Every 2 years, a new Long Term Support (LTS) version of Ubuntu is released. The latest LTS version is 18.4. The VM running this blog was running on 16.4, so it was time to upgrade.

Run these 4 commands. Super easy!

Most guides will tell you it's easy peasy. Run these four commands that all seem to mean "update" and you're done!

apt-get update
apt-get upgrade
apt-get dist-upgrade
do-release-upgrade

Well not really

apt-get update fails

An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 Release: The following signatures were invalid: KEYEXPIRED 1515625755

What does that mean? Luckily I found this blog post that cleanly describes the issue and how to fix it.

https://futurestud.io/tutorials/fix-ubuntu-debian-apt-get-keyexpired-the-following-signatures-were-invalid

/etc/apt/trusted.gpg
--------------------
pub   1024D/437D05B5 2004-09-12
uid                  Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
sub   2048g/79164387 2004-09-12

pub   4096R/C0B21F32 2012-05-11
uid                  Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>

pub   4096R/EFE21092 2012-05-11
uid                  Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>

pub   1024D/FBB75451 2004-12-30
uid                  Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>

pub   4096R/A15703C6 2016-01-11 [expired: 2018-01-10]
uid                  MongoDB 3.4 Release Signing Key <packaging@mongodb.com>

pub   4096R/0EBFCD88 2017-02-22
uid                  Docker Release (CE deb) <docker@docker.com>
sub   4096R/F273FCD8 2017-02-22

/etc/apt/trusted.gpg.d/longsleep_ubuntu_golang-backports.gpg
------------------------------------------------------------
pub   1024R/56A3D45E 2012-04-30
uid                  Launchpad PPA for Simon Eisenmann

So I want to update the key to mongodb. What is the ID? 4096R/A15703C6? 4096R? A15703C6? It took me 3 tries to get it right.

root@ubuntu-512mb-sfo1-01:~# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4096R/A15703C6
Executing: /tmp/tmp.G7SLWvFOR4/gpg.1.sh --keyserver
hkp://keyserver.ubuntu.com:80
--recv-keys
4096R/A15703C6
gpg: "4096R/A15703C6" not a key ID: skipping
root@ubuntu-512mb-sfo1-01:~# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4096R
Executing: /tmp/tmp.Ox77xxEsYN/gpg.1.sh --keyserver
hkp://keyserver.ubuntu.com:80
--recv-keys
4096R
gpg: "4096R" not a key ID: skipping
root@ubuntu-512mb-sfo1-01:~# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys A15703C6
Executing: /tmp/tmp.vPET89ddj3/gpg.1.sh --keyserver
hkp://keyserver.ubuntu.com:80
--recv-keys
A15703C6
gpg: requesting key A15703C6 from hkp server keyserver.ubuntu.com
gpg: key A15703C6: "MongoDB 3.4 Release Signing Key <packaging@mongodb.com>" 1 new signature
gpg: Total number processed: 1
gpg:         new signatures: 1

After this, apt-get update finally worked.

do-release-upgrade fails

apt-get upgrade and apt-get dist-upgrade both ran without errors. So I run the final command and this happens:

root@ubuntu-512mb-sfo1-01:~# do-release-upgrade
Checking for a new Ubuntu release
Please install all available updates for your release before upgrading.

root@ubuntu-512mb-sfo1-01:~# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer required:
  golang-1.8-go golang-1.8-src libllvm4.0
Use 'apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

root@ubuntu-512mb-sfo1-01:~# apt autoremove
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages will be REMOVED:
  golang-1.8-go golang-1.8-src libllvm4.0
0 upgraded, 0 newly installed, 3 to remove and 1 not upgraded.
After this operation, 215 MB disk space will be freed.
Do you want to continue? [Y/n] 

...

root@ubuntu-512mb-sfo1-01:~# do-release-upgrade
Checking for a new Ubuntu release
Please install all available updates for your release before upgrading.

What's going on? It's all about that not-upgraded package it seems. Which is it?

root@ubuntu-512mb-sfo1-01:~# apt-get upgrade -y
Reading package lists... Done
Building dependency tree... 50%
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
  golang-race-detector-runtime
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.

root@ubuntu-512mb-sfo1-01:~# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

root@ubuntu-512mb-sfo1-01:~# do-release-upgrade
Checking for a new Ubuntu release
Please install all available updates for your release before upgrading.

How do I fix that dependency?? More random tries, more random errors and finally some progress.

# apt-get install golang-race-detector-runtime
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 golang-race-detector-runtime : Depends: golang-1.13-race-detector-runtime but it is not installable
E: Unable to correct problems, you have held broken packages.


# apt-get remove golang-race-detector-runtime
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following package was automatically installed and is no longer required:
  golang-1.8-race-detector-runtime
Use 'apt autoremove' to remove it.
The following packages will be REMOVED:
  golang-race-detector-runtime
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 10.2 kB disk space will be freed.
Do you want to continue? [Y/n] 
(Reading database ... 144708 files and directories currently installed.)
Removing golang-race-detector-runtime (2:1.8~1ubuntu2~xenial) ...

Can I update now? Nope.

# do-release-upgrade
Checking for a new Ubuntu release
You have not rebooted after updating a package which requires a reboot. Please reboot before upgrading.

So I reboot: shutdown -r now.

Upon reboot, I run do-release-upgrade, and it finally starts the process.

Running the upgrade

Should sshd_config be overwritten?

Or should I user the maintainer's version? It asks. How should I know? This VM is super simple, I don't remember setting any custom config for ssh. So I used the maintainer's config.

Should the nginx config be overwritten?

Configuration file '/etc/nginx/nginx.conf'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** nginx.conf (Y/I/N/O/D/Z) [default=N] ? 

I diffed the config file, didn't see anything significant I wanted to keep, so I used the maintainer's.

After a while it finally finished. I'd say do-release-upgrade took about 20 to 30 minutes.

Definitely not worth 2 hours of my time. Now I have to do this for all my other VMs. This is the kind of experience that makes me want to move away from administering VMs.