Changes

Page history
remove non-tsa content authored by anarcat's avatar anarcat
Show whitespace changes
Inline Side-by-side
howto/upgrades.md 0 → 100644
View page @ f6c6b238
[[_TOC_]]
Debian upgrades
===============
Major upgrades
--------------
Major upgrades are done by hand, with a "cheat sheet" created for each
major release. Here are the currently documented ones:
[[!map pages="page(howto/upgrades/*) and !page(howto/upgrades/cassettes)"]]
<figure>
<img alt="graph showing planned completion date, currently around july 2020" src="predict-stretch.png" />
<figcaption>
The above graphic shows the progress of the migration between major
releases. It can be regenerated with the [predict-os](https://gitlab.com/anarcat/predict-os) script. It
pulls information from [howto/puppet](howto/puppet) to update a [CSV file](data.csv) to
keep track of progress over time.
</figure>
### Team-specific upgrade policies
Before we perform a major upgrade, it might be advisable to consult
with the team working on the box to see if it will interfere for their
work. Some teams might block if they believe the major upgrade will
break their service. They are not allowed to indefinitely block the
upgrade, however.
Team policies:
* anti-censorship: TBD
* metrics: one or two work-day advance notice ([source](https://gitlab.torproject.org/legacy/trac/-/issues/32998#note_2345807))
* funding: schedule a maintenance window
* git: TBD
* gitlab: TBD
* translation: TBD
Some teams might be missing from the list.
Minor upgrades
--------------
Most of the packages upgrades are handled by the unattended-upgrades package which
is configured via puppet.
Unattended-upgrades writes logs to /var/log/dpkg.log, or /var/log/unattended-upgrades/.
The default configuration file for unattended-upgrades is at /etc/apt/apt.conf.d/50unattended-upgrades.
Pending upgrades are still noticed by Nagios which warns loudly about them in its
usual channels.
If a package origin isn't picked by unattended upgrades it will need to be upgraded
by hand or its origin added to modules/profile/manifests/unattended_upgrades.pp in
puppet.
### Restarting services
After upgrades, there's a Nagios check that might trigger and tell you
that some services are running with outdated libraries. For example,
after a Bacula upgrade:
The following processes have libs linked that were upgraded: bacula: bacula-fd (1787)
While the entire host can be rebooted (using the procedure below) to
fix this problem, it's sometimes less disruptive to just restart that
one process.
For this purpose, `needrestart` is installed on all machines, and it makes sure to
restart services. It can also be useful to restart services manually, for
example with:
ssh root@cupani.torproject.org needrestart -u NeedRestart::UI::stdio -r a
(Note that earlier versions of needrestart showed spurious warnings in
this mode, see [bug #859387](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859387), fixed in buster.)
If you cannot figure out why the warning happens, you might want to
run the check by hand:
/usr/lib/nagios/plugins/dsa-check-libs
The `--verbose` flag also shows which file trigger the warning.
Some services will have `cron` as a parent, and will make
`needrestart` want to restart cron which is, of course,
ineffective. The only "proper" way to restart those services is to
reboot the host.
Services setup with the new systemd-based startup system documented in
[doc/services](doc/services) can be restarted with:
systemctl restart user@1504.service
There's a feature request ([bug #843778](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843778)) to implement support for
those services directly in needrestart.
### Blacklisted packages
At the moment the only blacklisted packages for unattended_upgrades are:
- openvswitch-switch
- openvswitch-common
See ([bug #34185]https://bugs.torproject.org/34185)
### Kernel upgrades and reboots
Sometimes it is necessary to perform a reboot on the hosts, when the
kernel is updated. Nagios will warn about this, with something like
this:
WARNING: Kernel needs upgrade [linux-image-4.9.0-9-amd64 != linux-image-4.9.0-8-amd64]
#### Rebooting guests
If this is only a virtual machine, and the only one affected, it can
be rebooted directly. This can be done with the `tsa-misc` script
called `reboot`:
./reboot -H test-01.torproject.org,test-02.torproject.org
By default, the script will wait 2 minutes before hosts: that should
be changed to *30 minutes* if the hosts are part of a mirror network
to give the monitoring systems (`mini-nag`) time to rotate the hosts
in and out of DNS:
./reboot -H mirror-01.torproject.org,mirror-02.torproject.org --delay-nodes 1800
If the host has an encrypted filesystem and is hooked up with Mandos, it
will return automatically. Otherwise it might need a password to be
entered at boot time, either through the initramfs (if it has the
`profile::fde` class in Puppet) or manually, after the boot. That is
the case for the `mandos-01` server itself, for example, as it
currently can't unlock itself, naturally.
