I was reading in the pages and pages of guidance notes that there can be a problem with entropy starvation, even to the extent of SSH not working properly. Debian recommend doing a lot of pings as soon as you can to build up the entropy. Of course, how you do that during an install is another matter...
Keith
On Sun, Jul 07, 2019 at 01:55:46PM +0100, Keith Williams wrote:
> Well I have done the upgrade on one VPS. Preparation including backing up
> all db and /etc/ plus one or two other "just in case" files and
> uninstalling packages that were never installed from official archives 3 or
> 4 hours, upgrade itself few minutes, sorting out problems all the rest of
> the morning.
> Problems encountered:-
> Bind. Over several upgrades I have always kept the old config files. It
> seems that some ancient deprecated options now throw an error not a
> warning. systemctl start followed by journalctl -xe details all the
> problems, even the line numbers in the files so it was a matter of minutes
> to fix
> Wireguard still seems to need the unstable repository, so changing that
> back it all worked, the conf file was still there so OK, same could not be
> said of NFTables, had to reload conf file from back up.
> Then the 3 bigger ones:-
> Roundcube. During install it said it had to reconfigure the database. I
> will have to purge, drop that database and reinstall from scratch
> unfortunately
> Dovecot. My initial setting up, a few years back took ages (I was learning
> as I went) so I said no to replacing conf files. Had same problem as with
> Bind, setting which before led to a warning, now stop it from starting.
> Same trick as before and only one setting to change. The error message even
> tells you what to change it to. I should have heeded the warnings before.
> But it does mean that although Dovecot is delivering the mail to the boxes,
> I am unable to log onto Postfix as it uses Dovecot to verify credentials.
> But then my webmail uses Roundcube so I can't get at that mail at the
> moment anyway
> Webmin. I use this as a graphical interface when working with big databases
> or updating and cleaning up all my zonefiles. It's just easier. Handy for
> editing Apache virtual host files. I was able to install it and start it
> then the connection drops to the miniserv server. I think it is related to
> an upgrading of the perl libraries in the upgrade. Did not have the same
> with my home boxes a couple of weeks ago. That is non urgent though.
> Hopefully some lessons learnt so mistakes won't be repeated during upgrade
> of my other VPS tomorrow. Most of these irritations would probably not have
> arisen if I had cleaned up the conf files beforehand.
> Hope there is something useful there for anyone else upgrading
I'm doing a reinstall from scratch on a new VPS. So far, I haven't
hit anything awkward (other than not knowing how to set up nginx -- I
decided to switch from Apache).
My only real issue so far is that writing random data to the 250
GiB encrypted archive-storage volume took about 6 hours. I'm not sure
if that's entropy starvation on the randomness, very slow storage, or
slow CPU doing the encryption. I was doing it in the installer, so I
didn't have much leeway to investigate deeper.
Hugo.
> Keith
>
> On Sat, 6 Jul 2019 at 00:16, Andy Smith <andy@bitfolk.com> wrote:
>
> > Hello,
> >
> > Debian 10 (buster) is supposed to be released later today. Those who
> > wish to upgrade to it in the usual Debian way should be able to do
> > so after reading the release notes for any gotchas:
> >
> > https://www.debian.org/releases/testing/amd64/release-notes/
> >
> > I am not aware of any gotchas that are specific to the BitFolk
> > environment, but if you think you have found one please do let us
> > know.
> >
> > If planning a clean install, the "buster" release has been available
> > for some time in our Xen Shell, but under the code name
> > "debian_testing", because right now it still is technically the
> > testing release.
> >
> > If you issue the command:
> >
> > xen shell> install debian_testing
> >
> > now or at any time after the release of Debian 10 then I believe
> > this should result in a working install of Debian 10. I just tested
> > it with a minimal install (base system + openssh) and it seems to
> > (still) work.
> >
> > It may be several days after the release before we can get around to
> > updating the labels in the Xen Shell so that "debian_buster" is there
> > and "debian_testing" gets you "bullseye". It does tell you what it's
> > going to install so there should be no confusion.
> >
> > Cheers,
> > Andy
> >
--
Hugo Mills | One of these days, I'll catch that man without a
hugo@... carfax.org.uk | quotation, and he'll look undressed.
http://carfax.org.uk/ |
PGP: E2AB1DE4 | Leto Atreides, Dune