What distro for new linode?
I have nothing against Archlinux it was real good no troubles
Having said that I would now like to go in for a distro with standard/fixed releases rather than a rolling release.
Among Ubuntu 16.04LTS and Debian 8 what would be recommended based on the following:
Target app : server
1. Stability - by this I mean a distro that would keep downtime to a minimum…
2. Decent resource usage - basically I am going to run multiple nodejs processes which might increase over time and mysql.
3. Long term support. Around 2-3yrs is ok.
4. Decent Documentation / community support.
5. I don't need the latest package support anything that is middish between old and new is ok.
In short being a server app I want it to be ultra stable and don't want to go into the hassle of weekly updating the system.
Regards,
Lively
14 Replies
* Debian 8 (Jessie) [full support until June 2018, Long Term Support (LTS - just security fixes) until June 2020]
- Ubuntu 16.04 LTS (Xenial Xerus) [support until April 2021]
Whichever version you choose, you should update at least weekly, to get any available security fixes. If you don't do this, you will eventually get pwned – bots scan the internet all the time looking for unpatched systems to attack.
I use Debian on four servers and update on Mondays:
* Check that the backups all ran in the early hours of Monday morning
On each machine:
apt-get update
apt-get upgrade
Check that all services are running OK
Very occasionally, you will have to amend some configuration files, but that is a small price to pay for security peace-of-mind.
I understand that security issues need to be patched at he earliest, there's no escaping from that.
On Arch i had to do a
pacman -Syu
I'm sure there would be similar commands on these distro's.
one of the reasons I was try to shift to a fixed release is not doing periodic updates(except security updates), maybe I'm missing something here.
#!/bin/sh
servername="your identifier"
to="you@example.com"
apt-get update >/dev/null 2>&1
upgrades="$( apt-get --dry-run -u dist-upgrade | \
sed -n '/^The following packages/,/^[0-9][0-9]* upgraded/p' )"
if [ -n "$upgrades" ] ; then
sendmail -ti <<- EOT
To: $to
Subject: Updates available for $servername
There are updated packages available for $servername. Please take
the opportunity to log in and run (as root) 'apt-get dist-upgrade' to
apply them.
$upgrades
Thanks,
the update-check script
EOT
fi
Note: you will need to set the $servername and $to variables at the top of the script to values that make sense for you.
@Vance:
On a Ubuntu system, I set up a script like the following to run weekly. It sends out e-mail if updates are required, and then I log in and perform the updates manually. It should work on Debian as well. There are probably more standardized ways to accomplish this, but it works for me.
Thanks for the info Vance.
I am a bit hesitant about upgrades since it might disrupt my server. However if there is no way I out of it I would have to do it.
I don't have much running on the server a few node processes and mysql.
That being said when we talk about the upgrade processes what is it that needs to be definitely upgraded?.
Is it only that security updates and bugfixes / patches are a must?.
I'm not so keen on newer versions of packages.
How do other's manage such a process do they have a VM copy of the server distro and they first check it out there and then if everything works out fine then upgrade the server?
@dwfreed:
Most distros (exceptions: Arch Linux and Gentoo, but most people don't run those) do not update packages to new versions between their own releases
Now that is an eye-opener dwfreed I hope Ubuntu is also on that list of distros that don't update packages between their own releases.
@dwfreed:
meaning if you install say irssi on Debian Jessie, you will get version 0.8.17, and it will stay at 0.8.17 for as long as you're on the Jessie release, unless you do something yourself to install a different version. Debian will provide bugfix and security updates, but won't add any new features. When Debian releases their next version, which is called Stretch, once you upgrade to it, you'll get newer versions of packages. That upgrade is something you would have to do yourself; it isn't something that would happen automatically through the normal course of getting package updates (this is done to avoid breaking people's setups, in case they were relying on something that went away in a new version of something they were using).
So lets say that I did
sudo apt-get install mysql-server
today and it installed version 5.7.15 what if i do an update process a week later or a month later or this would stay at 5.7.15 ? what if Oracle releases a bugfix to that version and it becomes 5.7.16 would ubuntu now upgrade to the newer version.
