On Thu, Feb 12, 2009, Ian Forde wrote: >On Thu, 2009-02-12 at 11:08 -0600, Les Mikesell wrote: >> That sounds like the kiss of death for any critical service. Can't it >> figure out ahead of time that this is going to happen and let the >> service keep running unchanged with a warning message about needing the >> update instead? > >You're missing the point. If the service is already running, the >changes won't take effect until you restart the service with the new >binaries. And the whole patching exercise is what maintenance windows >are for, anyway. Note that it's critical SERVICE, not critical SERVER. >The former is more important than the latter, so ideally you should be >able to take down the latter in order to upgrade one implementation of >the former. I understand the distinction very well. In the time we have been using this method, we have never taken down a service for any significant period of time (the services are restarted on installation by the RPM SPEC files' %pre, %post processing). Of course we don't do things that are likely to take a critical service down without proper prior planning (often found out the hard way on our own systems :-). If an update is likely to have an impact on operations, it is scheduled during a maintenance window. The services that are most frequently updated are clamav, spamassassin, and amavisd-new, and we have often done this on heavily loaded MX servers (millions of e-mails a day) without having a service down for more than a minute or two while dealing with configuration file changes. Bill -- INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax: (206) 232-9186 The Constitution is a written instrument. As such, its meaning does not alter. That which it meant when it was adopted, it means now. -- SOUTH CAROLINA v. US, 199 U.S. 437, 448 (1905)