I've read that it's not recommended to automatically apply updates via yum-updated on production servers, but I keep encountering servers that have this enabled.
Are any of you doing automatic yum updates on production servers in CentOS 5 via yum-updatesd? Have you experienced any negative side effects?
The only thing I can think of is if say a client had a custom version of PHP installed that was not properly excluded in yum and then it was over written. Unless I'm missing something else that could go horribly wrong.
Any feedback is appreciated. (if this question has already been asked my apologies, searching the archive didn't find what I was looking for)
Thanks,
-PJ
On 01/17/2012 02:30 PM, P J wrote:
I've read that it's not recommended to automatically apply updates via yum-updated on production servers, but I keep encountering servers that have this enabled.
Are any of you doing automatic yum updates on production servers in CentOS 5 via yum-updatesd? Have you experienced any negative side effects?
The only thing I can think of is if say a client had a custom version of PHP installed that was not properly excluded in yum and then it was over written. Unless I'm missing something else that could go horribly wrong.
Any feedback is appreciated. (if this question has already been asked my apologies, searching the archive didn't find what I was looking for)
Thanks,
-PJ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi PJ,
Good practices is don't update any package on server directly without test before.
It's because some update may not full compatible with your configuration.
I do the update first on test server to ensure that update will not break my system.
I didn't update directly without test this new package before, so I never get troubles on updates to my servers.
If you have many server with same package to update, first try one in Testing (of Dev) Environment, if no have problems, send your servers update the packages.
best regrads --aslan
best regards.
On Tue, 2012-01-17 at 14:42 -0200, Aslan Carlos wrote:
Good practices is don't update any package on server directly without test before.
It's because some update may not full compatible with your configuration.
I do the update first on test server to ensure that update will not break my system.
I didn't update directly without test this new package before, so I never get troubles on updates to my servers.
I would say that to some extent it depends on what is being updated. If there is an update to the 'date' command then that could be applied automatically. But updates, for example, to postfix/sendmail/exim etc on a mail server, would not be applied by using 'exclude' in the yum.conf file. These can then be checked and applied manually.
John.
Best reason I can think of is application feature deprecation.
If an update contains changes to the default configuration file then the file will normally be installed with the '.rpmnew' extension.
If an application decides to deprecate and phase out options which you actually use in the current configuration then the automatic update will invalidate your configuration and the service will not start.
This would cause downtime for your servers. In the case of some services e.g. ssh, it could be catastrophic, requiring you to physically visit the servers, would could incur a cost to you.
If you're OK with that, then you're not really in a high-availability production environment and you can use the automatic update daemon if you wish.
On Tue, January 17, 2012 17:30, P J wrote:
I've read that it's not recommended to automatically apply updates via yum-updated on production servers, but I keep encountering servers that have this enabled.
Are any of you doing automatic yum updates on production servers in CentOS 5 via yum-updatesd? Have you experienced any negative side effects?
The only thing I can think of is if say a client had a custom version of PHP installed that was not properly excluded in yum and then it was over written. Unless I'm missing something else that could go horribly wrong.
Any feedback is appreciated. (if this question has already been asked my apologies, searching the archive didn't find what I was looking for)
Thanks,
-PJ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
From: P J pauljflists@gmail.com
I've read that it's not recommended to automatically apply updates via yum-updated on production servers, but I keep encountering servers that have this enabled.
Some parameters/configurations/functionalities might change/appear/disappear, depending on the type of development (some projects are stable and other projects just do not care about backward compatibility). If you do manual updates, you will notice that some configuration files may change in the process (see the .rpmnew and .rpmsave)... If your server is critical, you'd better test the updates on a non critical server before.
JD
On 01/17/2012 10:30 AM, P J wrote:
I've read that it's not recommended to automatically apply updates via yum-updated on production servers, but I keep encountering servers that have this enabled.
Are any of you doing automatic yum updates on production servers in CentOS 5 via yum-updatesd? Have you experienced any negative side effects?
The only thing I can think of is if say a client had a custom version of PHP installed that was not properly excluded in yum and then it was over written. Unless I'm missing something else that could go horribly wrong.
Any feedback is appreciated. (if this question has already been asked my apologies, searching the archive didn't find what I was looking for)
I would always say it is "best practice" to manually install updates on at least one machine of a specific type and make sure everything is OK ... then automatically machines that are like that one after you are happy.
We do automatically upgrade all the CentOS infrastructure servers all the time ... but I do not do that for my $work servers.
There are hardly ever any issues ... but I always test and then push.
On Tue, Jan 17, 2012 at 9:59 AM, Johnny Hughes johnny@centos.org wrote:
On 01/17/2012 10:30 AM, P J wrote:
I've read that it's not recommended to automatically apply updates via yum-updated on production servers, but I keep encountering servers that have this enabled.
