Home > Support > HOWTO List > Upgrading Debian Based Distros

Debian: dist-upgraded Debian

Debian releases tend to each have a good few years of security support.  But even Debian distros eventually need to be dist-upgraded to the new releases.

This is reasonably straight forward with Debian.  The issues that do crop up are typically standard (distro provided) config files that you have edited (you need to decide whose version to use).  And sometimes issues around webapps or custom software where that software does not work with the new software (e.g. newer PHP) on the new distros.

An automated dist-upgrade using our 'distrorejuve' tool.

There are a few steps to dist-upgrading a Debian server.  We have automated those in our distrorejuve script on github.

To do an automated dist-upgrade:

Take a snapshot backup of your VM.

Restart your server with a new (4.14 or newer) kernel at our kernel page.

Download and run the distrorejuve script:


wget -O distrorejuve.sh --no-check-certificate https://raw.githubusercontent.com/pbkwee/distrorejuve/master/distrorejuve.sh
sudo bash -x distrorejuve.sh --dist-upgrade | tee -a ~/distrorejuve.log | egrep -v '^\+'

This script will add Debian GPG keys, update your sources.list with the new repositories.  Add support for LTS repositories where applicable (e.g. with squeeze), report config file conflicts.

Expect the upgrade to take an hour or two.  After the upgrade expect to spend 'a bit of time' fiddling with configs and testing things.

If you get stuck, or would prefer RimuHosting support to run the dist-upgrade, just pop in a support ticket and ask us to perform the sysadmin work.

The upgrade process typically requires some downtime, and requires you to perform checks and config tweaks.  So in some cases it may be preferable to install a new server and migrate your apps to that.  Or you could clone the VM (via VM ordering and install process) and run the upgrade on the clone.  After the clone is upgraded and you are happy it is working as you expect, you can either change DNS settings to point to the new IP, or overwrite the original VM with the upgraded VM (to retain the IP address).

Manually running a dist-upgrade

Note that this should only be done over single releases (ie don't go from Squeeze straight to Jessie)

On Debian?  What does cat /etc/debian_version say?

3.x is Woody
3.x is Sarge
4.x is Etch
5.x is Lenny
6.x is Squeeze
7.x is Wheezy
8.x is Jessie
9.x is Stretch
10.x is Buster
11.x is Bullseye (current old stable)
12.x is Bookworm (current stable)

The current stable is always here. The official upgrade guide is here.

Update from Bullseye to Bookworm

By default, systemd will rename the network interface from eth0 to a different name.  To prevent this, run the following commands before the upgrade:

mkdir -p /etc/systemd/network
ln -s /dev/null /etc/systemd/network/99-default.link

Update from Buster to Bullseye

ref https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html

Update from Stretch to Buster

ref https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html

Issues we are aware of:
- update to our default 4.19 kernel, to match the distribution release kernel version. Some packages (such as mysql/mariadb) may not perform predictably under older kernels.
- monit and phpmyadmin packages are missing from the buster release, but may be included in debian backports repository once related packaging issues are resolved. Our support team can help to install these manually if you need them, or suggest alternatives.
- python 2.7 support is now only very minimal, buster comes with python 3.7 by default.
- postgresql databases should be reindexed following an upgrade, eg with 'sudo -u postgres reindexdb --all'
- You may want to run 'sudo bash distrorejuve.sh --remove-deprecated-packages' to clean up some leftover packages

Update from Jessie to Stretch

So far this seems to be reasonably painless.

Known issues:
- Changes in glibc and the kernel mean some third party applications from *really* old installs of debian may no longer work normally
- Current webmin version 0.850 and earlier (including virtualmin) installs cannot issue or renew letsencrypt certificates.

Update from Wheezy to Jessie

If you are running Virtualmin check out these upgrade notes.

Firstly update the sources.list file:

sed -i 's/wheezy/jessie/g' /etc/apt/sources.list

Update the package list:

apt-get update

A minimal system upgrade first:

apt-get upgrade

Then do the full upgrade:

apt-get dist-upgrade

Jessie uses systemd, which means it needs a kernel with cgroups support. Our current 4.4 (or newer) kernels work just fine

Apache has been updated from version 2.2 to version 2.4.  This means there are some configuration changes that will probably need attention.  E.g. MaxClients is gone, use MaxRequestWorkers and related directives instead.  Also the allow/deny syntax has changed.

