Uptimes, autoreboots, and package upgrades
Greg Barniskis
nalists at scls.lib.wi.us
Fri Dec 2 08:09:49 PST 2005
N.J. Thomas wrote:
> * Louis J. LeBlanc <FreeBSD at keyslapper.net> [2005-12-02 09:33:44 -0500]:
>
>>So, I know restarting is important on occasion, but my real questions
>>are: Does anyone use a crontab reboot to make sure their system(s) get
>>a regular fresh start? If so, how often - weekly, montly, bi-monthly?
>
>
> I think system upgrades should always be done manually, since any change
> could potentially corrupt an otherwise perfectly running machine.
> Manually, one can do a quick sanity check to make sure the upgrade went
> okay, and back out if it didn't.
I would agree with that; any significant FreeBSD update should
minimally be tested carefully on a reference machine. If that works
out well enough then one might have some level of comfort for
automating update deployments from the reference machine to
comparable production platforms. With of course the first automated
phase being the taking of a file system snapshot and a dump.
re: update frequency, I tried to be aggressive about this for a time
but ran into the OP's frustration about things not always working
out too well. Nowadays I only update ports when there's a version
change that I am sure provides significant added value, or when
portaudit starts whining about something.
> IIRC, on Windows machines the default setting is to automatically
> download and install OS updates, and this has only caused problems for
> everyone involved. I don't know any moderately competent Windows user
> who doesn't turn this feature off right away.
I used to feel that way too, but around here we have had a very long
track record on about 850 Win boxes of having nearly zero problems
with their updates. It's not just luck. When folks have problems it
often seems related to customizations made to their systems,
particularly with regard to firewall, NTFS or registry ACL
hardening. This is not at all surprising -- compare that to a FAQ
re: FreeBSD upgrade failure where the answer is "looks like you've
got the immutable flag set". Ain't security swell? ;)
On Windows servers we turn off automated installation (reboot timing
and change management being of moderate importance). On clients, we
usually push out updates just as fast as we can.
--
Greg Barniskis, Computer Systems Integrator
South Central Library System (SCLS)
Library Interchange Network (LINK)
<gregb at scls.lib.wi.us>, (608) 266-6348
More information about the freebsd-questions
mailing list