb http://ftp.debian.org/debian bullseye-updates main contrib
deb http://nginx.org/packages/debian/ bullseye nginx
deb-src http://nginx.org/packages/debian/ bullseye nginx

# cat /etc/apt/sources.list

deb http://ftp.debian.org/debian bullseye main contrib

deb http://ftp.debian.org/debian bullseye-updates main contrib

deb http://nginx.org/packages/debian/ bullseye nginx

deb-src http://nginx.org/packages/debian/ bullseye nginx

We can try to update the system again:

# apt update && apt upgrade -q -y && apt dist-upgrade -q -y && apt autoremove -y -q

1	# apt update && apt upgrade -q -y && apt dist-upgrade -q -y && apt autoremove -y -q

Now you need get some the system upgrade process has started. You can go for a coffee, or not 😉
There will be questions.
And more information, albout apt listchanges:

Just press ‘q’ and enter.

In this case we press enter.

Services to restart:

Enter agien.

This is question, about ssh deamon configuration:

In my case, I press enter because I don’t want to make changes to its configuration.

If all went well, we can reboot the system:

# reboot

# reboot

Now check the system:

Congratulations, we are on the new version of the system!
At this point, we can verify all services, for example whether the website is working properly. If it is OK, upgrade the production environment.

In my cases, I have problem PHP new version.
PHP have no persmision on nginx to user – when I try enter to page:

# tail -f /var/log/nginx/error-*.log 
unix:/var/run/php/php-fpm.sock failed (13: Permission denied)

1 2	# tail -f /var/log/nginx/error-*.log unix:/var/run/php/php-fpm.sock failed (13: Permission denied)

So we need to fix that in this way:

# service php7.4-fpm status
* php7.4-fpm.service - The PHP 7.4 FastCGI Process Manager
     Loaded: loaded (/lib/systemd/system/php7.4-fpm.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2021-10-01 14:59:14 CEST; 3min 28s ago
       Docs: man:php-fpm7.4(8)
    Process: 289 ExecStartPost=/usr/lib/php/php-fpm-socket-helper install /run/php/php-fpm.sock /etc/php/7.4/fpm/pool.d/www.conf 74 (code=exited, status=0/S>
   Main PID: 116 (php-fpm7.4)
     Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec"
        CPU: 364ms
     CGroup: /system.slice/php7.4-fpm.service
             |-116 php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
             |-287 php-fpm: pool www
             `-288 php-fpm: pool www

Oct 01 14:59:11 soban-pl systemd[1]: Starting The PHP 7.4 FastCGI Process Manager...
Oct 01 14:59:14 soban-pl systemd[1]: Started The PHP 7.4 FastCGI Process Manager.

# service php7.4-fpm status

* php7.4-fpm.service - The PHP 7.4 FastCGI Process Manager

Loaded: loaded (/lib/systemd/system/php7.4-fpm.service; enabled; vendor preset: enabled)

Active: active (running) since Fri 2021-10-01 14:59:14 CEST; 3min 28s ago

Docs: man:php-fpm7.4(8)

Process: 289 ExecStartPost=/usr/lib/php/php-fpm-socket-helper install /run/php/php-fpm.sock /etc/php/7.4/fpm/pool.d/www.conf 74 (code=exited, status=0/S>

Main PID: 116 (php-fpm7.4)

Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec"

CPU: 364ms

CGroup: /system.slice/php7.4-fpm.service

|-116 php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)

|-287 php-fpm: pool www

`-288 php-fpm: pool www

Oct 01 14:59:11 soban-pl systemd[1]: Starting The PHP 7.4 FastCGI Process Manager...

Oct 01 14:59:14 soban-pl systemd[1]: Started The PHP 7.4 FastCGI Process Manager.

There is something wrong with the permissions:

# grep www-data /etc/php/7.4/fpm/pool.d/www.conf
user = www-data
group = www-data
listen.owner = www-data
listen.group = www-data

# grep www-data /etc/php/7.4/fpm/pool.d/www.conf

user = www-data

group = www-data

listen.owner = www-data

listen.group = www-data

Let’s make some backup:

# cp /etc/php/7.4/fpm/pool.d/www.conf /etc/php/7.4/fpm/pool.d/www.conf.backup.$(date +%F)

1	# cp /etc/php/7.4/fpm/pool.d/www.conf /etc/php/7.4/fpm/pool.d/www.conf.backup.$(date +%F)

I will replace www-data to nginx:

# sed -i 's/www-data/nginx/g' /etc/php/7.4/fpm/pool.d/www.conf

1	# sed -i 's/www-data/nginx/g' /etc/php/7.4/fpm/pool.d/www.conf

Now it’s looks better:

# grep nginx /etc/php/7.4/fpm/pool.d/www.conf
user = nginx
group = nginx
listen.owner = nginx
listen.group = nginx

# grep nginx /etc/php/7.4/fpm/pool.d/www.conf

user = nginx

group = nginx

listen.owner = nginx

listen.group = nginx

And restart services:

# service php7.4-fpm restart

1	# service php7.4-fpm restart

Also checking status:

Another problem is that, mariadb was removed, so I install it agien:

# apt-get install mariadb-server mariadb-client -y

1	# apt-get install mariadb-server mariadb-client -y

and that resolved all my problems.

To be 100% sure, I reloaded the entire machine.

Category: Patching

Error on Oracle Linux 7 rpmdb: BDB0113

Automatic update of the Debian Linux test environment

E-mail notification about new updates Proxmox

Upgrade Debian GNU/Linux 10 (buster) to 11 (bullseye)