There is an issue with the quotas, the patch of leaving the symlink to /dev/root does not work anymore, it gets removed. To solve edit the systemd unit file /etc/systemd/system/sysinit.target.wants/quota.service

ExecStartPre=/bin/ln -s /dev/xvda1 /dev/root

If you encounter any upgrade issues that might be useful to mention here, please let us know.

Update from Squeeze to Wheezy

You should take a look at the official upgrade page mentioned above, but it is essentially the same process as for all versions.  If you are running Virtualmin check out these notes too.

Firstly update the sources.list file:

sed -i 's/squeeze/wheezy/g' /etc/apt/sources.list

Update the package list:

apt-get update

A minimal system upgrade first:

apt-get upgrade

Then do the full upgrade:

apt-get dist-upgrade

Pay attention to the questions the upgrade process might ask, for instance I saw a question reqarding a configuration change for MySQL:

Configuration file `/etc/mysql/my.cnf'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** my.cnf (Y/I/N/O/D/Z) [default=N] ?

I typed D to check the differences, and in this case there is a depercated language option being updated:

--- /etc/mysql/my.cnf   2013-05-05 03:45:09.000000000 +0000
+++ /etc/mysql/my.cnf.dpkg-new  2012-06-08 20:25:42.000000000 +0000
@@ -29,7 +29,6 @@
 nice           = 0

 [mysqld]
-bind-address = 127.0.0.1
 #
 # * Basic Settings
 #
@@ -40,7 +39,7 @@
 basedir                = /usr
 datadir                = /var/lib/mysql
 tmpdir         = /tmp
-language       = /usr/share/mysql/english
+lc-messages-dir        = /usr/share/mysql
 skip-external-locking
 #
 # Instead of skip-networking the default is now to listen only on

I went ahead and approved the maintainer version to save that change, by typing Y, since in the MySQL 5.5 documentation it says:

--lc-messages-dir and --lc-messages should be used rather than --language , which is deprecated and handled as an alias ...

Then I went back to add the "bind-address 127.0.0.1", turned out that was duplicate entry and a bind-address directive for localhost was still in place.  Where you have made some custom configuratons you may just want to take notes on what has changed and see if those make sense for your setup and opt not to use the package maintainers version.

Finally go to the Rimuhosting control panel, find the kernel update page and update the kernel to the one there mentioned for use w/ Wheezy.  Changing the kernel there will take care of the reboot needed.

Note the note about not using Aptitude.  Seems that application is somewhat deprecated now.

Our test upgrades were run on pretty fresh setups so of course we didn't run into any problems.  If you have setup some complex custom applications you may need to take this into consideration when performing a distribution upgrade.  If you are running a VPS you can always run a VPS backup before trying to upgrade so that you can roll back easily in case there are any major problems.

Upgrading from Lenny to Squeeze

If you are still running Lenny, you should update to Squeeze before trying to upgrade to Wheezy.  Good idea to update to the latest version of the previous distro before upgrading.  Lenny has reached end of life, so you will need to update your repo to point to the archives:

deb http://archive.debian.org/debian/ lenny main non-free contrib

You may see some messages about missing keys, fine to ignore them for now. After updating to the latest packages, clean up the package manager caches.

apt-get update
apt-get upgrade
apt-get clean

Now to dist upgrade to Squeeze change your /etc/apt/sources.list to look like as folows:

deb http://ftp.us.debian.org/debian/ squeeze main non-free contrib
deb http://security.debian.org/ squeeze/updates main non-free contrib

Then run...

# to minimize all those tedious 'are you sure'? messages.
export DEBIAN_PRIORITY=critical
export DEBIAN_FRONTEND=noninteractive

# run the dist upgrade
apt-get update
apt-get dist-upgrade

We have run this a few times on VPS'.  And the process seems pretty safe/hassle free.

Rinse and repeat for each version you need to upgrade to.

Additionally we recomend using the corresponding kernel version available from our kernel chooser for best reliability

As always, if you are not sure, feel free to get one of our staff to assist you by popping in a support ticket.

Dealing with expired keys

When updating from lenny, apt may now refuse to proceed with an upgrade, due to expired keys. After enabling the squeeze sources, you can run the following, and then apt-get update should work again (at least until squeeze also becomes EOL)

apt-get install debian-archive-keyring

You may also find it helpful to add the following to /etc/apt/apt.conf (create it if it does not exist). And then remove those lines after the upgrade to squeeze is done.

APT { 
  Ignore {"gpg-pubkey"; }
  Get { AllowUnauthenticated "1"; }
}

Upgrading Ubuntu

See our Ubuntu page here.