This routine should be able to reboot all hosts with a `rebootPolicy`
defined to `justdoit` or `rotation`:
echo "rebooting 'justdoit' hosts with a 10-minute delay...."
./reboot -H $(ssh alberti.torproject.org 'ldapsearch -h db.torproject.org -x -ZZ -b ou=hosts,dc=torproject,dc=org -LLL "(rebootPolicy=justdoit)" hostname | awk "\$1 == \"hostname:\" {print \$2}" | sort') --delay-hosts=30 --delay-shutdown=10 -v
echo "rebooting 'rotation' hosts with a 30-minute delay...."
./reboot -H $(ssh alberti.torproject.org 'ldapsearch -h db.torproject.org -x -ZZ -b ou=hosts,dc=torproject,dc=org -LLL "(rebootPolicy=rotation)" hostname | awk "\$1 == \"hostname:\" {print \$2}" | sort') --delay-hosts=30 --delay-shutdown=30 -v
The remaining is the "manual" procedure, the KVM hosts:
./reboot-host kvm4.torproject.org
./reboot-host kvm5.torproject.org
./reboot-host moly.torproject.org
The ganeti hosts, using Fabric:
./reboot -v -H fsn-node-0{1,2,3,4,5}.torproject.org
The scaleway box needs special handholding, see [ticket 32920](https://bugs.torproject.org/32920). The
windows boxes should normally not need a reboot.
All hosts should be rebooted now, see [Nagios unhandled problems](https://nagios.torproject.org/cgi-bin/icinga/status.cgi?allunhandledproblems)
to confirm.
#### Rebooting KVM hosts
Generally, KVM hosts are the latter case and need special attention,
as the guests need to be individually rebooted. The
`tor-libvirt-reboot` takes care of the hand-holding necessary
here. When the server returns, the encrypted partitions need to be
unlocked as well, with the `tor-libvirt-luks-start` command. A full
reboot procedure will look something like this:
HOST=unifolium.torproject.org
echo "showing motd to see affected guests" &&
ssh $HOST cat /etc/motd &&
ssh -tt root@$HOST tor-libvirt-reboot ; \
echo "waiting 30 seconds for host to go down..." &&
sleep 30 &&
echo "waiting up to 2 minutes for $HOST to come back" &&
ping -c 10 -w 120 $HOST ; \
ssh -tt root@$HOST tor-libvirt-luks-start
(Update: the above script is now in `tsa-misc/reboot-host`.)
If only the guests on the machine need a reboot, for example Nagios
complains about `libvirt-qemu` processes, use the
`tor-libvirt-stop-start` script.
#### Rebooting Ganeti clusters
This is documented in the [howto/ganeti](howto/ganeti) section, but it's basically
running the above `reboot` sript and `hbal` commands.
#### Generic upgrade routines
LDAP hosts have information about how they can be rebooted, in the
`rebootPolicy` field. Here are what the various fields mean:
* `justdoit` - can be rebooted any time, with a 10 minute delay,
possibly in parallel
* `rotation` - part of a cluster where each machine needs to be
rebooted one at a time, with a 30 minute delay for DNS to update
* `manual` - needs to be done by hand or with a special tool (fabric
in case of ganeti, reboot-host in the case of KVM, nothing for
windows boxes)
### Example runs
#### This documenation is now deprecated as we are now using unattended-upgrades
#### and needrestart
Here's an example run of the upgrade tool:
weasel@orinoco:~$ torproject-upgrade-prepare
Agent pid 5384
Pass a valid window to KWallet::Wallet::openWallet().
