RHEL 4 Update Procedure

AB ab at bytron.com
Thu Aug 17 08:33:06 UTC 2006 

Thanks for all the suggestions guys. It looks like we're going to go down the
route of having an identical test server to apply all updates to before we put
them onto the production machines.

At the moment we rely on too many third party apps that are not in RHEL
repository, but I hope to gradually reduce this number.

Thanks again for the feedback,
Adam

-----Original Message-----
From: David Miller [mailto:millerdc at fusion.gat.com] 
Sent: 16 August 2006 21:40
To: General Red Hat Linux discussion list
Subject: Re: RHEL 4 Update Procedure

Like Mathew said there really is no right answer. Especially once you  
add third party software all quality assurance from Red Hat goes out  
the window. For example what if you have to use the latest version of  
Mysql? Once you install that Red Hat is not going to support it. They  
will only support the back ported old version they offer. There are  
ways to mitigate problems though. One is to plain for this stuff  
before setting up a server. Here are a few scenarios that help.

1. Install Red Hat on two different internal drives. get the main  
drive all up-to date and working with your production stuff. Use  
rsync to keep the second drive the same. If an update borked  
something you can always boot off the second drive and be right where  
you were before the update.

2. Use RAID1 and break the mirror before updates. If everything is  
fine rebuild the mirror.

3. Have two identical systems. One for production and one for  
testing. This solution can be very expensive but it is the only true  
get an accurate test of an update.

4. Try to use some form of virtual machine and replicate your setup.

On Aug 11, 2006, at 1:38 AM, AB wrote:

> Hello all,
>
> We run several mission critical RHEL 4 AS servers and we are  
> currently having a
> bit of an internal debate regarding the installation of official  
> RedHat updates.
>
> Several of my colleagues think that installing the RedHat updates  
> is too
> dangerous because it could potentially break another package and/or  
> another
> piece of our or a third party's software.
>
> These are my arguing points as to why we should apply the updates.  
> Please
> correct me if I have misunderstood any of the points I make, and  
> feel free to
> add more to the list (the more the better): -
> .	All RHEL updates are exhaustively tested by RedHat to make sure they
> will not break other official components of the OS.
> .	RHEL updates are only ever bugfix / security updates. An API/ABI  
> will
> never be changed as part of an update. If one of our programs was  
> compiled
> against a library which later got updated, the program would not be  
> negatively
> affected by the update.
> .	RHEL updates are tested against most of the large certified  
> applications
> (such as Oracle etc.) before release.
> .	RedHat don't release updates just for the fun of it, they release  
> them
> to fix new security holes to prevent our systems been broken into,  
> and to fix
> known critical bugs to keep our systems stable and our data intact.
>
> On a slightly different note, does anyone know of a certification  
> framework we
> could develop our applications to, to provide the best possible  
> compatibility
> with the underlying RHEL OS?
>
> What do most other organisations in our position do? I'd be especially
> interested to hear from other companies using RHEL 4 AS who must  
> provide 24/7
> availability, and what RedHat's official line on the matter is.
>
>
> Regards,
> Adam
>
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

David Miller
Systems admin
millerdc at fusion.gat.com


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list