From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 6F554138010 for ; Thu, 28 Mar 2013 16:48:27 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 51974E07C2; Thu, 28 Mar 2013 16:48:17 +0000 (UTC) Received: from mail2.viabit.com (mail2.viabit.com [65.246.80.16]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B2D84E0508 for ; Thu, 28 Mar 2013 16:48:15 +0000 (UTC) Received: from [172.17.29.6] (vpn1.metro-data.com [65.213.236.242]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail2.viabit.com (Postfix) with ESMTPSA id 3ZcBpk5JSMz1hk9 for ; Thu, 28 Mar 2013 12:48:14 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=orlitzky.com; s=mail2; t=1364489294; bh=4nkp0ZaaM3zBMkeHbiRqRQ/gpL6vQFAu6xXNwT148bA=; h=Date:From:To:Subject:References:In-Reply-To; b=GyOLWUBlu3F4w63by/6ytdcpestbPMCXO+i9nWcX6LQ52syUuPzR0ImU0SK7b66Oa ZsDnGeuVG4Vmb+HGH69llVEEAmh8eHKzLdij7FEJI/dXsZonJf0ZUdkgQHvKFh5YIo dv9jPlmbPYeA+5MiL4aPMnTrNzPGQKkkDQiYxhZQ= Message-ID: <5154744D.9080805@orlitzky.com> Date: Thu, 28 Mar 2013 12:48:13 -0400 From: Michael Orlitzky User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130126 Thunderbird/17.0.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Updating our live servers. I'm scared! References: In-Reply-To: X-Enigmail-Version: 1.5 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 88002c11-2251-45f2-affb-c6b3979a00fe X-Archives-Hash: 1f3ef179b40ec27e4138a2104099f281 On 03/28/2013 11:38 AM, Nick Khamis wrote: > Hello Everyone, > > Just got a ticket assigned to me where we need to update our production servers. > > uname -a > Linux noun 3.4.9-gentoo #2 SMP Sat Oct 13 09:35:07 EDT 2012 x86_64 > Intel(R) Xeon(TM) CPU 3.60GHz GenuineIntel GNU/Linux > > eselect > [18] hardened/linux/amd64 * > > I don't think they have been updated since the initial install and > wanted to get a little feedback on some safe practices and methods > that should be performed before and while doing so. This isn't that old, you'll be fine. First run an emerge --sync to update the tree. Then list everything it wants to upgrade: emerge -puDN1 world Once you have that list, go through a few at a time, updating non-essential packages. For example, emerge -u1 timezone-data man-pages ... Every once in a while, run a revdep-rebuild. If you have service monitoring (e.g. Nagios), great, it'll alert you if something breaks. If not, you'll have to test the services yourself every few packages. And don't forget to open a counter-ticket for someone to implement a monitoring solution, already. After a while, only important packages (apache, mysql, postfix...) will be left. Do those one at a time, and restart the services afterwards. Read the release notes first. Run revdep-rebuild. Check that the services work. Finally, you'll be left with the guaranteed-to-break updates like grub2 (50/50) and udev (100% you're fucked prepare for downtime). Grub2 can of course be skipped until the hardware dies. Best of luck to you with udev =)