Identity added: /home/weasel/.ssh/id_rsa (/home/weasel/.ssh/id_rsa)
build-arm-03.torproject.org: ControlSocket /home/weasel/.ssh/.pipes/orinoco/weasel@rouyi.torproject.org:22 already exists, disabling multiplexing
rouyi.torproject.org: ControlSocket /home/weasel/.ssh/.pipes/orinoco/weasel@rouyi.torproject.org:22 already exists, disabling multiplexing
build-arm-01.torproject.org: ControlSocket /home/weasel/.ssh/.pipes/orinoco/weasel@rouyi.torproject.org:22 already exists, disabling multiplexing
build-arm-02.torproject.org: ControlSocket /home/weasel/.ssh/.pipes/orinoco/weasel@rouyi.torproject.org:22 already exists, disabling multiplexing
gillii.torproject.org: ssh: connect to host gillii.torproject.org port 22: No route to host
geyeri.torproject.org: ssh: connect to host geyeri.torproject.org port 22: No route to host
chiwui.torproject.org: W: Size of file /var/lib/apt/lists/partial/deb.debian.org_debian_dists_jessie-backports_InRelease is not what the server reported 166070 130112
chiwui.torproject.org: W: Size of file /var/lib/apt/lists/partial/deb.debian.org_debian_dists_jessie-updates_InRelease is not what the server reported 145060 16384
------------------------------------------------------------
Upgrade available on alberti.torproject.org brulloi.torproject.org chamaemoly.torproject.org colchicifolium.torproject.org corsicum.torproject.org cupani.torproject.org gayi.torproject.org henryi.torproject.org iranicum.torproject.org materculae.torproject.org meronense.torproject.org nevii.torproject.org palmeri.torproject.org scw-arm-ams-01.torproject.org troodi.torproject.org vineale.torproject.org:
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
The following packages will be upgraded:
libssl1.0.2 linux-image-4.9.0-8--x- openssh-client openssh-server
openssh-sftp-server ssh
6 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst openssh-sftp-server [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-]) []
Inst libssl1.0.2 [1.0.2q-1~deb9u1] (1.0.2r-1~deb9u1 Debian-Security:9/stable [-x-]) []
Inst openssh-server [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-]) []
Inst openssh-client [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Inst ssh [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [all])
Inst linux-image-4.9.0-8--x- [4.9.144-3] (4.9.144-3.1 Debian:stable-updates [-x-])
Conf openssh-sftp-server (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Conf libssl1.0.2 (1.0.2r-1~deb9u1 Debian-Security:9/stable [-x-])
Conf openssh-server (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Conf openssh-client (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Conf ssh (1:7.4p1-10+deb9u6 Debian-Security:9/stable [all])
Conf linux-image-4.9.0-8--x- (4.9.144-3.1 Debian:stable-updates [-x-])
Accept [y/N]? y
------------------------------------------------------------
Upgrade available on orestis.torproject.org:
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
The following packages will be upgraded:
libssl1.0.2 linux-image-4.9.0-8--x- linux-libc-dev openssh-client
openssh-server openssh-sftp-server
6 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst libssl1.0.2 [1.0.2q-1~deb9u1] (1.0.2r-1~deb9u1 Debian-Security:9/stable [-x-])
Inst openssh-sftp-server [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-]) []
Inst openssh-server [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-]) []
Inst openssh-client [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Inst linux-image-4.9.0-8--x- [4.9.144-3] (4.9.144-3.1 Debian:stable-updates [-x-])
Inst linux-libc-dev [4.9.144-3] (4.9.144-3.1 Debian:stable-updates [-x-])
Conf libssl1.0.2 (1.0.2r-1~deb9u1 Debian-Security:9/stable [-x-])
Conf openssh-sftp-server (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Conf openssh-server (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Conf openssh-client (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Conf linux-image-4.9.0-8--x- (4.9.144-3.1 Debian:stable-updates [-x-])
Conf linux-libc-dev (4.9.144-3.1 Debian:stable-updates [-x-])
Accept [y/N]? y
------------------------------------------------------------
