What is the rule of thumb for reboots after updates...
Certainly if I update from 5.2 to 5.3 I reboot.
But if you update something like krb5 or pam does that require a reboot? Does the "fix" get automatically loaded and used or do you just do a reboot always?
Thanks,
Jerry
Jerry Geis wrote:
What is the rule of thumb for reboots after updates...
Certainly if I update from 5.2 to 5.3 I reboot.
But if you update something like krb5 or pam does that require a reboot? Does the "fix" get automatically loaded and used or do you just do a reboot always?
only with new kernels. Some things you may want to log out and back in again for the libraries to reload but that's about it.
nate
nate wrote:
Jerry Geis wrote:
What is the rule of thumb for reboots after updates...
only with new kernels.
...and then only when you want what the new kernel provides.
I have my systems configured so yum is allowed to download and install new kernels, but don't usually reboot unless I want the specific thing the new kernel fixed, or have to reboot for some other reason. This saves me some hassle in rebuilding third-party drivers.
Windows boxes have to reboot on almost every upgrade because the file I/O semantics don't allow replacing files that are in use, except in some very limited cases. Windows has a feature that *ix type boxes don't need, which is that a program can schedule a file to be replaced on the next reboot. It's part of the "move file" API. Installers do this when they try to replace a file and fail, which is why an installer might not always prompt for a reboot on completion; it depends on whether the program was running when you ran the installer. This is also why so many Windows installers demand that you shut everything else down while you install the program. They're trying to help you out.
I bring this seemingly off-topic thing up here because it's why a lot of people get the idea that upgrades mean reboots. It simply isn't usually needed in the *ix world. It's why my uptime records for *ix boxes are over a year, while my Windows boxes rarely stay up for a full month and almost never beyond that due to Patch Tuesday.
Warren, thank you very much for the info! I learned a lot.
On 4/9/09, Warren Young warren@etr-usa.com wrote:
nate wrote:
Jerry Geis wrote:
What is the rule of thumb for reboots after updates...
only with new kernels.
...and then only when you want what the new kernel provides.
I have my systems configured so yum is allowed to download and install new kernels, but don't usually reboot unless I want the specific thing the new kernel fixed, or have to reboot for some other reason. This saves me some hassle in rebuilding third-party drivers.
Windows boxes have to reboot on almost every upgrade because the file I/O semantics don't allow replacing files that are in use, except in some very limited cases. Windows has a feature that *ix type boxes don't need, which is that a program can schedule a file to be replaced on the next reboot. It's part of the "move file" API. Installers do this when they try to replace a file and fail, which is why an installer might not always prompt for a reboot on completion; it depends on whether the program was running when you ran the installer. This is also why so many Windows installers demand that you shut everything else down while you install the program. They're trying to help you out.
I bring this seemingly off-topic thing up here because it's why a lot of people get the idea that upgrades mean reboots. It simply isn't usually needed in the *ix world. It's why my uptime records for *ix boxes are over a year, while my Windows boxes rarely stay up for a full month and almost never beyond that due to Patch Tuesday. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Thursday 09 April 2009, nate wrote:
Jerry Geis wrote:
What is the rule of thumb for reboots after updates...
Certainly if I update from 5.2 to 5.3 I reboot.
But if you update something like krb5 or pam does that require a reboot? Does the "fix" get automatically loaded and used or do you just do a reboot always?
only with new kernels.
If you wan't your new updates to take effect you'll need to restart every application/daemon that uses a library affected by the update. Rebooting quickly becomes the easiest way to make sure of that.
It kind of depends on what you wan't. If you're ok with the fact that maybe some of the updates won't take full effect until the next reboot then fine.
/Peter
Some things you may want to log out and back in again for the libraries to reload but that's about it.
At Thu, 09 Apr 2009 07:49:30 -0400 CentOS mailing list centos@centos.org wrote:
What is the rule of thumb for reboots after updates...
Certainly if I update from 5.2 to 5.3 I reboot.
But if you update something like krb5 or pam does that require a reboot? Does the "fix" get automatically loaded and used or do you just do a reboot always?
