| 1 |
On 03/28/2013 11:38 AM, Nick Khamis wrote: |
| 2 |
> Hello Everyone, |
| 3 |
> |
| 4 |
> Just got a ticket assigned to me where we need to update our production servers. |
| 5 |
> |
| 6 |
> uname -a |
| 7 |
> Linux noun 3.4.9-gentoo #2 SMP Sat Oct 13 09:35:07 EDT 2012 x86_64 |
| 8 |
> Intel(R) Xeon(TM) CPU 3.60GHz GenuineIntel GNU/Linux |
| 9 |
> |
| 10 |
> eselect |
| 11 |
> [18] hardened/linux/amd64 * |
| 12 |
> |
| 13 |
> I don't think they have been updated since the initial install and |
| 14 |
> wanted to get a little feedback on some safe practices and methods |
| 15 |
> that should be performed before and while doing so. |
| 16 |
|
| 17 |
This isn't that old, you'll be fine. First run an emerge --sync to |
| 18 |
update the tree. Then list everything it wants to upgrade: |
| 19 |
|
| 20 |
emerge -puDN1 world |
| 21 |
|
| 22 |
Once you have that list, go through a few at a time, updating |
| 23 |
non-essential packages. For example, |
| 24 |
|
| 25 |
emerge -u1 timezone-data man-pages ... |
| 26 |
|
| 27 |
Every once in a while, run a revdep-rebuild. If you have service |
| 28 |
monitoring (e.g. Nagios), great, it'll alert you if something breaks. If |
| 29 |
not, you'll have to test the services yourself every few packages. And |
| 30 |
don't forget to open a counter-ticket for someone to implement a |
| 31 |
monitoring solution, already. |
| 32 |
|
| 33 |
After a while, only important packages (apache, mysql, postfix...) will |
| 34 |
be left. Do those one at a time, and restart the services afterwards. |
| 35 |
Read the release notes first. Run revdep-rebuild. Check that the |
| 36 |
services work. |
| 37 |
|
| 38 |
Finally, you'll be left with the guaranteed-to-break updates like grub2 |
| 39 |
(50/50) and udev (100% you're fucked prepare for downtime). Grub2 can of |
| 40 |
course be skipped until the hardware dies. Best of luck to you with udev =) |
Archives