From owner-freebsd-questions@FreeBSD.ORG Fri Dec 2 16:09:49 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4074D16A41F for ; Fri, 2 Dec 2005 16:09:49 +0000 (GMT) (envelope-from nalists@scls.lib.wi.us) Received: from mail.scls.lib.wi.us (mail.scls.lib.wi.us [198.150.40.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE51F43D4C for ; Fri, 2 Dec 2005 16:09:48 +0000 (GMT) (envelope-from nalists@scls.lib.wi.us) Received: from [172.26.2.238] ([172.26.2.238]) by mail.scls.lib.wi.us (8.12.9p2/8.12.9) with ESMTP id jB2G9lG1004551; Fri, 2 Dec 2005 10:09:47 -0600 (CST) (envelope-from nalists@scls.lib.wi.us) Message-ID: <439071CB.5060006@scls.lib.wi.us> Date: Fri, 02 Dec 2005 10:09:47 -0600 From: Greg Barniskis User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "N.J. Thomas" References: <58486.38.112.155.126.1133534024.squirrel@www.keyslapper.net> <20051202150214.GG8773@ayvali.org> In-Reply-To: <20051202150214.GG8773@ayvali.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "Louis J. LeBlanc" , freebsd-questions@freebsd.org Subject: Re: Uptimes, autoreboots, and package upgrades X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Dec 2005 16:09:49 -0000 N.J. Thomas wrote: > * Louis J. LeBlanc [2005-12-02 09:33:44 -0500]: > >>So, I know restarting is important on occasion, but my real questions >>are: Does anyone use a crontab reboot to make sure their system(s) get >>a regular fresh start? If so, how often - weekly, montly, bi-monthly? > > > I think system upgrades should always be done manually, since any change > could potentially corrupt an otherwise perfectly running machine. > Manually, one can do a quick sanity check to make sure the upgrade went > okay, and back out if it didn't. I would agree with that; any significant FreeBSD update should minimally be tested carefully on a reference machine. If that works out well enough then one might have some level of comfort for automating update deployments from the reference machine to comparable production platforms. With of course the first automated phase being the taking of a file system snapshot and a dump. re: update frequency, I tried to be aggressive about this for a time but ran into the OP's frustration about things not always working out too well. Nowadays I only update ports when there's a version change that I am sure provides significant added value, or when portaudit starts whining about something. > IIRC, on Windows machines the default setting is to automatically > download and install OS updates, and this has only caused problems for > everyone involved. I don't know any moderately competent Windows user > who doesn't turn this feature off right away. I used to feel that way too, but around here we have had a very long track record on about 850 Win boxes of having nearly zero problems with their updates. It's not just luck. When folks have problems it often seems related to customizations made to their systems, particularly with regard to firewall, NTFS or registry ACL hardening. This is not at all surprising -- compare that to a FAQ re: FreeBSD upgrade failure where the answer is "looks like you've got the immutable flag set". Ain't security swell? ;) On Windows servers we turn off automated installation (reboot timing and change management being of moderate importance). On clients, we usually push out updates just as fast as we can. -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) , (608) 266-6348