Upgrade available on cdn-backend-sunet-01.torproject.org hetzner-hel1-01.torproject.org hetzner-hel1-02.torproject.org hetzner-hel1-03.torproject.org kvm4.torproject.org kvm5.torproject.org listera.torproject.org macrum.torproject.org nutans.torproject.org textile.torproject.org unifolium.torproject.org:
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
The following packages will be upgraded:
libssl1.0.2 linux-image-4.9.0-8--x- openssh-client openssh-server
openssh-sftp-server
5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst libssl1.0.2 [1.0.2q-1~deb9u1] (1.0.2r-1~deb9u1 Debian-Security:9/stable [-x-])
Inst openssh-sftp-server [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-]) []
Inst openssh-server [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-]) []
Inst openssh-client [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Inst linux-image-4.9.0-8--x- [4.9.144-3] (4.9.144-3.1 Debian:stable-updates [-x-])
Conf libssl1.0.2 (1.0.2r-1~deb9u1 Debian-Security:9/stable [-x-])
Conf openssh-sftp-server (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Conf openssh-server (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Conf openssh-client (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Conf linux-image-4.9.0-8--x- (4.9.144-3.1 Debian:stable-updates [-x-])
Accept [y/N]? y
------------------------------------------------------------
Upgrade available on eugeni.torproject.org omeiense.torproject.org pauli.torproject.org polyanthum.torproject.org rouyi.torproject.org rude.torproject.org:
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
The following packages will be upgraded:
libssl1.0.2 linux-image-4.9.0-8--x- linux-libc-dev openssh-client
openssh-server openssh-sftp-server ssh
7 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst openssh-sftp-server [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-]) []
Inst libssl1.0.2 [1.0.2q-1~deb9u1] (1.0.2r-1~deb9u1 Debian-Security:9/stable [-x-]) []
Inst openssh-server [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-]) []
Inst openssh-client [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Inst ssh [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [all])
Inst linux-image-4.9.0-8--x- [4.9.144-3] (4.9.144-3.1 Debian:stable-updates [-x-])
Inst linux-libc-dev [4.9.144-3] (4.9.144-3.1 Debian:stable-updates [-x-])
Conf openssh-sftp-server (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Conf libssl1.0.2 (1.0.2r-1~deb9u1 Debian-Security:9/stable [-x-])
Conf openssh-server (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Conf openssh-client (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Conf ssh (1:7.4p1-10+deb9u6 Debian-Security:9/stable [all])
Conf linux-image-4.9.0-8--x- (4.9.144-3.1 Debian:stable-updates [-x-])
Conf linux-libc-dev (4.9.144-3.1 Debian:stable-updates [-x-])
Accept [y/N]? y
------------------------------------------------------------
Upgrade available on arlgirdense.torproject.org bracteata.torproject.org build-x86-07.torproject.org build-x86-08.torproject.org build-x86-09.torproject.org carinatum.torproject.org crm-ext-01.torproject.org crm-int-01.torproject.org forrestii.torproject.org gitlab-01.torproject.org neriniflorum.torproject.org opacum.torproject.org perdulce.torproject.org savii.torproject.org saxatile.torproject.org staticiforme.torproject.org subnotabile.torproject.org togashii.torproject.org web-hetzner-01.torproject.org:
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
The following packages will be upgraded:
linux-image-4.9.0-8--x-
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst linux-image-4.9.0-8--x- [4.9.144-3] (4.9.144-3.1 Debian:stable-updates [-x-])
Conf linux-image-4.9.0-8--x- (4.9.144-3.1 Debian:stable-updates [-x-])
Accept [y/N]? y
------------------------------------------------------------
Upgrade available on build-arm-01.torproject.org build-arm-02.torproject.org build-arm-03.torproject.org scw-arm-par-01.torproject.org:
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
The following packages will be upgraded:
libssl1.0.2 openssh-client openssh-server openssh-sftp-server ssh
5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst openssh-sftp-server [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-]) []
