P J
2012-Jan-17 16:30 UTC
[CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
I've read that it's not recommended to automatically apply updates via yum-updated on production servers, but I keep encountering servers that have this enabled. Are any of you doing automatic yum updates on production servers in CentOS 5 via yum-updatesd? Have you experienced any negative side effects? The only thing I can think of is if say a client had a custom version of PHP installed that was not properly excluded in yum and then it was over written. Unless I'm missing something else that could go horribly wrong. Any feedback is appreciated. (if this question has already been asked my apologies, searching the archive didn't find what I was looking for) Thanks, -PJ
Aslan Carlos
2012-Jan-17 16:42 UTC
[CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On 01/17/2012 02:30 PM, P J wrote:> I've read that it's not recommended to automatically apply updates via > yum-updated on production servers, but I keep encountering servers that > have this enabled. > > Are any of you doing automatic yum updates on production servers in CentOS > 5 via yum-updatesd? Have you experienced any negative side effects? > > The only thing I can think of is if say a client had a custom version of > PHP installed that was not properly excluded in yum and then it was over > written. > Unless I'm missing something else that could go horribly wrong. > > Any feedback is appreciated. (if this question has already been asked my > apologies, searching the archive didn't find what I was looking for) > > Thanks, > > -PJ > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centosHi PJ, Good practices is don't update any package on server directly without test before. It's because some update may not full compatible with your configuration. I do the update first on test server to ensure that update will not break my system. I didn't update directly without test this new package before, so I never get troubles on updates to my servers. If you have many server with same package to update, first try one in Testing (of Dev) Environment, if no have problems, send your servers update the packages. best regrads --aslan best regards.
Giles Coochey
2012-Jan-17 16:50 UTC
[CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
Best reason I can think of is application feature deprecation. If an update contains changes to the default configuration file then the file will normally be installed with the '.rpmnew' extension. If an application decides to deprecate and phase out options which you actually use in the current configuration then the automatic update will invalidate your configuration and the service will not start. This would cause downtime for your servers. In the case of some services e.g. ssh, it could be catastrophic, requiring you to physically visit the servers, would could incur a cost to you. If you're OK with that, then you're not really in a high-availability production environment and you can use the automatic update daemon if you wish. On Tue, January 17, 2012 17:30, P J wrote:> I've read that it's not recommended to automatically apply updates via > yum-updated on production servers, but I keep encountering servers that > have this enabled. > > Are any of you doing automatic yum updates on production servers in CentOS > 5 via yum-updatesd? Have you experienced any negative side effects? > > The only thing I can think of is if say a client had a custom version of > PHP installed that was not properly excluded in yum and then it was over > written. > Unless I'm missing something else that could go horribly wrong. > > Any feedback is appreciated. (if this question has already been asked my > apologies, searching the archive didn't find what I was looking for) > > Thanks, > > -PJ > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
John Doe
2012-Jan-17 17:05 UTC
[CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
From: P J <pauljflists at gmail.com>> I've read that it's not recommended to automatically apply updates via > yum-updated on production servers, but I keep encountering servers that > have this enabled.Some parameters/configurations/functionalities might change/appear/disappear, depending on the type of development (some projects are stable and other projects? just do not care about backward compatibility). If you do manual updates, you will notice that some configuration files may change in the process (see the .rpmnew and .rpmsave)... If your server is critical, you'd better test the updates on a non critical server before. JD
Johnny Hughes
2012-Jan-17 17:59 UTC
[CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On 01/17/2012 10:30 AM, P J wrote:> I've read that it's not recommended to automatically apply updates via > yum-updated on production servers, but I keep encountering servers that > have this enabled. > > Are any of you doing automatic yum updates on production servers in CentOS > 5 via yum-updatesd? Have you experienced any negative side effects? > > The only thing I can think of is if say a client had a custom version of > PHP installed that was not properly excluded in yum and then it was over > written. > Unless I'm missing something else that could go horribly wrong. > > Any feedback is appreciated. (if this question has already been asked my > apologies, searching the archive didn't find what I was looking for) >I would always say it is "best practice" to manually install updates on at least one machine of a specific type and make sure everything is OK ... then automatically machines that are like that one after you are happy. We do automatically upgrade all the CentOS infrastructure servers all the time ... but I do not do that for my $work servers. There are hardly ever any issues ... but I always test and then push. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20120117/fac45932/attachment-0005.sig>
P J
2012-Jan-17 20:14 UTC
[CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On Tue, Jan 17, 2012 at 9:59 AM, Johnny Hughes <johnny at centos.org> wrote:> On 01/17/2012 10:30 AM, P J wrote: > > I've read that it's not recommended to automatically apply updates via > > yum-updated on production servers, but I keep encountering servers that > > have this enabled. > > > > Are any of you doing automatic yum updates on production servers in > CentOS > > 5 via yum-updatesd? Have you experienced any negative side effects? > > > > The only thing I can think of is if say a client had a custom version of > > PHP installed that was not properly excluded in yum and then it was over > > written. > > Unless I'm missing something else that could go horribly wrong. > > > > Any feedback is appreciated. (if this question has already been asked my > > apologies, searching the archive didn't find what I was looking for) > > > > I would always say it is "best practice" to manually install updates on > at least one machine of a specific type and make sure everything is OK > ... then automatically machines that are like that one after you are happy. > > We do automatically upgrade all the CentOS infrastructure servers all > the time ... but I do not do that for my $work servers. > > There are hardly ever any issues ... but I always test and then push. > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >Thanks for the feedback guys, I agree about best practices but it's nice to get direct feedback from your peers.
William Hooper
2012-Jan-17 21:40 UTC
[CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On Tue, Jan 17, 2012 at 12:59 PM, Johnny Hughes <johnny at centos.org> wrote:> I would always say it is "best practice" to manually install updates on > at least one machine of a specific type and make sure everything is OK > ... then automatically machines that are like that one after you are happy.I would like to expand on this a little. Once you get a certain number of machine it probably makes sense to have your own internal mirror. That way you can update your test machines from upstream, do the tests, then once you are satisfied you can update the internal mirror. This would give you consistency on what is installed on your Production machines without having to worry about the whole "crap, I just updated the wrong server". Also this would give you a level of protection if you do choose to automatically update your Production machines because it takes the extra step of updating the local mirror to really push any changes. -- William Hooper