Debian distribution upgrade documentation

I haven't noticed any official documentation to perform a distribution upgrade from Debian 8 to 9 for Virtualmin as yet.

Is this in the pipeline?

Status: 
Closed (fixed)

Comments

Howdy -- thanks for your interest!

Yes that documentation is definitely planned, and should be up there soon.

Joe's picture
Submitted by Joe on Fri, 08/11/2017 - 15:43 Pro Licensee

As I understand it, the only change needed is to switch to the Virtualmin 6 repositories (since there isn't a Debian 9 repo in the old repos).

deb http://software.virtualmin.com/vm/6/gpl/apt virtualmin-stretch main
deb http://software.virtualmin.com/vm/6/gpl/apt virtualmin-universal main

License details would need to be inserted, and the "gpl" subdirectory removed, for Pro installations.

Debian 8 and 9 are strikingly similar; systemd on both and no major version changes in the important software.

W: GPG error: http://software.virtualmin.com virtualmin-stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY D9F9010760D62A6B
W: GPG error: http://software.virtualmin.com virtualmin-universal InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY D9F9010760D62A6B


Also, once I reboot after the upgrade, do I need to make any changes to apache2.conf as suggested in your wheezy to jessie dist-upgrade page, or anything else?

Joe's picture
Submitted by Joe on Fri, 08/11/2017 - 20:23 Pro Licensee

Oops, right, I forgot you need the new key:

# wget http://software.virtualmin.com/lib/RPM-GPG-KEY-virtualmin-6
# apt-key add RPM-GPG-KEY-virtualmin-6

I don't think apache2.conf changes are needed, as the Apache versions aren't too different. But, it might need tweaking if the upgrade overwrites the old one. apt-get does weird and destructive things sometimes...so it could happen.

Is anything not working? Or have you not actually done the upgrade yet? (If you haven't, you may want to wait until we've had a chance to actually try them in person. I'm just going on what a few users have said about their upgrade experience. It seems to go pretty smoothly for most users.)

Just going through with the upgrade after wget --quiet http://software.virtualmin.com/lib/RPM-GPG-KEY-virtualmin-6 -O - | apt-key add -
Will let you know if I run into any issues :)

At first glance all seems well except fpr fail2ban. At the end of the upgrade before rebooting I received the following error in my console:

Errors were encountered while processing:
fail2ban
E: Sub-process /usr/bin/dpkg returned an error code (1)


From Virtualmin, when I now try to start fail2ban server I get this:
Failed to start server : Starting fail2ban (via systemctl): fail2ban.serviceJob for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details. failed!

Joe's picture
Submitted by Joe on Fri, 08/11/2017 - 23:21 Pro Licensee

We'll need to see that journal output.

root@host:~# systemctl status fail2ban.service
● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Fri 2017-08-11 21:47:51 CDT; 1h 50min ago
     Docs: man:fail2ban(1)
  Process: 15028 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=255)

Aug 11 21:47:51 host.xx.com systemd[1]: fail2ban.service: Unit entered failed state.
Aug 11 21:47:51 host.xx.com systemd[1]: fail2ban.service: Failed with result 'exit-code'.
Aug 11 21:47:51 host.xx.com systemd[1]: fail2ban.service: Service hold-off time over, scheduling restart.
Aug 11 21:47:51 host.xx.com systemd[1]: Stopped Fail2Ban Service.
Aug 11 21:47:51 host.xx.com systemd[1]: fail2ban.service: Start request repeated too quickly.
Aug 11 21:47:51 host.xx.com systemd[1]: Failed to start Fail2Ban Service.
Aug 11 21:47:51 host.xx.com systemd[1]: fail2ban.service: Unit entered failed state.
Aug 11 21:47:51 host.xx.com systemd[1]: fail2ban.service: Failed with result 'exit-code'.
root@host:~#


I'm also getting an error 500 when I activate php7. After I revert back to php 5.6.30 all's well. This is with CGI as well as well as FCGId.