Inst libssl1.0.2 [1.0.2q-1~deb9u1] (1.0.2r-1~deb9u1 Debian-Security:9/stable [-x-]) []
Inst openssh-server [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-]) []
Inst openssh-client [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Inst ssh [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [all])
Conf openssh-sftp-server (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Conf libssl1.0.2 (1.0.2r-1~deb9u1 Debian-Security:9/stable [-x-])
Conf openssh-server (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Conf openssh-client (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Conf ssh (1:7.4p1-10+deb9u6 Debian-Security:9/stable [all])
Accept [y/N]? y
------------------------------------------------------------
Upgrade available on chiwui.torproject.org:
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be upgraded:
bind9-host dnsutils file libbind9-90 libdns-export100 libdns100
libirs-export91 libisc-export95 libisc95 libisccc90 libisccfg-export90
libisccfg90 liblwres90 libmagic1 libssl-dev libssl1.0.0 openssl
qemu-guest-agent
18 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst libssl-dev [1.0.1t-1+deb8u10] (1.0.1t-1+deb8u11 Debian-Security:8/oldstable [-x-]) []
Inst libssl1.0.0 [1.0.1t-1+deb8u10] (1.0.1t-1+deb8u11 Debian-Security:8/oldstable [-x-])
Inst file [1:5.22+15-2+deb8u4] (1:5.22+15-2+deb8u5 Debian-Security:8/oldstable [-x-]) []
Inst libmagic1 [1:5.22+15-2+deb8u4] (1:5.22+15-2+deb8u5 Debian-Security:8/oldstable [-x-])
Inst libisc-export95 [1:9.9.5.dfsg-9+deb8u16] (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-])
Inst libdns-export100 [1:9.9.5.dfsg-9+deb8u16] (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-])
Inst libisccfg-export90 [1:9.9.5.dfsg-9+deb8u16] (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-])
Inst libirs-export91 [1:9.9.5.dfsg-9+deb8u16] (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-])
Inst dnsutils [1:9.9.5.dfsg-9+deb8u16] (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-]) []
Inst bind9-host [1:9.9.5.dfsg-9+deb8u16] (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-]) []
Inst libisc95 [1:9.9.5.dfsg-9+deb8u16] (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-]) []
Inst libdns100 [1:9.9.5.dfsg-9+deb8u16] (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-]) []
Inst libisccc90 [1:9.9.5.dfsg-9+deb8u16] (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-]) []
Inst libisccfg90 [1:9.9.5.dfsg-9+deb8u16] (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-]) []
Inst liblwres90 [1:9.9.5.dfsg-9+deb8u16] (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-]) []
Inst libbind9-90 [1:9.9.5.dfsg-9+deb8u16] (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-])
Inst openssl [1.0.1t-1+deb8u10] (1.0.1t-1+deb8u11 Debian-Security:8/oldstable [-x-])
Inst qemu-guest-agent [1:2.1+dfsg-12+deb8u9] (1:2.1+dfsg-12+deb8u10 Debian-Security:8/oldstable [-x-])
Conf libssl1.0.0 (1.0.1t-1+deb8u11 Debian-Security:8/oldstable [-x-])
Conf libssl-dev (1.0.1t-1+deb8u11 Debian-Security:8/oldstable [-x-])
Conf libmagic1 (1:5.22+15-2+deb8u5 Debian-Security:8/oldstable [-x-])
Conf file (1:5.22+15-2+deb8u5 Debian-Security:8/oldstable [-x-])
Conf libisc-export95 (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-])
Conf libdns-export100 (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-])
Conf libisccfg-export90 (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-])
Conf libirs-export91 (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-])
Conf libisc95 (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-])
Conf libdns100 (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-])
Conf libisccc90 (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-])
Conf libisccfg90 (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-])
Conf libbind9-90 (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-])
Conf liblwres90 (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-])
Conf bind9-host (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-])
Conf dnsutils (1:9.9.5.dfsg-9+deb8u17 Debian-Security:8/oldstable [-x-])
Conf openssl (1.0.1t-1+deb8u11 Debian-Security:8/oldstable [-x-])
