How To Securely Manage Secrets with HashiCorp Vault on Ubuntu 16.04


The Ubuntu working system’s newest Lengthy Time period Help (LTS) launch, Ubuntu 18.04 (Bionic Beaver), was launched on April 26, 2018. This information will clarify tips on how to improve an Ubuntu system of model 16.04 or later to Ubuntu 18.04.

Warning: As with nearly any improve between main releases of an working system, this course of carries an inherent danger of failure, information loss, or damaged software program configuration. Complete backups and intensive testing are strongly suggested.

To keep away from these issues, we advocate migrating to a recent Ubuntu 18.04 server reasonably than upgrading in-place. You should still must evaluation variations in software program configuration when upgrading, however the core system will doubtless have higher stability. You’ll be able to comply with our collection on tips on how to migrate to a brand new Linux server to discover ways to migrate between servers.


This information assumes that you’ve got an Ubuntu 16.04 or later system configured with a sudo-enabled non-root consumer.

Potential Pitfalls

Though many techniques will be upgraded in place with out incident, it’s usually safer and extra predictable emigrate to a serious new launch by putting in the distribution from scratch, configuring providers with cautious testing alongside the way in which, and migrating software or consumer information as a separate step.

You need to by no means improve a manufacturing system with out first testing your entire deployed software program and providers towards the improve in a staging surroundings. Remember that libraries, languages, and system providers could have modified considerably. Earlier than upgrading, contemplate studying the [Bionic Beaver Release Notes][] and our article What’s New in Ubuntu 18.04.

Step 1 – Backing Up Your System

Earlier than trying a serious improve on any system, you must be sure you will not lose information if the improve goes awry. The easiest way to perform that is to make a backup of your whole filesystem. Failing that, guarantee that you’ve got copies of consumer house directories, any customized configuration recordsdata, and information saved by providers similar to relational databases.

On a DigitalOcean Droplet, one strategy is to energy down the system and take a snapshot (powering down ensures that the filesystem will likely be extra constant). See [How To Use DigitalOcean Snapshots to Automatically Backup your Droplets][] for extra particulars on the snapshot course of. After you have got verified that the Ubuntu replace was profitable, you’ll be able to delete the snapshot in order that you’ll now not be charged for its storage.

For backup strategies which can work on most Ubuntu techniques, see [How To Choose an Effective Backup Strategy for your VPS][].

Step 2 – Updating Presently Put in Packages

Earlier than starting the discharge improve, it is most secure to replace to the most recent variations of all packages for the present launch. Start by updating the bundle checklist:

Subsequent, improve put in packages to their newest obtainable variations:

You may be proven a listing of upgrades, and prompted to proceed. Reply y for sure and press Enter.

This course of could take a while. As soon as it finishes, use the dist-upgrade command with apt-get, which can carry out any further upgrades that contain altering dependencies, including or eradicating new packages as needed. This may deal with a set of upgrades which can have been held again by apt-get improve:

  • sudo apt-get dist-upgrade

Once more, reply y when prompted to proceed, and look ahead to upgrades to complete.

Now that you've got an up-to-date set up of Ubuntu, you should use do-release-upgrade to improve to the 18.04 launch.

Historically, Ubuntu releases have been upgradeable by altering Apt's /and so on/apt/sources.checklist – which specifies bundle repositories – and utilizing apt-get dist-upgrade to carry out the improve itself. Although this course of continues to be more likely to work, Ubuntu supplies a instrument referred to as do-release-upgrade to make the improve safer and simpler.

do-release-upgrade handles checking for a brand new launch, updating sources.checklist, and a spread of different duties, and is the formally advisable improve path for server upgrades which have to be carried out over a distant connection.

Begin by working do-release-upgrade with no choices:

If the brand new Ubuntu model has not been formally launched but, you could get the next output:


Checking for a brand new Ubuntu launch No new launch discovered

If so, add the -d choice to improve to the growth launch:

  • sudo do-release-upgrade -d

If you happen to're linked to your system over SSH, you will be requested whether or not you want to proceed. For digital machines or managed servers you must remember the fact that shedding SSH connectivity is a danger, notably if you do not have one other technique of remotely connecting to the system's console. For different techniques beneath your management, do not forget that it is most secure to carry out main working system upgrades solely when you have got direct bodily entry to the machine.

