Update Slackware in production evironment

spongetron · 02-29-2012, 08:01 AM

I was wondering how you guys handle updates of your slackware boxes in production environments. Do you have any best practice hints? What are your experiences? Thanks in advance for your answers.

EDIT: Does someone use an automated process? If so how do you do it?

willysr · 02-29-2012, 08:28 AM

i used -Current in most of my systems, except for servers in which i prefer to use -Stable
In both systems, i always read the changelog before upgrading, so i know what changes are being made

onebuck · 02-29-2012, 02:11 PM

Hi,

Do during off-load hours or maintenance down time.

sjampoo · 02-29-2012, 03:49 PM

Hi,

I keep the 'production servers' in the stable branch. I only use the "slackpkg update / slean-system / install-new / update-all" sequence for security updates. It's not an automated process since I regularly check the stable change log anyway. I do tend to upgrade on less mission critical systems before upgrading servers this way.

Have been running 12.2, 13.1 and 13.37 (all stable) in production environments ( if you can call them that ), and I didn't feel the need to upgrade between versions without having to cope with some inevitable downtime due to hardware changes/upgrades. (e.a. older hardware is still running smoothly with 12.2 installed)

Some 13.37 servers I have got running are upgrades though,. from 13.0 and on, So it's not that a server needs a clean install at 'upgrade'.

metageek · 02-29-2012, 05:04 PM

I keep my servers upgraded by regularly checking the patches folder on the Slackware distribution (13.37) and apply them with upgradepkg. Not just servers, actually all my machines...

roberto967 · 03-03-2012, 01:50 AM

According to Pat's reccomendations, the upgrade should be done in "init 1". This is is not possible when you want to upgrade from remote.
So I'm wondering which packages strictly require "init 1", and if someone of is used to upgrade the entire system from remote with "init 3" mode.

allend · 03-03-2012, 05:06 AM

From the UPGRADE.TXT file

Quote:

0. Put your machine in single-user mode:
telinit 1

Note that this is _not_ strictly required, and there have been reports
of success remotely upgrading machines that are still in multiuser
mode. However, more things can do wrong in multiuser, so especially
if you're considering a remote upgrade in multiuser mode, you might
want to clone the machine locally so that you can do a test run to
uncover any problem areas and come up with workarounds for them.

I can report being successful doing remote upgrades over a SSH link to machines in run level 3. You need to be very careful with handling new configuration files and local configuration. Get it wrong on the networking and you will lose access on reboot, requiring local access to recover. (Experience can be a hard teacher!) This is my preferred method for doing upgrades of my few production servers. It can be done out of hours when things are quiescent, minimising impact on users.

If you have a networked machine, switching to run level 1 can actually be a hindrance. Your screen can be filled with networking messages.

GazL · 03-03-2012, 05:09 AM

I've never had any problems from updating in runlevel 3 on Slackware. You may however want to manually stop any servers/daemons that are running while you do the updates just to be safe (things like mysql database servers being prime examples)

Ironically, doing the right thing can also sometimes get you into trouble. I once had an AIX system fail to boot after applying a new maintenance level update and I later found out that it was due to a bug in one of the package that was only triggered when the package was updated from single user mode. Had to restore from tape on that occasion.

If your only concern is remote access, or a headless machines then: runlevel 2 is unused, and there's no reason why you couldn't customise it to be runlevel 1+network+sshd and use that, but if you don't have many server processes running then just manually stopping things may be easier than creating your own runlevel.

sjampoo · 03-03-2012, 07:55 AM

Updating ( a running 13.37 with new security patches ) is something different that upgrading (from e.a. 13.1 to 13.37)> Upgrading I prefer to do 'the safe way' (runlevel 1)... updating I dare to do 'the unsafer way' (remote in standard runlevel). I know to little of Linux to know what might break and how to fix it.

tronayne · 03-03-2012, 11:20 AM

I too keep all my machines at stable. I check the changelog at Slackware weekly and download any new patches. I apply patches in single-user mode (init 1) so that any patch does not interfere with something that might be running (which should not happen but "just in case," a.k.a. "CYA," comes into play here). After applying patches I init 6 to get a clean start. Been doing it this way since the mid-80's though System 3, System V, Solaris and now Slackware -- never had a problem.

Downside? Well, you can't go into single-user remotely so you can't do a hot patch from home, gotta be on the console. And, if you do a hot patch, well, who knows (I have, never got burned, but... CYA).

Hope this helps some.