You only *really* need to reboot if/when you update the kernel. Yum/RPM takes care of restarting daemons, etc. during the update process. This is NOT MS-Windows....
Thanks,
Jerry _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Robert Heller wrote:
At Thu, 09 Apr 2009 07:49:30 -0400 CentOS mailing list centos@centos.org wrote:
What is the rule of thumb for reboots after updates...
Certainly if I update from 5.2 to 5.3 I reboot.
But if you update something like krb5 or pam does that require a reboot? Does the "fix" get automatically loaded and used or do you just do a reboot always?
You only *really* need to reboot if/when you update the kernel. Yum/RPM takes care of restarting daemons, etc. during the update process. This is NOT MS-Windows....
Yes, but any program that is already running will keep using the old versions of the program, libraries, open files, etc., retaining the disk space and not sharing the in-memory copy with new instances that start after the update. And since modern programs like to dynamically load library modules as needed while running you can get a strange mix of old/new versions running at once.
At Thu, 09 Apr 2009 10:38:08 -0500 CentOS mailing list centos@centos.org wrote:
Robert Heller wrote:
At Thu, 09 Apr 2009 07:49:30 -0400 CentOS mailing list centos@centos.org wrote:
What is the rule of thumb for reboots after updates...
Certainly if I update from 5.2 to 5.3 I reboot.
But if you update something like krb5 or pam does that require a reboot? Does the "fix" get automatically loaded and used or do you just do a reboot always?
You only *really* need to reboot if/when you update the kernel. Yum/RPM takes care of restarting daemons, etc. during the update process. This is NOT MS-Windows....
Yes, but any program that is already running will keep using the old versions of the program, libraries, open files, etc., retaining the disk space and not sharing the in-memory copy with new instances that start after the update. And since modern programs like to dynamically load library modules as needed while running you can get a strange mix of old/new versions running at once.
Generally, this is not as bad as it seems. In some cases, some updates do restart critical daemons (rpm -hUv glibc... will restart sshd for example). Also, since most critical library updates also imply a similar update for the deamons/programs that use those libraries and since the rpms for the deamon programs do restart the deamon they install/update, in most cases the deamons do get restarted at some point during the update process -- that is, since httpd (Apache) depends on apr and when apr gets a critical update, it is very likely that the httpd program would also be rebuilt as well, so that both rpms are updated in the repo. A 'yum update' will install the new apr rpm, then the new httpd rpm and at that point restart httpd, this picking up the new apr library.
on 4-9-2009 9:01 AM Robert Heller spake the following:
At Thu, 09 Apr 2009 10:38:08 -0500 CentOS mailing list centos-IFYaIzF+flcdnm+yROfE0A@public.gmane.org wrote:
Robert Heller wrote:
At Thu, 09 Apr 2009 07:49:30 -0400 CentOS mailing list centos-IFYaIzF+flcdnm+yROfE0A@public.gmane.org wrote:
What is the rule of thumb for reboots after updates...
Certainly if I update from 5.2 to 5.3 I reboot.
But if you update something like krb5 or pam does that require a reboot? Does the "fix" get automatically loaded and used or do you just do a reboot always?
You only *really* need to reboot if/when you update the kernel. Yum/RPM takes care of restarting daemons, etc. during the update process. This is NOT MS-Windows....
Yes, but any program that is already running will keep using the old versions of the program, libraries, open files, etc., retaining the disk space and not sharing the in-memory copy with new instances that start after the update. And since modern programs like to dynamically load library modules as needed while running you can get a strange mix of old/new versions running at once.
Generally, this is not as bad as it seems. In some cases, some updates do restart critical daemons (rpm -hUv glibc... will restart sshd for example). Also, since most critical library updates also imply a similar update for the deamons/programs that use those libraries and since the rpms for the deamon programs do restart the deamon they install/update, in most cases the deamons do get restarted at some point during the update process -- that is, since httpd (Apache) depends on apr and when apr gets a critical update, it is very likely that the httpd program would also be rebuilt as well, so that both rpms are updated in the repo. A 'yum update' will install the new apr rpm, then the new httpd rpm and at that point restart httpd, this picking up the new apr library.