Are any of you doing automatic yum updates on production servers in
CentOS
5 via yum-updatesd? Have you experienced any negative side effects?
The only thing I can think of is if say a client had a custom version of PHP installed that was not properly excluded in yum and then it was over written. Unless I'm missing something else that could go horribly wrong.
Any feedback is appreciated. (if this question has already been asked my apologies, searching the archive didn't find what I was looking for)
I would always say it is "best practice" to manually install updates on at least one machine of a specific type and make sure everything is OK ... then automatically machines that are like that one after you are happy.
We do automatically upgrade all the CentOS infrastructure servers all the time ... but I do not do that for my $work servers.
There are hardly ever any issues ... but I always test and then push.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks for the feedback guys, I agree about best practices but it's nice to get direct feedback from your peers.
On Tue, Jan 17, 2012 at 2:14 PM, P J pauljflists@gmail.com wrote:
Thanks for the feedback guys, I agree about best practices but it's nice to get direct feedback from your peers.
In general it is very, very rare for an update to break anything - after all that is the whole point of the 'enterprise' distribution and it is well tested upstream. However, it is still possible, especially if you have local apps and modifications, and it is very difficult to back out any changes the updates make so it is always best to test on a similar system before making changes on a production box where downtime would be a problem. For boxes that are internet exposed, I'd consider it more dangerous to go for long intervals with no updates than to auto-update, though.
On 1/17/2012 3:41 PM, Les Mikesell wrote:
On Tue, Jan 17, 2012 at 2:14 PM, P Jpauljflists@gmail.com wrote:
Thanks for the feedback guys, I agree about best practices but it's nice to get direct feedback from your peers.
In general it is very, very rare for an update to break anything - after all that is the whole point of the 'enterprise' distribution and it is well tested upstream. However, it is still possible, especially if you have local apps and modifications, and it is very difficult to back out any changes the updates make so it is always best to test on a similar system before making changes on a production box where downtime would be a problem. For boxes that are internet exposed, I'd consider it more dangerous to go for long intervals with no updates than to auto-update, though.
That's what I meant hen I said I thought it would be better for CentOS to have auto-updates enabled by default out of the box. Power users can always change the defaults. But for all the servers where the admin neglects the server or doesn't know enough to change it -- YES people can pontificate all they want about how those people shouldn't be server admins -- but the fact being that those servers are out there, it would seem less risky to have auto-updates turned on than to have no updates at all.
Bennett
On 01/18/2012 01:01 AM, Bennett Haselton wrote:
That's what I meant hen I said I thought it would be better for CentOS to have auto-updates enabled by default out of the box. Power users can
That would change things too much and make everything into a moving target : not the best situation to be in. Also, its worth noting that while its easy to slip into a mindset where one imagines all machines everywhere being in vulnerable positions like on the internet etc, thats never the case. Lots and lots of machines will run well disconnected from the 'net', even these days.
Would it make sense to have a middle ground where the option to turn on/off all system updates, by default, from the base repo's is put up install time for the user to decide howto handle things ?
It would need to be limited to whats coming from the base distro repo's though. Since we cant assume all repos on every machine are always in a state where they are usable and upgradeable all the time. And yes, this does mean that if the base repo's are moving automatically, third party packagers and app vendors can no longer ask for and expect any sort of state. Otoh, it might be argued that the whole point of a stable distro is to not need that level of endorsement, the reality is that plenty of vendors do.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Karanbir Singh Sent: den 18 januari 2012 11:14 To: CentOS mailing list Subject: Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On 01/18/2012 01:01 AM, Bennett Haselton wrote:
Would it make sense to have a middle ground where the option to turn on/off all system updates, by default, from the base repo's is put up install time for the user to decide howto handle things ?
I think it would, at least for us.
On Tue, Jan 17, 2012 at 12:59 PM, Johnny Hughes johnny@centos.org wrote:
I would always say it is "best practice" to manually install updates on at least one machine of a specific type and make sure everything is OK ... then automatically machines that are like that one after you are happy.
I would like to expand on this a little. Once you get a certain number of machine it probably makes sense to have your own internal mirror. That way you can update your test machines from upstream, do the tests, then once you are satisfied you can update the internal mirror. This would give you consistency on what is installed on your Production machines without having to worry about the whole "crap, I just updated the wrong server". Also this would give you a level of protection if you do choose to automatically update your Production machines because it takes the extra step of updating the local mirror to really push any changes.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of William Hooper Sent: den 17 januari 2012 22:41 To: CentOS mailing list Subject: Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
I would like to expand on this a little. Once you get a certain number of machine it probably makes sense to have your own internal mirror.
Is there any particular approximate number of machines you'd say this would apply to?
Thanks.