Re: Relatively boring bullseye upgrade reports

To: debian-user@lists.debian.org
Subject: Re: Relatively boring bullseye upgrade reports
From: Reco <recoverym4n@enotuniq.net>
Date: Sun, 22 Aug 2021 19:34:57 +0300
Message-id: <[🔎] E1mHqR0-0009yJ-Ce@enotuniq.net>
In-reply-to: <[🔎] E1mHSc8-0008Hh-5B@enotuniq.net>
References: <[🔎] 20210817013713.fzx56abbdghagzv5@randomstring.org> <[🔎] E1mGzkl-0003Ck-NE@enotuniq.net> <[🔎] E1mH0jY-0003Ff-Fe@enotuniq.net> <[🔎] E1mHSc8-0008Hh-5B@enotuniq.net>

Ok, serious things.

male: QEMU VM, remote hosting, console access is available
Primary MX, IPSec endpoint

Upgrade was tricky, because IPSec tunnel was brought down during the
upgrade. It went up, but I was required to bounce sshd from the console
nevertheless.
Replaced sysvinit with systemd-sysv while I was at it.
Replaced sslh with nginx stream config for SSH/HTTPS multiplexing.


i5378: Dell Inspiron 5378, 4Gb ram, 7th gen Intel Core, LXDE/openbox
Secondary tool of the trade

The upgrade took out my favorite Terminus font from the terminal
emulator, (no)thanks to the upgraded fontconfig. Replaced Terminus with
self-built OTB version.

The upgrade of Icecast reverted all its passwords to the default,
without any question asked. Got them back via git history (etckeeper).
I'd expect a pitfall like this from RHEL.

An internal NIC (ip link add type bridge) that I use for LXC showed
NO-CARRIER unless at least one NIC was attached to it (worked
differently in buster). Worked around that by adding dummy NIC (ip link
add type dummy) to the bridge.

LXC configs required numerous /cgroup/cgroup2/ replacements, but there's
sed for that. Luckily, I do not have to run anything RHEL-based there.
And no, I do not need that lxc-net screwing my netfilter rules.

They've renamed obexd from bluez-obexd from good and proper Debian
pathname to a horrible RH one. Had to fix my Bluetooth MAP script as the
result. A small price for the distribution unification, I suppose.


n10i5: Intel NUC N10I5, 8Gb ram, 10th gen Intel Core, LXDE/openbox
Primary tool of the trade

I forgot to clear apt pinnings before the upgrade, and was left with
self-backported mesa, vaapi and libdrm. Nothing that 'apt install -t
stable' could not handle though.
See also i5378.


There's that other VM (female, IPSec endpoint) left, and a half-dozen
servers at the office, but it can wait until my vacation ends.


My biggest surprises from all this:
- most of my custom Apparmor profiles survived OS upgrades with no
  modifications at all.
- most of custom rsyslogd filters continue to work as intended.
- and the size of vmlinuz and initrd.img did not increase that much,
  which allowed me to leave u-boot configuration untouched.


IMO - Debian 11 is a good release, transition to it is easy. Easier than
8->9 one (systemd was introduced) or 9->10 one (iptables -> nft, and
"predictable" NIC names). But then again, it's not my first rodeo.


Stuff I did beforehand just in case:

# Thanks, I do not need *that* kind of predictability
ln -sf /dev/null /etc/systemd/network/73-usb-net-by-mac.link

# And I like my logs to be human-readable
sed -r 's/#Storage=.*/Storage=volatile' /etc/systemd/journald.conf

# ARM only, what's wrong with these ppl?
systemctl mask systemd-pstore.service

# SBCs, laptop and desktop
# iostat and pidstat are cool, constant writes to /var/log/sysstat are
# not
systemctl mask sysstat-collect.timer sysstat-summary.timer

Reco

Reply to:

References:
- Relatively boring bullseye upgrade reports
  - From: Dan Ritter <dsr@randomstring.org>
- Re: Relatively boring bullseye upgrade reports
  - From: Reco <recoverym4n@enotuniq.net>
- Re: Relatively boring bullseye upgrade reports
  - From: Reco <recoverym4n@enotuniq.net>
- Re: Relatively boring bullseye upgrade reports
  - From: Reco <recoverym4n@enotuniq.net>

Prev by Date: Re: kodi and gnome-control-center conflict on bullseye
Next by Date: Re: smart fans
Previous by thread: Re: Relatively boring bullseye upgrade reports
Next by thread: Re: Relatively boring bullseye upgrade reports
Index(es):
- Date
- Thread