Conf qemu-guest-agent (1:2.1+dfsg-12+deb8u10 Debian-Security:8/oldstable [-x-])
Accept [y/N]? y
------------------------------------------------------------
Upgrade available on nova.torproject.org:
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
The following packages will be upgraded:
libssl1.0.2 linux-image-4.9.0-8-686-pae openssh-client openssh-server
openssh-sftp-server ssh
6 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst openssh-sftp-server [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-]) []
Inst libssl1.0.2 [1.0.2q-1~deb9u1] (1.0.2r-1~deb9u1 Debian-Security:9/stable [-x-]) []
Inst openssh-server [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-]) []
Inst openssh-client [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Inst ssh [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [all])
Inst linux-image-4.9.0-8-686-pae [4.9.144-3] (4.9.144-3.1 Debian:stable-updates [-x-])
Conf openssh-sftp-server (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Conf libssl1.0.2 (1.0.2r-1~deb9u1 Debian-Security:9/stable [-x-])
Conf openssh-server (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Conf openssh-client (1:7.4p1-10+deb9u6 Debian-Security:9/stable [-x-])
Conf ssh (1:7.4p1-10+deb9u6 Debian-Security:9/stable [all])
Conf linux-image-4.9.0-8-686-pae (4.9.144-3.1 Debian:stable-updates [-x-])
Accept [y/N]? y
------------------------------------------------------------
Upgrade available on crispum.torproject.org oo-hetzner-03.torproject.org oschaninii.torproject.org:
build-arm-01.torproject.org
Hit:1 http://security.debian.org stretch/updates InRelease
Hit:2 https://mirror.netcologne.de/debian stretch-backports InRelease
Ign:3 https://mirror.netcologne.de/debian stretch InRelease
Hit:4 https://mirror.netcologne.de/debian stretch-updates InRelease
Hit:5 https://mirror.netcologne.de/debian stretch Release
Ign:6 https://db.torproject.org/torproject-admin tpo-all InRelease
Ign:7 https://db.torproject.org/torproject-admin stretch InRelease
Hit:8 https://db.torproject.org/torproject-admin tpo-all Release
Hit:9 https://db.torproject.org/torproject-admin stretch Release
Hit:10 https://cdn-aws.deb.debian.org/debian stretch-backports InRelease
Ign:11 https://cdn-aws.deb.debian.org/debian stretch InRelease
Hit:12 https://cdn-aws.deb.debian.org/debian stretch-updates InRelease
Hit:13 https://cdn-aws.deb.debian.org/debian stretch Release
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
libssl1.0.2 openssh-client openssh-server openssh-sftp-server ssh
5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst openssh-sftp-server [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [arm64]) []
Inst libssl1.0.2 [1.0.2q-1~deb9u1] (1.0.2r-1~deb9u1 Debian-Security:9/stable [arm64]) []
Inst openssh-server [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [arm64]) []
Inst openssh-client [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [arm64])
Inst ssh [1:7.4p1-10+deb9u5] (1:7.4p1-10+deb9u6 Debian-Security:9/stable [all])
Conf openssh-sftp-server (1:7.4p1-10+deb9u6 Debian-Security:9/stable [arm64])
Conf libssl1.0.2 (1.0.2r-1~deb9u1 Debian-Security:9/stable [arm64])
Conf openssh-server (1:7.4p1-10+deb9u6 Debian-Security:9/stable [arm64])
Conf openssh-client (1:7.4p1-10+deb9u6 Debian-Security:9/stable [arm64])
Conf ssh (1:7.4p1-10+deb9u6 Debian-Security:9/stable [all])
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
libssl1.0.2 openssh-client openssh-server openssh-sftp-server ssh
5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 2125 kB of archives.
After this operation, 4096 B of additional disk space will be used.
Get:1 http://security.debian.org stretch/updates/main arm64 openssh-sftp-server arm64 1:7.4p1-10+deb9u6 [34.1 kB]
Get:2 http://security.debian.org stretch/updates/main arm64 libssl1.0.2 arm64 1.0.2r-1~deb9u1 [913 kB]
Get:3 http://security.debian.org stretch/updates/main arm64 openssh-server arm64 1:7.4p1-10+deb9u6 [289 kB]
Get:4 http://security.debian.org stretch/updates/main arm64 openssh-client arm64 1:7.4p1-10+deb9u6 [699 kB]
Get:5 http://security.debian.org stretch/updates/main arm64 ssh all 1:7.4p1-10+deb9u6 [189 kB]
Fetched 2125 kB in 1s (1464 kB/s)
Preconfiguring packages ...
