automatic nightly updates
Eric Rostetter
rostetter at mail.utexas.edu
Mon Apr 25 22:31:05 UTC 2005
Quoting Jim Popovitch <jimpop at yahoo.com>:
> On Sun, 2005-04-24 at 14:49 -0400, Dan Schlitt wrote:
> > I guess it is my paranoia from 15 years of system administration but I
> > would never do unattended patching of any computer I really cared about.
>
> What about a cluster of 50+ webservers?
I see this no different that a cluster of 5 mail servers, or a stand-alone
database server, or a single compute machine. If it is different, it is
in that I can test things on one of the 50+ machines and find any problems
there before I install it on the rest.
> I think part of this discussion needs to define what is applicable and
> what isn't. As has been previously stated there are cases when
> auto-update doesn't apply, i.e. complex database servers, etc. However
> for every case that can be made against auto-update, there is an
> alternate case for auto-update.
See the recently updated https://www.fedoralegacy.org/docs/autoupdates.php
> Think of an enterprise with 1500
> desktop PCs all around the world. Who is going to visit all locations
> to update?
You don't need to. No one said you did. But that doesn't mean you should
just have them all do auto updates from the vendor or a third party.
> What about webserver farms? How about distributed internal
> DNS/NIS servers where the loss of one system isn't critical? etc, etc.
See above. It doesn't matter. Remember, you *can* apply updates automatically,
from another source, after testing. Just don't forget to do the rest of the
work up front.
> People need to understand that every environment is unique and what
> doesn't work in one instance may very well work very well in another.
I think this is all addressed, though maybe not heavily, in the autoupdates.php
web page. Not to mention the Red Hat, Microsoft, or a zillion other
Best Practices Guides out there, all of which say don't use auto updates
of untested software on production machines.
> -Jim P.
--
Eric Rostetter
More information about the fedora-legacy-list
mailing list