Upgrade OpenVZ VPS from Debian 7 (wheezy) 64-bit to Debian 8 (jessie) 64-bit

Debian 8.0 (jessie) has been released! But there is no official OpenVZ template for jessie yet, and past experience indicates that it could be a long wait. In the meantime, here is how I upgraded an OpenVZ VPS with a fresh install of the official Debian 7 (64-bit) minimal template to Debian 8. It is just a little bit tricky, since the official OpenVZ Debian 7 minimal template uses upstart, not sysvinit (the default for Debian 7) or systemd (the default for Debian 8). Since upstart is now deprecated with the adoption of systemd, these instructions include replacing upstart with systemd.

NOTE: This guide is intended only for a fresh reinstallation of the 64-bit Debian 7 minimal template. These procedures have been tested on a BuyVM OpenVZ VPS with the 64-bit Debian 7 template (BuyVM offers the minimal template only). If you are using a different Debian 7 template, or are trying to upgrade an existing system, certain commands may need to be modified in order to ensure a successful upgrade. Proceed at your own risk.

1. Open an SSH connection to your VPS and log in as root.

2. Update the Apt sources.list to point to the Jessie repositories.

rm /etc/apt/sources.list
cat > /etc/apt/sources.list << EOF
deb http://ftp.us.debian.org/debian/ jessie main non-free contrib
deb-src http://ftp.us.debian.org/debian/ jessie main non-free contrib
deb http://security.debian.org/ jessie/updates main contrib non-free
deb-src http://security.debian.org/ jessie/updates main contrib non-free
deb http://ftp.us.debian.org/debian/ jessie-updates main contrib non-free
deb-src http://ftp.us.debian.org/debian/ jessie-updates main contrib non-free
EOF

3. Verify that the sources.list was properly created.

cat /etc/apt/sources.list

It should look like this.

deb http://ftp.us.debian.org/debian/ jessie main non-free contrib
deb-src http://ftp.us.debian.org/debian/ jessie main non-free contrib
deb http://security.debian.org/ jessie/updates main contrib non-free
deb-src http://security.debian.org/ jessie/updates main contrib non-free
deb http://ftp.us.debian.org/debian/ jessie-updates main contrib non-free
deb-src http://ftp.us.debian.org/debian/ jessie-updates main contrib non-free

4. Grab the new lists of packages.

apt-get update

5. Reinstall the debian-archive-keyring package if you see any missing public key warnings.

apt-get install --reinstall debian-archive-keyring

6. Install dialog (shows nice dialog windows, used by the locales configuration and many package installations which require user input).

apt-get -y install dialog

7. Set your system locales.

dpkg-reconfigure locales

7a. In most cases, the UTF-8 version of the language you are using is the best locale to generate. For American English, this would be en_US.UTF-8.

7b. Select en_US.UTF-8 (or the UTF-8 version of the language you are using) by scrolling down in the list, hitting the spacebar to select it, and pressing enter to move on.

7c. The next dialog box will ask you to choose the default locale for the entire system. Press the up or down arrow keys to highlight “en_US.UTF-8” or the language you selected in the previous step, then press enter to finish locale generation and configuration.

8. Perform the upgrade! (This will take a while, but don’t leave, because there are a few things you need to do during the process).

apt-get -y dist-upgrade

8a. When you reach the message “Configuration file ‘/etc/bash.bashrc’ has been modified since installation”, choose ‘Y’ to install the new version.

8b. When you reach the message “Configuration file ‘/etc/init/networking.conf’ has been modified since installation”, again choose ‘Y’ to install the new version.

8c. When you reach the dialog box warning you about logging in as root over SSH using password authentication, choose “No” to keep SSH password authentication for root enabled. You will disable this later, once you have added your own user account with sudo privileges.

9. Verify that you are now running Debian 8 (it should show 8.x).

cat /etc/debian_version

10. Swap out upstart for systemd.

apt-get -y install systemd systemd-sysv

11. Force a reboot to start using the new init.

reboot -f

12. Log back in to your VPS via SSH as root.

13. Verify that systemd is running, not upstart (you should see only systemd processes, no upstart processes).

ps aux | grep -E "(systemd)|(upstart)" | grep -v "grep -E"

14. Purge upstart (it was not automatically removed when systemd was installed since it was running at that time).

apt-get -y purge upstart
rm -r /var/log/upstart

15. Remove the 32-bit packages from the package lists (just an annoyance, there is no need to see both the 32-bit and 64-bit versions of packages on a 64-bit system).

dpkg --remove-architecture i386

16. Install some more essential or handy packages.

apt-get -y install nano apt-rdepends aptitude curl sudo

17. Install one more essential package (cron), but without installing recommended packages. Cron recommends a mail server be installed, and the default mail server for Debian is the full-featured Exim package. If you plan on using Exim, do not include the “–no-install-recommends” option.

apt-get -y install --no-install-recommends cron

18. Verify that no other essential packages are missing.

aptitude search "?essential" | grep -v "^i"

19. If no results are shown, then all essential packages are already installed. If any results are found, then essential packages are missing and you need to install them. Insert the package names, each separated by a space.

apt-get -y install package_name package_name_2 package_name_3 . . .