(Reading database ... 52534 files and directories currently installed.)
Preparing to unpack .../openssh-sftp-server_1%3a7.4p1-10+deb9u6_arm64.deb ...
Unpacking openssh-sftp-server (1:7.4p1-10+deb9u6) over (1:7.4p1-10+deb9u5) ...
Preparing to unpack .../libssl1.0.2_1.0.2r-1~deb9u1_arm64.deb ...
Unpacking libssl1.0.2:arm64 (1.0.2r-1~deb9u1) over (1.0.2q-1~deb9u1) ...
Preparing to unpack .../openssh-server_1%3a7.4p1-10+deb9u6_arm64.deb ...
Unpacking openssh-server (1:7.4p1-10+deb9u6) over (1:7.4p1-10+deb9u5) ...
Preparing to unpack .../openssh-client_1%3a7.4p1-10+deb9u6_arm64.deb ...
Conf libssl1.0.2 (1.0.2r-1~deb9u1 Debian-Security:9/stable [amd64])
Conf openssh-server (1:7.4p1-10+deb9u6 Debian-Security:9/stable [amd64])
Conf openssh-client (1:7.4p1-10+deb9u6 Debian-Security:9/stable [amd64])
Conf ssh (1:7.4p1-10+deb9u6 Debian-Security:9/stable [all])
Conf linux-image-4.9.0-8-amd64 (4.9.144-3.1 Debian:stable-updates [amd64])
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
libssl1.0.2 linux-image-4.9.0-8-amd64 openssh-client openssh-server openssh-sftp-server ssh
6 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 41.8 MB of archives.
After this operation, 4096 B of additional disk space will be used.
Get:1 http://security.debian.org stretch/updates/main amd64 openssh-sftp-server amd64 1:7.4p1-10+deb9u6 [39.7 kB]
Get:2 http://security.debian.org stretch/updates/main amd64 libssl1.0.2 amd64 1.0.2r-1~deb9u1 [1302 kB]
Get:3 http://security.debian.org stretch/updates/main amd64 openssh-server amd64 1:7.4p1-10+deb9u6 [332 kB]
Get:4 http://security.debian.org stretch/updates/main amd64 openssh-client amd64 1:7.4p1-10+deb9u6 [781 kB]
Get:5 https://mirrors.wikimedia.org/debian stretch-updates/main amd64 linux-image-4.9.0-8-amd64 amd64 4.9.144-3.1 [39.1 MB]
Get:6 http://security.debian.org stretch/updates/main amd64 ssh all 1:7.4p1-10+deb9u6 [189 kB]
Fetched 41.8 MB in 10s (4111 kB/s)
Preconfiguring packages ...
(Reading database ... 45757 files and directories currently installed.)
Preparing to unpack .../0-openssh-sftp-server_1%3a7.4p1-10+deb9u6_amd64.deb ...
Unpacking openssh-sftp-server (1:7.4p1-10+deb9u6) over (1:7.4p1-10+deb9u5) ...
Preparing to unpack .../1-libssl1.0.2_1.0.2r-1~deb9u1_amd64.deb ...
Unpacking libssl1.0.2:amd64 (1.0.2r-1~deb9u1) over (1.0.2q-1~deb9u1) ...
Preparing to unpack .../2-openssh-server_1%3a7.4p1-10+deb9u6_amd64.deb ...
Unpacking openssh-server (1:7.4p1-10+deb9u6) over (1:7.4p1-10+deb9u5) ...
Preparing to unpack .../3-openssh-client_1%3a7.4p1-10+deb9u6_amd64.deb ...
Unpacking openssh-client (1:7.4p1-10+deb9u6) over (1:7.4p1-10+deb9u5) ...
