Date: Mon, 08 Sep 2008 11:15:44 +0200 From: "DA Forsyth" <iwrtech@iwr.ru.ac.za> To: freebsd-questions@freebsd.org Cc: jalmberg@identry.com Subject: Re: safest way to upgrade a production server Message-ID: <48C50960.17104.472ED1DE@iwrtech.iwr.ru.ac.za> In-Reply-To: <20080908033359.D75A810656C2@hub.freebsd.org> References: <20080908033359.D75A810656C2@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8 Sep 2008 , freebsd-questions-request@freebsd.org entreated about "freebsd-questions Digest, Vol 232, Issue 1": Hi John > So, my first question is, do I really need to do this? yes > If so, what is the minimum amount of upgrading I can do to be safe? > And how? I track RELENG_7_0 in my source tree, but only build it when I see somehting important in UPDATING. what is important? stuff like,I don't run bind, so can ignore any bind related issues, but I do run Samba and Apache, so if anything effects them, I get right on it. If I need to build world (I have a custom kernel) I can do it anytime, then after it is built (and kernel) I come in on a Saturday and take the server to single user and install world and kernel etc etc, following all the relevant instructions. The thing that can take most time is mergemaster, but so what? on a Saturday that only affects web visitors for half an hour or so. > I also think I need to do this using freebsd-update to do a binary > update, to upgrade on an errata branch. if you are not running custom kernels then freebsd-update is fantastic. I use it on my 2 print servers, which have almost identicle 'minimal' setups and don't need a custom kernel. > I've never done this, so will try upgrading a test system, first. If > all goes well, I will give it a whirl on one of the production servers. I have installed all my software from ports, so I do this: - keep the ports tree updated. I wrote a little script that gets called from cron on Monday morning early, that sends me an email telling me what ports have been updated in the last week. this mornings list is 1 2 ipmitool 1 2 mailman 1 4 rsync 1 5 samba 1 9 apcupsd 2 1 lsof 2 10 pear-XML_Parser 4 4 libksba 7 7 libxslt 9 11 pear-Log 10 58 gtk 24 1 png 54 5 apache The numbers are 'required by', and 'requires', giving me an idea of how many things are affected by this upgrade. - following that list, I decide whether to upgrade now or leave it till next week. - to upgrade, I run 'portupgrade -vrR portname' and just fill in the portname from my emailed list. sometimes I do several related ports at the same time, like all php* or lib* - restart any services that were upgraded, in my case usually samba, but sometimes net-snmp and so on. - TEST with some early experiences in having a portupgrade break things, I prefer not to do a 'portupgrade -a', instead doing them one by one and thus seeing all the messages and so on. Note that I do this Monday or Tuesday morning, on a live server with ~25 local users online, and external web service, and have never had a huge problem. A few years ago the horde upgrade broke a lot of stuff, but I fixed it from the backups of the setup files I keep on another server. I tar /etc /usr/local/etc /usr/local/www/horde/config and so on. havn't needed them in ages, but I do it anyway. > Frankly, I find this idea terrifying, but I guess it needs to be done. yeah, me too, but it gets easier. keep records of what you have done, and what the results are. makes problem tracking easier. I use a 'sort of a blog' so I can access the information remotely. I used to have the blog on a machine in a different building but that has become impossible, so now it exists on 2 local machines. if the main machine dies I can still see my blog entries for help in fixing it. info on how you set something up is just as important as backups of the machine itself. > > uname -a > FreeBSD ***servername*** 6.3-PRERELEASE FreeBSD 6.3-PRERELEASE #1: > Mon Dec 3 09:46:53 EST 2007 root@***servername***:/usr/obj/usr/ > src/sys/INET_ON amd64 oooh, that is a bit old I think. -- DA Fo rsyth Network Supervisor Principal Technical Officer -- Institute for Water Research http://www.ru.ac.za/institutes/iwr/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48C50960.17104.472ED1DE>