1 |
On 03/28/2013 11:38 AM, Nick Khamis wrote: |
2 |
> Hello Everyone, |
3 |
> |
4 |
> Just got a ticket assigned to me where we need to update our production servers. |
5 |
> |
6 |
> uname -a |
7 |
> Linux noun 3.4.9-gentoo #2 SMP Sat Oct 13 09:35:07 EDT 2012 x86_64 |
8 |
> Intel(R) Xeon(TM) CPU 3.60GHz GenuineIntel GNU/Linux |
9 |
> |
10 |
> eselect |
11 |
> [18] hardened/linux/amd64 * |
12 |
> |
13 |
> I don't think they have been updated since the initial install and |
14 |
> wanted to get a little feedback on some safe practices and methods |
15 |
> that should be performed before and while doing so. |
16 |
|
17 |
This isn't that old, you'll be fine. First run an emerge --sync to |
18 |
update the tree. Then list everything it wants to upgrade: |
19 |
|
20 |
emerge -puDN1 world |
21 |
|
22 |
Once you have that list, go through a few at a time, updating |
23 |
non-essential packages. For example, |
24 |
|
25 |
emerge -u1 timezone-data man-pages ... |
26 |
|
27 |
Every once in a while, run a revdep-rebuild. If you have service |
28 |
monitoring (e.g. Nagios), great, it'll alert you if something breaks. If |
29 |
not, you'll have to test the services yourself every few packages. And |
30 |
don't forget to open a counter-ticket for someone to implement a |
31 |
monitoring solution, already. |
32 |
|
33 |
After a while, only important packages (apache, mysql, postfix...) will |
34 |
be left. Do those one at a time, and restart the services afterwards. |
35 |
Read the release notes first. Run revdep-rebuild. Check that the |
36 |
services work. |
37 |
|
38 |
Finally, you'll be left with the guaranteed-to-break updates like grub2 |
39 |
(50/50) and udev (100% you're fucked prepare for downtime). Grub2 can of |
40 |
course be skipped until the hardware dies. Best of luck to you with udev =) |