Preparing to unpack .../4-ssh_1%3a7.4p1-10+deb9u6_all.deb ...
Unpacking ssh (1:7.4p1-10+deb9u6) over (1:7.4p1-10+deb9u5) ...
Preparing to unpack .../5-linux-image-4.9.0-8-amd64_4.9.144-3.1_amd64.deb ...
Unpacking linux-image-4.9.0-8-amd64 (4.9.144-3.1) over (4.9.144-3) ...
Setting up linux-image-4.9.0-8-amd64 (4.9.144-3.1) ...
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-4.9.0-8-amd64
I: The initramfs will attempt to resume from /dev/sdc
I: (UUID=4e725edc-e3df-4122-89aa-19ce43ec9a0e)
I: Set the RESUME variable to override this.
Inst linux-image-4.9.0-8-amd64 [4.9.144-3] (4.9.144-3.1 Debian:stable-updates [amd64])
Inst linux-libc-dev [4.9.144-3] (4.9.144-3.1 Debian:stable-updates [amd64])
Conf openssh-sftp-server (1:7.4p1-10+deb9u6 Debian-Security:9/stable [amd64])
Processing triggers for libc-bin (2.24-11+deb9u4) ...
Processing triggers for systemd (232-25+deb9u9) ...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up openssh-client (1:7.4p1-10+deb9u6) ...
Setting up openssh-sftp-server (1:7.4p1-10+deb9u6) ...
Setting up openssh-server (1:7.4p1-10+deb9u6) ...
Setting up ssh (1:7.4p1-10+deb9u6) ...
[master 4f397dc] committing changes in /etc after apt run
Committer: root <root@peninsulare.torproject.org>
Unpacking linux-image-4.9.0-8-amd64 (4.9.144-3.1) over (4.9.144-3) ...
[master a58f4a8] committing changes in /etc after apt run
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
The following packages will be upgraded:
linux-image-4.9.0-8--x- linux-libc-dev
2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst linux-image-4.9.0-8--x- [4.9.144-3] (4.9.144-3.1 Debian:stable-updates [-x-])
Inst linux-libc-dev [4.9.144-3] (4.9.144-3.1 Debian:stable-updates [-x-])
Conf linux-image-4.9.0-8--x- (4.9.144-3.1 Debian:stable-updates [-x-])
Conf linux-libc-dev (4.9.144-3.1 Debian:stable-updates [-x-])
Accept [y/N]? y
============================================================
Failed: build-x86-05.torproject.org build-x86-06.torproject.org dictyotum.torproject.org fallax.torproject.org getulum.torproject.org geyeri.torproject.org gillii.torproject.org hedgei.torproject.org majus.torproject.org moly.torproject.org peninsulare.torproject.org web-cymru-01.torproject.org
No updates on:
Accepted changes:
torproject-upgrade '180463a1d97794d04af05ba99ff0dabd2c5648c4|29af4f3d269e7a8ddc22fc2d2d970c70a373d9e8|36d9a3e4d8c4b58c8e8b325022afa78573ac2667|42bec5e8be9279422bf3b5dc704f4f077c597099|83b56903918edad25655a7c85d5dc12448e1619b|eb227197d16c5e1a613a00a5e5abcb817a0ec65d|ec52867d0041b23a27393ee5afa3b45df2e3b4b9|ed456dc5ed1c12d7024644af5aac54c9370b7466|fe78acc5ff2d634eabf7676c6bcd60f248e7b610'
weasel@orinoco:~$ torproject-upgrade '180463a1d97794d04af05ba99ff0dabd2c5648c4|29af4f3d269e7a8ddc22fc2d2d970c70a373d9e8|36d9a3e4d8c4b58c8e8b325022afa78573ac2667|42bec5e8be9279422bf3b5dc704f4f077c597099|83b56903918edad25655a7c85d5dc12448e1619b|eb227197d16c5e1a613a00a5e5abcb817a0ec65d|ec52867d0041b23a27393ee5afa3b45df2e3b4b9|ed456dc5ed1c12d7024644af5aac54c9370b7466|fe78acc5ff2d634eabf7676c6bcd60f248e7b610'
[exited]