SB-4 2016-03-31 Debian Squeeze end-of-life

Service bulletin: SB-4 Date: March 31, 2016

On February 29, 2016, Debian 6 “Squeeze” reached end-of-life. Debian no longer issues any updates, including security updates, for Debian Squeeze.

As of 6.0, no new bonding versions are available for Squeeze. Previous bonding versions on bonders will continue to work with newer versions of bonding on aggregators.

Changes to Debian Squeeze repositories

When Squeeze reached end-of-life, Debian changed the location of Squeeze software repositories. To upgrade packages to the final Squeeze versions, and to upgrade SD-WAN packages, you need to update the /etc/apt/sources.list file on all Squeeze nodes. You can do that with the following commands run on the node command line:

SOURCES=`wget https://bondingadmin.example.com/sources/squeeze -O - --no-check-certificate` && \
echo "$SOURCES" > /etc/apt/sources.list
rm -f /etc/apt/sources.list.d/*.list

In the above command, replace bondingadmin.example.com with the domain name of your management server.

You can update the sources.list file on all your Squeeze nodes at once by running this command from the management server command line:

update-squeeze-sources

This command only updates the apt configuration of Squeeze bonders and aggregators. It does not upgrade their packages. To upgrade their packages, follow the normal upgrade procedure.

When upgrading packages on Squeeze nodes, you also need to avoid an issue caused by an expired key on the Squeeze LTS repository. Instead of using the normal apt-get update command, you must now use this command:

apt-get -o Acquire::Check-Valid-Until=false update

This command ignores the expired key on the Squeeze LTS repository.

To manually add this key for the Squeeze LTS repository, you can run:

gpg --keyserver pgpkeys.mit.edu --recv-key  8B48AD6246925553
gpg -a --export 8B48AD6246925553 | apt-key add -

You can also configure apt to always ignore the expired key, without having to set an argument on the command line, by running this command on the node to reconfigure apt:

echo 'Acquire::Check-Valid-Until "0";' > /etc/apt/apt.conf.d/80ignorevaliduntil

If you run the update-squeeze-sources command, a configuration is added on each Squeeze node to automatically ignore the expired key, and no special commands are needed when upgrading the host.

Upgrading to Debian 7 “Wheezy”

It is not recommended to upgrade deployed Debian Squeeze bonders to Debian Wheezy. Distribution upgrades are relatively risky operations and because bonders don’t have network console access via IPMI (or similar technology), any issue interrupting network access will require an onsite visit to fix. If you do perform a remote distribution upgrade, be sure to schedule an outage window with the customer of at least two hours, as a distribution upgrade can require multiple reboots and downloading and installing packages can take a long time.

Squeeze aggregators can be upgraded to Wheezy safely if you have network console access via IPMI (or similar technology). With remote console access, any networking issues caused by the upgrade can be resolved without a datacentre visit. It’s recommended to move the aggregator’s bonds to a different aggregator during the upgrade. If it’s not possible to move bonds to a different aggregator, an outage window of at least two hours should be scheduled with all the customers on the aggregator. SD-WAN can continue to operate during a distribution upgrade, but performance may be reduced and multiple reboots may be required.

Technical Support does not provide help for distribution upgrades. The easiest, most reliable method to upgrade a node is to remove it from service and reimage it with the latest ISO.