Sometimes you just have to know your system. Like if you update a sendmail milter, you would need to restart sendmail also, but if the rpm developer didn't write that into the %post section you would want to do it yourself.
Scott Silva wrote:
You only *really* need to reboot if/when you update the kernel. Yum/RPM takes care of restarting daemons, etc. during the update process. This is NOT MS-Windows....
Yes, but any program that is already running will keep using the old versions of the program, libraries, open files, etc., retaining the disk space and not sharing the in-memory copy with new instances that start after the update. And since modern programs like to dynamically load library modules as needed while running you can get a strange mix of old/new versions running at once.
Generally, this is not as bad as it seems. In some cases, some updates do restart critical daemons (rpm -hUv glibc... will restart sshd for example). Also, since most critical library updates also imply a similar update for the deamons/programs that use those libraries and since the rpms for the deamon programs do restart the deamon they install/update, in most cases the deamons do get restarted at some point during the update process -- that is, since httpd (Apache) depends on apr and when apr gets a critical update, it is very likely that the httpd program would also be rebuilt as well, so that both rpms are updated in the repo. A 'yum update' will install the new apr rpm, then the new httpd rpm and at that point restart httpd, this picking up the new apr library.
Sometimes you just have to know your system. Like if you update a sendmail milter, you would need to restart sendmail also, but if the rpm developer didn't write that into the %post section you would want to do it yourself.
You have some chance of 'knowing' the server side of things - a lot less about what other users might be running. What should you expect if you have logged in users over freenx, remote X or at the console running (say) firefox through an update? Or other long running applications, especially in languages likely to dynamically load new components.
And in one case, I got kicked off of my ssh connection in mid-update. I'm still not sure what happened there but I had to install yum-utils and run yum-recover-transaction to continue.
Les Mikesell schrieb:
You have some chance of 'knowing' the server side of things - a lot less about what other users might be running. What should you expect if you have logged in users over freenx, remote X or at the console running (say) firefox through an update? Or other long running applications, especially in languages likely to dynamically load new components.
And in one case, I got kicked off of my ssh connection in mid-update. I'm still not sure what happened there but I had to install yum-utils and run yum-recover-transaction to continue.
screen(1) might help here
I include it in my default-install nowadays. One suid-binary more, but it's there once you need it.
Rainer
on 4-9-2009 10:07 AM Les Mikesell spake the following:
Scott Silva wrote:
You only *really* need to reboot if/when you update the kernel. Yum/RPM takes care of restarting daemons, etc. during the update process. This is NOT MS-Windows....
Yes, but any program that is already running will keep using the old versions of the program, libraries, open files, etc., retaining the disk space and not sharing the in-memory copy with new instances that start after the update. And since modern programs like to dynamically load library modules as needed while running you can get a strange mix of old/new versions running at once.
Generally, this is not as bad as it seems. In some cases, some updates do restart critical daemons (rpm -hUv glibc... will restart sshd for example). Also, since most critical library updates also imply a similar update for the deamons/programs that use those libraries and since the rpms for the deamon programs do restart the deamon they install/update, in most cases the deamons do get restarted at some point during the update process -- that is, since httpd (Apache) depends on apr and when apr gets a critical update, it is very likely that the httpd program would also be rebuilt as well, so that both rpms are updated in the repo. A 'yum update' will install the new apr rpm, then the new httpd rpm and at that point restart httpd, this picking up the new apr library.
Sometimes you just have to know your system. Like if you update a sendmail milter, you would need to restart sendmail also, but if the rpm developer didn't write that into the %post section you would want to do it yourself.
You have some chance of 'knowing' the server side of things - a lot less about what other users might be running. What should you expect if you have logged in users over freenx, remote X or at the console running (say) firefox through an update? Or other long running applications, especially in languages likely to dynamically load new components.
And in one case, I got kicked off of my ssh connection in mid-update. I'm still not sure what happened there but I had to install yum-utils and run yum-recover-transaction to continue.
I always run my updates through screen. That way disconnects aren't a problem. During major updates I also usually run yum with the --downloadonly option so I can have most of the files local when I am ready.