20. Add your own user account for day-to-day administration of the server (inserting in your own username of course).

adduser justin

20a. Enter in your desired password twice. The rest of the information is optional, but I like to at least put in my full name, leaving all other fields blank. Verify that all of the information is correct, then choose “Y”.

21. Add your user account to the “sudo” group to obtain sudo privileges. I also advise adding yourself to the “adm” group, because many log files are not readable unless you are a member of that group. It just makes things easier, since you don’t have to “sudo cat /var/log/log_name” each time you want to view one of these log files.

usermod -a -G sudo,adm justin

22. Verify that your account has been added to the correct groups (you should see “justin : justin adm sudo”).

groups justin

23. Secure SSH by switching the port from the default (port 22), disabling root logins entirely, and only allowing logins by your user account you just created.

nano /etc/ssh/sshd_config

23a. Change “Port 22” to an unused port over 1024. Check this Wikipedia page to find a port that will not be used by any services you plan to run on your VPS.

23b. Under “Authentication”, change “PermitRootLogin yes” to “PermitRootLogin no” to disable root logins.

23c. Also under “Authentication”, add the following line, inserting your username, not mine of course.

AllowUsers justin

23d. If you have multiple users that need to access this VPS via SSH, use a comma to separate each username.

AllowUsers justin,brad,danielle,tom

23e. Save the file and exit by hitting Control + X, typing ‘Y’, then pressing Enter.

24. Reload the SSH daemon so the new port and security settings are applied.

systemctl reload ssh.service

25. Open a new terminal window. (Do NOT close this terminal window just yet, because if you messed up the SSH configuration, you may have inadvertently blocked yourself from opening a new SSH connection).

26. Login to your VPS using your new account and the new SSH port.

ssh -l justin -p <port_number> <server_ip_address>

27. Verify that your sudo privileges are working properly. Enter in your password when prompted after the “With great power comes great responsibility” spiel.

sudo w

28. If the ‘w’ command runs properly, you can safely close the other terminal window where you were logged in as root.

29. You’re done! You now have a fresh minimal install of Debian 8 on your VPS.

tony

It’s great to see systemd-based Debian 8 running on OpenVZ – I use BuyVM also but my Debian 8 is kept on SysV.
Also as a gun owner in Democratic Republic of New Jersey, I really couldn’t bear with the anti-gun atmosphere here…

Justin Franks

Thanks Tony! I strongly considered sticking with sysvinit, but since this was a new VPS, and systemd is the new standard init for Debian 8, I went with systemd. This all came about when I decided to split my 1 GB OpenVZ web and database server into a 512 MB OpenVZ web server and a 512 MB KVM database server due to some issues with OpenVZ and InnoDB databases. As I went through the process of upgrading the new 512 MB OpenVZ web server, I noticed a few quirks, so I went ahead and wrote this guide in case anyone else wants to use Debian 8 on their newly-created / freshly-reinstalled OpenVZ VPS.

And yes, the firearms laws here in New Jersey are pretty ridiculous. I was flipping through a book about 19th-century firearms and came across a Civil War-era lever action rifle. I then realized that despite it being a 150 year old design, it is illegal to own in New Jersey — because it holds 17 rounds in the magazine tube, under New Jersey law it is an “assault weapon”! Then there is the fact that I can legally carry a pistol openly strapped to my hip, without a permit while in Pennsylvania, looking at the New Jersey coast of the Delaware river, but if I travel 100 feet and cross the bridge, I’d be spending my next 10 years in prison. I’ve been doing my part to try and change peoples’ attitude about guns. I’ve taken many people to the range, taught them about firearms safety, and helped them to realize that guns are merely tools. A good number of them eventually went on to buy their own gun, which of course let them experience first-hand how draconian the laws are in this state.

tony

Is there any particular reason make you want to stick with InnoDB? I run MySQL on another of my server as the backend database for Radius authentication, and it was configured to stick with MyISAM. Much lower memory footprint, not much loss in performance – or at least for low activities I can’t tell if there is one. For my blog I don’t even bother to use MySQL – SQLite is light and stable enough. Also no process needs to be running on background all the time.

I totally agree you on the idea of this draconian gun laws in PRNJ. Back in the days when I was still in PA I can walk into Cabela and buy a flintlock pistol without any NICS hassles…

Justin Franks

I’m running some CakePHP applications which require InnoDB. Well, CakePHP actually doesn’t *require* InnoDB, but it does take advantage of foreign keys for model relationships. Unless you are running on a tiny <= 128 MB VPS, the memory footprint isn't an issue as long as you configure things properly. I was an early adopter of InnoDB and have used it for many years, long before it was finally made the default MySQL storage engine in 5.5. I know it well, so that's what I use whenever possible.

Your email address will not be published. Required fields are marked *