Debian etch to lenny update

The system running this site is not that simple. There are several virtual machines encasulating different services like a quite sophisticated mailservice, the http-thingie with well secured php applications and tons of other services.

We are quite conservative as system administrators and prefer stable distributions which don't release too often. We set up a systems with all it's blows and whistles, have security in mind and always like the "never change anything on productive systems" attitude (except security updates). Debian is the right choice here.

But once in a while, even debian releases a shiny new stable version you just want to use because of happy little features unavailable in "old-stable". As such this server was updated from etch to lenny some weeks ago. While nearly every upgrade went through without major issues, some services needed a fix. Here are the problems we had to fix on different virtual machines:

• The mailserver had a problem with postfix <-> openldap authentication because ldap changed it's ssl certificate stystem. A quick google helped to fix this. Just unset "TLSCipherSuite" in /etc/ldap/slapd.conf and "tls_cipher_suite" in my postfix lookups and let the daemons choose a suite.

• All shell user's bash-completion stopped working with "sh: <( compgen -f -X  -- '' ): No such file or directory" . Most simple solution is to edit ~/.bashrc for every user and uncomment:

if [ -f /etc/bash_completion ]; then
     . /etc/bash_completion
fi

• Existing subversion repositories stopped working due to an bdb upgrade. This article will be edited with more information as soon as there is more time to do so.

All in all tons of service upgrades went well, even heavily customized ones. Still we hope debian doesn't realease a new stable version in the next two month: You are never really sure what exactly breaks and how to fix it. This system had a downtime of roughly an hour or so, which is an acceptable time frame if it just happens every two years.