On the immediate, kind y and press Enter to proceed:


Studying cache Checking bundle supervisor Proceed working beneath SSH? This session seems to be working beneath ssh. It isn't advisable to carry out a improve over ssh at the moment as a result of in case of failure it is more durable to get well. If you happen to proceed, an extra ssh daemon will likely be began at port '1022'. Do you wish to proceed? Proceed [yN] y

Subsequent, you will learn that do-release-upgrade is beginning a brand new occasion of sshd on port 1022:


Beginning further sshd To make restoration in case of failure simpler, an extra sshd will be began on port '1022'. If something goes unsuitable with the working ssh you'll be able to nonetheless hook up with the extra one. If you happen to run a firewall, you could must quickly open this port. As that is doubtlessly harmful it is not carried out robotically. You'll be able to open the port with e.g.: 'iptables -I INPUT -p tcp --dport 1022 -j ACCEPT' To proceed please press [ENTER]

Press Enter. Subsequent, you could be warned {that a} mirror entry was not discovered. On DigitalOcean techniques, it's secure to disregard this warning and proceed with the improve, since an area mirror for 18.04 is actually obtainable. Enter y:


Updating repository data No legitimate mirror discovered Whereas scanning your repository data no mirror entry for the improve was discovered. This could occur in case you run an inner mirror or if the mirror data is outdated. Do you wish to rewrite your 'sources.checklist' file anyway? If you happen to select 'Sure' right here it's going to replace all 'xenial' to 'bionic' entries. If you choose 'No' the improve will cancel. Proceed [yN] y

As soon as the brand new bundle lists have been downloaded and adjustments calculated, you will be requested if you wish to begin the improve. Once more, enter y to proceed:


Do you wish to begin the improve? 6 put in packages are now not supported by Canonical. You'll be able to nonetheless get assist from the neighborhood. 9 packages are going to be eliminated. 104 new packages are going to be put in. 399 packages are going to be upgraded. You need to obtain a complete of 232 M. This obtain will take about 46 seconds along with your connection. Putting in the improve can take a number of hours. As soon as the obtain has completed, the method can't be canceled. Proceed [yN] Particulars [d]y

New packages will now be retrieved, unpacked, and put in. Even when your system is on a quick connection, this can take some time.

Throughout the set up, you could be offered with interactive dialogs for numerous questions. For instance, you could be requested if you wish to robotically restart providers when required:

Service Restart Dialog

On this case, it's secure to reply Sure. In different circumstances, you could be requested in case you want to change a configuration file that you've got modified. That is usually a judgment name, and is more likely to require information about particular software program that's outdoors the scope of this tutorial.

As soon as new packages have completed putting in, you will be requested whether or not you are able to take away out of date packages. On a inventory system with no customized configuration, it needs to be secure to enter y right here. On a system you have got modified closely, you could want to enter d and examine the checklist of packages to be eliminated, in case it contains something you will must reinstall later.


Take away out of date packages? 53 packages are going to be eliminated. Proceed [yN] Particulars [d]y

Lastly, assuming all has gone nicely, you will learn that the improve is full and a restart is required. Enter y to proceed:


System improve is full. Restart required To complete the improve, a restart is required. If you choose 'y' the system will likely be restarted. Proceed [yN] y

On an SSH session, you will doubtless see one thing like the next:


Connection to closed by distant host. Connection to closed.

It's possible you'll must press a key right here to exit to your native immediate, since your SSH session may have terminated on the server finish.

Wait a second in your server to reboot, then reconnect. On login, you need to be greeted by a message confirming that you just're now on Bionic Beaver:


Welcome to Ubuntu 18.04 LTS (GNU/Linux 4.15.0-19-generic x86_64)


You need to now have a working Ubuntu 18.04 set up. From right here, you doubtless want to analyze needed configuration adjustments to providers and deployed purposes.

You could find extra 18.04 tutorials on our Ubuntu 18.04 Tutorials tag web page.

Ought to Your Web Venture Be Static or Dynamic?

Previous article

Preserving Your Website Design Constant

Next article

You may also like


Leave a Reply

More in Linux