[Sat Aug 12 02:56:01.067189 2017] [cgi:error] [pid 7103] [client 67.xxxx::49742] End of script output before headers: php7.0.cgi
[Sat Aug 12 03:01:17.262767 2017] [fcgid:warn] [pid 7778] (104)Connection reset by peer: [client 67.xxxxx:49854] mod_fcgid: error reading data from FastCGI server
[Sat Aug 12 03:01:17.262848 2017] [core:error] [pid 7778] [client 67.xxxxx:49854] End of script output before headers: index.php
[Sat Aug 12 03:01:17.283041 2017] [fcgid:warn] [pid 7778] (104)Connection reset by peer: [client 67.xxxxx:49854] mod_fcgid: error reading data from FastCGI server
[Sat Aug 12 03:01:17.283100 2017] [core:error] [pid 7778] [client 67.xxxxxxx:49854] End of script output before headers: error.php
Joe's picture
Submitted by Joe on Sat, 08/12/2017 - 10:52 Pro Licensee

That's two separate issues. You may want to open a new ticket for the PHP issue so Jamie and Eric will see that it's about something new (they probably can be more helpful on that issue than I can).

On the fail2ban issue, I still don't see why it's failing. What shows up in fail2ban.log when you try to restart the fail2ban service?

No new entries are logged in fail2ban.log after attempting to start twice now. The error is always Failed to start server : Starting fail2ban (via systemctl): fail2ban.serviceJob for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details. failed!

The last entries in fail2ban.log are:

2017-08-11 20:49:18,390 fail2ban.server [1541]: INFO    Stopping all jails
2017-08-11 20:49:18,676 fail2ban.jail   [1541]: INFO    Jail 'postfix' stopped
2017-08-11 20:49:19,669 fail2ban.actions.action[1541]: ERROR   iptables -D INPUT -p tcp --dport ssh -j fail2ban-default
iptables -F fail2ban-default
iptables -X fail2ban-default returned 100
2017-08-11 20:49:19,670 fail2ban.jail   [1541]: INFO    Jail 'dovecot' stopped
2017-08-11 20:49:20,665 fail2ban.jail   [1541]: INFO    Jail 'ssh' stopped
2017-08-11 20:49:21,659 fail2ban.jail   [1541]: INFO    Jail 'pam-generic' stopped
2017-08-11 20:49:21,707 fail2ban.server [1541]: INFO    Exiting Fail2ban
unborn's picture
Submitted by unborn on Tue, 08/15/2017 - 13:52 Pro Licensee

hi guys, fail2ban reminds the same except new rules names ig you can read regex then you would be fine.. only two changes was made, nothing hard to figure this out...

Sorted out as follows:

root@host:~# apt-get remove --purge fail2ban
Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following packages were automatically installed and are no longer required:
  python3-pyinotify python3-systemd
Use 'apt autoremove' to remove them.
The following packages will be REMOVED:
  fail2ban*
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 1,321 kB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 125218 files and directories currently installed.)
Removing fail2ban (0.9.6-2) ...
Processing triggers for man-db (2.7.6.1-2) ...
(Reading database ... 124972 files and directories currently installed.)
Purging configuration files for fail2ban (0.9.6-2) ...
Processing triggers for systemd (232-25+deb9u1) ...
root@host:~# apt autoremove
Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following packages will be REMOVED:
  python3-pyinotify python3-systemd
0 upgraded, 0 newly installed, 2 to remove and 0 not upgraded.
After this operation, 295 kB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 124811 files and directories currently installed.)
Removing python3-pyinotify (0.9.6-1) ...
Removing python3-systemd (233-1) ...
root@host:~#


Installed fail2ban afresh and it installed OK this time.

Joe's picture
Submitted by Joe on Thu, 08/24/2017 - 12:47 Pro Licensee

Status: Active » Fixed

Sounds like this has been resolved. Feel free to re-open if I'm incorrect about that.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.