From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 64487138010 for ; Thu, 28 Mar 2013 16:04:58 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D8336E091F; Thu, 28 Mar 2013 16:04:45 +0000 (UTC) Received: from mail-we0-f177.google.com (mail-we0-f177.google.com [74.125.82.177]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 3D4E8E090F for ; Thu, 28 Mar 2013 16:04:43 +0000 (UTC) Received: by mail-we0-f177.google.com with SMTP id o45so3304372wer.36 for ; Thu, 28 Mar 2013 09:04:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=oy4CRz49e1mvcXH2mN4C3O4sUFYMydalwUfBjY7wCyQ=; b=VcWbYRU0NDnxTQsNERSDK3V7twoSTkH/F+8BlrNoYxehtyRrlBngbReTKbRhrjyE7m oVOA+LPvbwDyiMNuA9j+GjHH+sBy7ojOwHRfN+f2MsrJFveqYTPuMTUeqvHzu/PQRDT3 z6Am1WPJlJw/+VbLI0Bw1MzIg0/nhwAT+kgVGq/w3gGI5neMTekZUY1xWAirp0UUH+he EsN2npuaHbZBQv24v2mvSkKYEZjHQ3H7k2EHvo0BxHAoDzKxUmWCVqN2BSCFpD4jczNY AJrE085Ut+bUNDt5/+5baxMCrxgGT+tlkzTMFy3yuiq6/AKtZRmfXITo14A9fXBs4HKP W+BQ== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.180.79.6 with SMTP id f6mr17246838wix.26.1364486682646; Thu, 28 Mar 2013 09:04:42 -0700 (PDT) Received: by 10.216.246.11 with HTTP; Thu, 28 Mar 2013 09:04:42 -0700 (PDT) In-Reply-To: References: Date: Thu, 28 Mar 2013 12:04:42 -0400 Message-ID: Subject: Re: [gentoo-user] Updating our live servers. I'm scared! From: Joshua Murphy To: gentoo-user@lists.gentoo.org Content-Type: multipart/alternative; boundary=f46d04428248051e4a04d8fe5085 X-Archives-Salt: ce30345e-f7ea-4516-b12f-cc4ea9c81dc6 X-Archives-Hash: 31c5439b491530866b93c9db362f06ac --f46d04428248051e4a04d8fe5085 Content-Type: text/plain; charset=UTF-8 On Thu, Mar 28, 2013 at 11:38 AM, Nick Khamis wrote: > Hello Everyone, > > Just got a ticket assigned to me where we need to update our production > servers. > > uname -a > Linux noun 3.4.9-gentoo #2 SMP Sat Oct 13 09:35:07 EDT 2012 x86_64 > Intel(R) Xeon(TM) CPU 3.60GHz GenuineIntel GNU/Linux > > eselect > [18] hardened/linux/amd64 * > > I don't think they have been updated since the initial install and > wanted to get a little feedback on some safe practices and methods > that should be performed before and while doing so. > > Thanks in Advance, > > Nick. > > Personally, I would recommend pulling an rsync (databases and such might cause a hiccup with that) of one of them to a nonessential system and testing updating there, building packages (assuming matching use flags, etc, across your systems), documenting the pitfalls you run into as you go. After you're up to date there, run through and test it again from a base copy, then test the actual services to ensure changes to them don't hose your environment's configuration, and once that's good, it then depends entirely on what failover, or downtime allowances you have available. If you have no failover to rely on, and can't afford enough downtime to update the system in place from the packages you've built, clone each off, update, then migrate the changes that've occured in the time between... time consuming, and requires a lot of care, but doable. -- Poison [BLX] Joshua M. Murphy --f46d04428248051e4a04d8fe5085 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Thu, Mar 28, 2013 at 11:38 AM, Nick Khamis <symack@gmail.com> wrote:
Hello Everyone,

Just got a ticket assigned to me where we need to update our production ser= vers.

uname -a
Linux noun 3.4.9-gentoo #2 SMP Sat Oct 13 09:35:07 EDT 2012 x86_64
Intel(R) Xeon(TM) CPU 3.60GHz GenuineIntel GNU/Linux

eselect
[18] =C2=A0hardened/linux/amd64 *

I don't think they have been updated since the initial install and
wanted to get a little feedback on some safe practices and methods
that should be performed before and while doing so.

Thanks in Advance,

Nick.


Personally, I would recommend pulling an rsync (data= bases and such might cause a hiccup with that) of one of them to a nonessen= tial system and testing updating there, building packages (assuming matchin= g use flags, etc, across your systems), documenting the pitfalls you run in= to as you go. After you're up to date there, run through and test it ag= ain from a base copy, then test the actual services to ensure changes to th= em don't hose your environment's configuration, and once that's= good, it then depends entirely on what failover, or downtime allowances yo= u have available. If you have no failover to rely on, and can't afford = enough downtime to update the system in place from the packages you've = built, clone each off, update, then migrate the changes that've occured= in the time between... time consuming, and requires a lot of care, but doa= ble.

--
Poison [BLX]
Joshua M. Murphy

--f46d04428248051e4a04d8fe5085--