Ubuntu ****** .. highlight:: html debsums ======= debsums_ is a useful utility to validate packages in a ubuntu or debian system. Usage:: sudo debsums -c If this identifies any problems you can fix them using.:: sudo apt install --reinstall If debsums idenfifies several packages with issues, to fix all of them use:: sudo apt install --reinstall $(dpkg -S $(debsums -c) | cut -d : -f 1 | sort -u) For more information there is a `useful post about debsums on askubuntu`_ Key is stored in legacy trusted.gpg keyring =========================================== For more information, see `Update your apt keys for Ubuntu and other Debian based operation`_ e.g:: W: https://artifacts.elastic.co/packages/8.x/apt/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details. For conversation, see `Chat with Malcolm ref trusted.gpg`_. Here's how to switch:: sudo apt-key list This will display lots of entries like: .. code-block:: bash /etc/apt/trusted.gpg -------------------- pub rsa2048 2013-09-16 [SC] 4609 5ACC 8548 582C 1A26 99A9 D27D 666C D88E 42B4 uid [ unknown] Elasticsearch (Elasticsearch Signing Key) sub rsa2048 2013-09-16 [E] Find the key for *Elasticsearch* and note the last 8 characters (ignore the spaces) i.e. ``D88E42B4``. Delete that key:: sudo apt-key del D88E42B4 Make sure the ``keyrings`` directory exists using ``ls``:: ls -l /etc/apt/keyrings .. tip:: On 22.04 it is created by the install / upgrade. If using an earlier version, ``sudo mkdir -p /etc/apt/keyrings``. if you already have an elastic search source list file in the ``/etc/apt/sources.list.d/`` directory - delete it. Install the elastic search key:: wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /etc/apt/keyrings/elasticsearch-keyring.gpg Update the ``apt`` sources:: echo "deb [signed-by=/etc/apt/keyrings/elasticsearch-keyring.gpg arch=amd64] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elasticsearch.list Salt and ``keyrings`` --------------------- Malcolm pushed a commit to Salt to install the repo key correctly for Elasticsearch for both 20.04 and 22.04: https://gitlab.com/kb/salt/-/commit/25072c1ebee0331886e107f07cbb19982c4fdb23 .. warning:: It will remove the warning but it does not delete the key from ``/etc/apt/trusted.gpg`` so you need to run ``sudo apt-key del D88E42B4`` on the server to delete it. Tested on 22.04 and 20.04, but not sure how far back the ``signed-by`` option goes. It may not work for older than 20.04 For Salt documentation, see `Salt - apt-key deprecated`... Upgrade to 20.04 ================ :: do-release-upgrade .. tip:: If 20.04.1 is still not released when you run this command, then you can upgrade using ``do-release-upgrade -d``. .. tip:: Just so you remember, *an additional SSH daemon will be started at port '1022'*. - Select the recommended option for the *LXD snap track* i.e. version ``4.0`` This message was displayed at the end of the upgrade: .. image:: ./misc/2020-09-22-azure-grub-failed-install.png I clicked *Yes* to continue, and all was well. Salt ---- Uninstall Salt (Master and Minion)... Update:: # /etc/apt/sources.list.d/saltstack.list: deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main Re-install Salt .. _ubuntu-postgres-upgrade-cluster: Postgres Upgrade Cluster ------------------------ To move the data from Postgres 10 to 12, run the following as ``root``:: # list the clusters pg_lsclusters # drop the new (empty) cluster pg_dropcluster 12 main --stop # migrate the data from 10 to 12 pg_upgradecluster 10 main # remove the 10 cluster pg_dropcluster 10 main --stop # remove the old database engine apt remove postgresql-10 # list the clusters pg_lsclusters Ver Cluster Port Status Owner Data directory Log file 10 main 5432 online postgres /var/lib/postgresql/10/main /var/log/postgresql/postgresql-10-main.log For more information, see Postgres :ref:`postgres-upgrade-cluster` ... LetsEncrypt ----------- For Ubuntu 20.04, we are using the ``certbot`` package:: rm -rf /opt/letsencrypt For more information, see the ``diff``: `Use 'certbot' package (rather than letsencrypt git repo)`_ .. _`Chat with Malcolm ref trusted.gpg`: https://chat.kbsoftware.co.uk/kb/pl/bnw548icgpyt8nxsmkqspn3cpo .. _`Salt - apt-key deprecated`: https://docs.saltproject.io/en/latest/ref/states/all/salt.states.pkgrepo.html#apt-key-deprecated .. _`Update your apt keys for Ubuntu and other Debian based operation`: https://www.clearthought.co.uk/update-your-apt-keys/ .. _`Use 'certbot' package (rather than letsencrypt git repo)`: https://gitlab.com/kb/salt/-/commit/b42453ce8f0c3af436bf91ff0aa4e79a497bb05f .. _`useful post about debsums on askubuntu`: http://askubuntu.com/questions/57682/find-and-reinstall-packages-with-corrupted-files-without-breaking-anything