Scott Silva wrote:
And in one case, I got kicked off of my ssh connection in mid-update. I'm still not sure what happened there but I had to install yum-utils and run yum-recover-transaction to continue.
I always run my updates through screen. That way disconnects aren't a problem. During major updates I also usually run yum with the --downloadonly option so I can have most of the files local when I am ready.
I had done the --downloadonly - and the disconnect wasn't network related as other connections to the same site stayed up. It seemed like something in the cleanup pass killed sshd - and the running yum, leaving a mess. The transaction recovery list was mostly erasing the old packages. But, this only happened on one machine out of many upgraded in exactly the same way so I don't really understand it.
On Thu, Apr 9, 2009 at 2:10 PM, Les Mikesell lesmikesell@gmail.com wrote:
I had done the --downloadonly - and the disconnect wasn't network related as other connections to the same site stayed up. It seemed like something in the cleanup pass killed sshd - and the running yum, leaving a mess. The transaction recovery list was mostly erasing the old packages. But, this only happened on one machine out of many upgraded in exactly the same way so I don't really understand it.
-- Les Mikesell lesmikesell@gmail.com
Sounds like something else interfered. I wouldn't blame this on updating.
But yeah: screen. I used to write database update scripts that would refuse to run unless the user was running in a screen session.
Brian Mathis wrote:
On Thu, Apr 9, 2009 at 2:10 PM, Les Mikesell lesmikesell@gmail.com wrote:
I had done the --downloadonly - and the disconnect wasn't network related as other connections to the same site stayed up. It seemed like something in the cleanup pass killed sshd - and the running yum, leaving a mess. The transaction recovery list was mostly erasing the old packages. But, this only happened on one machine out of many upgraded in exactly the same way so I don't really understand it.
Sounds like something else interfered. I wouldn't blame this on updating.
I don't like to jump to conclusions, but I stay connected over this link for months at a time - and the only unusual thing going on was the cleanup script exection for the updates. I do have an assortment of 3rd party packages installed so it might not have been a stock Centos rpm, though.
But yeah: screen. I used to write database update scripts that would refuse to run unless the user was running in a screen session.
I suspect that whatever it was, it killed the processes out from under the connection instead of the other way around - so screen probably wouldn't have helped.
Jerry Geis wrote:
What is the rule of thumb for reboots after updates...
I'd say the rule of thumb is to do whatever works best for you, and that you'll likely get quite the variety of different responses. ;o)
Certainly if I update from 5.2 to 5.3 I reboot.
But if you update something like krb5 or pam does that require a reboot? Does the "fix" get automatically loaded and used or do you just do a reboot always?
If the kernel gets updated, obviously it goes without saying that you need to reboot for that. Also for 'init', or any of its dependencies. For pretty much everything else, you just need to restart anything that has gotten updated, or anything that depends on anything that just got updated. If various libraries receive security updates for example, and you do not restart every application that is using that library, then you wont be using the "secure" or "bug fixed" version until those running apps are all restarted.
In general, "init 1" followed by "init 3" or "init 5" will do the job slightly faster than a full reboot if time matters at all, but a full reboot is just "simple" to perform and has 100% certainty that any and every possible package that just got updated is definitely restarted with the new version, new libraries, new data files, etc.
The time it takes you to determine what all pieces of running software need to be restarted to be securely using anything that just got updated, is likely to be greater than the time it takes to do a simple reboot or init 1 / init 3/5.
So, I would say "reboot" is the simplest, safest, foolproof way to ensure you're running updates even if some people will balk at the idea that you have to reboot a Linux system. You don't have to of course, but life is short and rebooting is fast. ;o)
Mike A. Harris wrote:
Jerry Geis wrote:
What is the rule of thumb for reboots after updates...
I'd say the rule of thumb is to do whatever works best for you, and that you'll likely get quite the variety of different responses. ;o)
Certainly if I update from 5.2 to 5.3 I reboot.
But if you update something like krb5 or pam does that require a reboot? Does the "fix" get automatically loaded and used or do you just do a reboot always?
If the kernel gets updated, obviously it goes without saying that you need to reboot for that. Also for 'init', or any of its dependencies.
