[CentOS] broken GFS

Wed May 14 20:50:50 UTC 2008
John R Pierce <pierce at hogranch.com>

Linux wrote:
> People who prepare and maintain a distro have (and should have) many
> concerns in mind. Security is one of them and integrity is another.
> But in this situation, integrity is simply ignored (on the behalf of
> GFS situation because I backed down from my XFS related complains)
>
> Disabling kernel upgrades simply solves the situation but raises some
> other questions about "What else can be broken with security
> apprehensions?"
>
> I do not know which one to choose:
> - Absolutely not-working server because of missing updates
> - Maybe will be attacked server because of missing security updates.
>   

specific to GFS...   GFS is a clustered file system.  You do NOT run 
automatic updates willy-nilly on a production cluster, there's just far 
too many ways it can go bad.  You test them on a staging environment 
before approving their deployment, then you have to have a specific 
process for applying the patches to the cluster, and if they are major 
patches, this usually involves bringing the cluster down, applying the 
tested and approved patches to all cluster members, then bringing the 
cluster back up one node at a time, then going back live for 
production.     If the patches are minor, you may be able to do a 
rolling upgrade, where you bring down one cluster member, patch it, put 
it back online, then bring down the next, etc...   The cluster 
administrator have to determine the appropriate maintenance process, 
then follow it religiously.





btw, what is WITH all these lame gmail addresses?   linuxlist ?   
centoslist ??   Do I call you Mr Linux, or Mr List ?