[Labs-l] Be warned: unattended-upgrades are coming

Antoine Musso hashar+wmf at free.fr
Fri Sep 28 07:28:37 UTC 2012


Le 27/09/12 02:49, Ryan Lane a écrit :
> I've just pushed in this change:
> 
> https://gerrit.wikimedia.org/r/#/c/25465/
> 
> What this means is that Labs instances will automatically apply
> security patches in an unattended manner. This means that occasionally
> services may restart on your instances when patches are installed.
> This change is very much needed, as there's no simple way for us to
> manage security patches on instances, and no one bothers to apply them
> otherwise.

I know most packages upgrade will be fine but I am a bit worried about
applying security patches to mysql, libc6 and kernel.

MySQL is probably going to restart properly though. AFAIK, upgrading the
libc6 might need to restart a various number of daemons, I usually do a
full restart of the server when it happens.

When upgrading kernel, I noticed dpkg prompt about a local configuration
change to grub.lst. Keeping local configuration is fine, but choosing
the package provided list render the instance unbootable. Also the
previous kernel are sticking in which can fill the hard drive quickly on
the smallest (10GB) instances.

A pam related package has a similar issue since it attempts to overwrite
the configuration to connect to LDAP.

I am probably a bit paranoid though.

-- 
Antoine "hashar" Musso




More information about the Labs-l mailing list