Never for 'init'. Updates to 'init' will invoke "init q", which tells the running 'init' process to re-exec itself.
2009/4/10 Mike A. Harris mharris@mharris.ca
Jerry Geis wrote:
What is the rule of thumb for reboots after updates...
I'd say the rule of thumb is to do whatever works best for you, and that you'll likely get quite the variety of different responses. ;o)
Certainly if I update from 5.2 to 5.3 I reboot.
But if you update something like krb5 or pam does that require a reboot? Does the "fix" get automatically loaded and
used
or do you just do a reboot always?
So, I would say "reboot" is the simplest, safest, foolproof way to ensure you're running updates even if some people will balk at the idea that you have to reboot a Linux system. You don't have to of course, but life is short and rebooting is fast. ;o)
Another good reason to do a controlled reboot every now and again is to make sure that everything you expect to come back up does come back up, which can save you being woken up in the middle of the night if an uncontrolled reboot happens :)
d
On Thu, Apr 9, 2009 at 10:55 PM, D Tucny d@tucny.com wrote:
2009/4/10 Mike A. Harris mharris@mharris.ca
Jerry Geis wrote:
What is the rule of thumb for reboots after updates...
I'd say the rule of thumb is to do whatever works best for you, and that you'll likely get quite the variety of different responses. ;o)
Certainly if I update from 5.2 to 5.3 I reboot.
But if you update something like krb5 or pam does that require a reboot? Does the "fix" get automatically loaded and used or do you just do a reboot always?
So, I would say "reboot" is the simplest, safest, foolproof way to ensure you're running updates even if some people will balk at the idea that you have to reboot a Linux system. You don't have to of course, but life is short and rebooting is fast. ;o)
Another good reason to do a controlled reboot every now and again is to make sure that everything you expect to come back up does come back up, which can save you being woken up in the middle of the night if an uncontrolled reboot happens :)
And if one does a scheduled reboot, best to be there, so you can touch the box and best to do it when there is very low traffic. I remember advising that updates were available for IPCop last year. Scott Silva wrote that he would do it on a Sunday, when the big bosses weren't there. Sure enough, his IPCop box failed to reboot..... I'm doing the first update, from CentOS 5.2 (32 bit) to 5.3 now.
on 4-10-2009 3:24 PM Lanny Marcus spake the following:
On Thu, Apr 9, 2009 at 10:55 PM, D Tucny d@tucny.com wrote:
2009/4/10 Mike A. Harris mharris-mnGD6ET4m9qw5LPnMra/2Q@public.gmane.org
Jerry Geis wrote:
What is the rule of thumb for reboots after updates...
I'd say the rule of thumb is to do whatever works best for you, and that you'll likely get quite the variety of different responses. �;o)
Certainly if I update from 5.2 to 5.3 I reboot.
But if you update something like krb5 or pam does that require a reboot? Does the "fix" get automatically loaded and used or do you just do a reboot always?
So, I would say "reboot" is the simplest, safest, foolproof way to ensure you're running updates even if some people will balk at the idea that you have to reboot a Linux system. �You don't have to of course, but life is short and rebooting is fast. �;o)
Another good reason to do a controlled reboot every now and again is to make sure that everything you expect to come back up does come back up, which can save you being woken up in the middle of the night if an uncontrolled reboot happens :)
And if one does a scheduled reboot, best to be there, so you can touch the box and best to do it when there is very low traffic. I remember advising that updates were available for IPCop last year. Scott Silva wrote that he would do it on a Sunday, when the big bosses weren't there. Sure enough, his IPCop box failed to reboot..... I'm doing the first update, from CentOS 5.2 (32 bit) to 5.3 now.
Luckily, I am only 40 miles from that location. I usually also come in early after weekend updates to double check things.
And never do updates the day before your vacation starts! ;-P
-
Brian Mathis -
D Tucny -
David Lemcoe -
Jerry Geis -
Lanny Marcus -
Les Mikesell -
Michael A. Peters -
Mike A. Harris -
nate -
Peter Kjellstrom -
Rainer Duffner -
Robert Heller -
Robert Nichols -
Scott Silva -
Warren Young