buster upgrade procedure, merge of my personal procedure and DSA

tsa/howto/upgrades/buster.mdwn

+[[!toc]]
+
+Procedure
+=========
+
+ 1. Pre-upgrade backups and preperation:
+
+        sudo apt install ttyrec screen debconf-utils apt-show-versions deborphan
+        sudo ttyrec -e screen /var/log/upgrade-buster.ttyrec
+        umask 0077
+        tar cfz /var/backups/pre-buster-backup.tgz /etc /var/lib/dpkg /var/lib/apt/extended_states /var/lib/aptitude/pkgstates /var/cache/debconf
+        dpkg --get-selections "*" > /var/backups/dpkg-selections-pre-buster.txt
+        debconf-get-selections > /var/backups/debconf-selections-pre-buster.txt
+        apt-mark showhold
+        dpkg --audit
+        dpkg -l '*dkms' # look for dkms packages and make sure they are relevant, if not, purge.
+        : make sure backups are up to date
+
+ 2. Perform any pending upgrade and clear out old pins:
+
+        rm /etc/apt/preferences /etc/apt/preferences.d/* #  Check for pinned (on hold) packages, and possibly disable
+        rm /etc/apt/sources.list.d/testing.list # or other similar backports or sources from later releases
+        rm /etc/apt/sources.list.d/stretch-backports.list
+        apt update && apt -y upgrade
+        dpkg -l 'linux-image-*' # list kernel images and purge unused packages
+        # look for packages from backports, other suites or archives
+        # if possible, switch to official packages by disabling
+        # third-party repositories
+        apt-show-versions | grep -v /stretch | grep -v 'not installed$'
+
+ 3. Check free space, see [this guide to free up space][] and
+    download packages:
+
+        sed -i 's/stretch/buster/g' /etc/apt/sources.list.d/* /etc/apt/sources.list
+        apt update; apt -o APT::Get::Trivial-Only=true dist-upgrade; df -h
+        apt -y -d upgrade && apt -y -d dist-upgrade
+
+ 4. Actual upgrade run:
+
+        apt dist-upgrade
+
+ 5. Post-upgrade checks:
+
+        puppet agent -t
+        dpkg -l '*-dbg' # look for dbg package and possibly replace with -dbgsym
+        apt autoremove -y --purge
+        while deborphan -n | grep -q . ; do apt purge $(deborphan -n); done
+        apt clean
+        reboot
+        # review and purge older kernel once the new one boots properly
+        dpkg -l 'linux-image*'
+        # review packages that are not in the new distribution
+        apt-show-versions | grep -v /buster
+
+[this guide to free up space]: http://www.debian.org/releases/buster/amd64/release-notes/ch-upgrading.en.html#sufficient-space
+
+Issues
+======
+
+Pending
+-------
+
+ * the following config files had conflicts but were managed by Puppet
+   so those changes were ignored for now. eventually they should be
+   upgraded in Puppet as well.
+
+        /etc/bacula/bacula-fd.conf
+        /etc/bind/named.conf.options
+        /etc/default/stunnel4
+        /etc/ferm/ferm.conf
+        /etc/init.d/stunnel4
+        /etc/logrotate.d/ulogd2
+        /etc/nagios/nrpe.cfg
+        /etc/ntp.conf
+        /etc/ssh/sshd_config
+        /etc/syslog-ng/syslog-ng.conf
+
+ * ferm failed to reload during upgrade, with the following error:
+ 
+        Couldn't load match `state':No such file or directory
+
+ * Puppet will warn with the following when running against a stretch
+   master, harmlessly:
+   
+        Warning: Downgrading to PSON for future requests
+
+ * Puppet might try to downgrade the `sources.list` files to `stretch`
+   or `n/a` for some reason, just re-run Puppet after fixing the
+   `sources.list` files, it will eventually figure it out.
+
+ * The official list of [known issues][]
+
+[known issues]: https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html
+
+References
+==========
+
+Note: the official upgrade guide and release notes not available at
+the time of writing (2019-04-08) as the documentation is usually
+written during the freeze and buster is not there yet.
+
+ * [Official guide](https://www.debian.org/releases/buster/amd64/release-notes/ch-upgrading.en.html)
+ * [Release notes](https://www.debian.org/releases/buster/amd64/release-notes/ch-whats-new.en.html)
+ * [Koumbit guide](https://wiki.koumbit.net/BusterUpgrade)
+ * [DSA guide](https://dsa.debian.org/howto/upgrade-to-buster/)
+ * [Solution proposal to automate this](https://wiki.debian.org/AutomatedUpgrade)