On Wed, Jul 30, 2014 at 3:03 PM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > Oh, boy. Now I have to rant on Linux and RedHat after being so happy with > them for much longer than a decade. OK, the first thing I have to admit: > I'm ignorant person. Please teach something... > > Now questions: > > 1. How often do you reboot your Linux servers? (every about 45 days there > is either kernel or glibc update. I remember somewhere about RedHat 5 - > RedHat 7 machines having uptime about 2 years) > > 2. All major Linux distributions either have switched to systemd or plan > to do so in next release... I prefer system V init. I don't like something > big handling everything when there is no reason to. > > And the list can go on... > > But there are changes I really like (to keep the balance...). Such as > switching to XFS as to default fs! And BTW, I was extremely happy I went > with RedHat/CentOS when my debian friend sysadmin was re-creating all keys > and certificates (and rebuilding systems) after known random number > generator flop debian had... > > So, please, teach me something: how do I build enterprise level server > based CentOS 7 which I'll be able to run 1-2 years without reboot (I did > apologize already for being ignorant person ;-) You don't _have_ to install a new kernel/glibc the second it is released, especially if the server isn't internet-exposed. Usually any memory leak or device driver bugs are discovered and fixed quickly in the release cycle, so if current kernel has any of those problems they should be fixed soon. Then you just need to watch the update notifications and decide if subsequent updates are something you need badly enough to reboot. Just be aware that something that is described as a 'local root escalation' might be combined with different application-level bugs in server programs to give the effect of remote exploits (and there _will_ be people who know how to do that) so you can't ignore everything. -- Les Mikesell lesmikesell at gmail.com