@dwfreed:
The bugfix and security updates put out generally do not break things, but it's always a good idea to have backups just in case they do. Having another Linode or a local VM to test updates on first is not a bad idea if what you run is especially fragile or important.
When you say backups you mean "data" backups right? and not an image of the whole system?
I am concerned of a situation where an upgrade causes downtime I mean the server fails to start on the next reboot (if its ever done)… How do you handle such a situation because the time scale for such a case to get the server back on would be hours rather than minutes, right?
Is there any command only to intall bugfixes and security updates? What are your views of setting the server for automatic updates (security and bugfixes only) what have been your experiences with that?
Many Thanks
@LivelyOde:
@dwfreed:Most distros (exceptions: Arch Linux and Gentoo, but most people don't run those) do not update packages to new versions between their own releases
Now that is an eye-opener dwfreed I hope Ubuntu is also on that list of distros that don't update packages between their own releases.
Ubuntu follows the same pattern as Debian, so yes, they'd be included in the list of distros that don't change versions between their own releases. Arch Linux and Gentoo are the only ones I have experience with that don't, because they don't actually have distro releases (this is referred to as rolling release).
@LivelyOde:
@dwfreed:meaning if you install say irssi on Debian Jessie, you will get version 0.8.17, and it will stay at 0.8.17 for as long as you're on the Jessie release, unless you do something yourself to install a different version. Debian will provide bugfix and security updates, but won't add any new features. When Debian releases their next version, which is called Stretch, once you upgrade to it, you'll get newer versions of packages. That upgrade is something you would have to do yourself; it isn't something that would happen automatically through the normal course of getting package updates (this is done to avoid breaking people's setups, in case they were relying on something that went away in a new version of something they were using).
So lets say that I did
sudo apt-get install mysql-server
today and it installed version 5.7.15 what if i do an update process a week later or a month later or this would stay at 5.7.15 ? what if Oracle releases a bugfix to that version and it becomes 5.7.16 would ubuntu now upgrade to the newer version.
Yes. If Oracle releases a bugfix version later, Ubuntu would backport the bugfixes and leave the version number the same.
@LivelyOde:
@dwfreed:The bugfix and security updates put out generally do not break things, but it's always a good idea to have backups just in case they do. Having another Linode or a local VM to test updates on first is not a bad idea if what you run is especially fragile or important.
Is there any command only to intall bugfixes and security updates? What are your views of setting the server for automatic updates (security and bugfixes only) what have been your experiences with that?Many Thanks
The regular 'apt-get upgrade' will only install bugfixes and security updates, as counterintuitive as it sounds. The distro package version has to be bumped in order for the package manager to notice there are updates, but the version number reported by the installed program is not changed. So in your mysql scenario, you'd get something like mysql-server 5.7.15 when you first install it, and then when the update comes, mysql-server 5.7.15-ubuntu1 would be installed, the ubuntu1 part meaning that Ubuntu made a change from the originally released version, to apply the bugfix. I'm not a fan of installing updates automatically, because however unlikely, they can break things, and I'd rather be around to fix things when they break rather than find out hours later.
The backport topic that you bought up are indeed quiet profound.
I think what you said makes it clear on how the upgrade/update system works.
so to end it all up…
I have to run these commands weekly right?
sudo apt-get update
sudo apt-get upgrade
Regards,
sudo apt-get update && sudo apt-get dist-upgrade && sudo apt-get autoremove
@jebblue:
I run the following to get the most complete updates and clean up old removed packages:
sudo apt-get update && sudo apt-get dist-upgrade && sudo apt-get autoremove
I've read elsewhere that
sudo apt-get dist-upgrade
tends to remove packages if it cannot resolve conflicts.
Isn't that a bit risky to do especially in a production environment.
My view is, if using dist-upgrade breaks stuff then your system was broken in the first place. Fix it so dist-upgrade works 100% and then it will work 100% and you can sleep good at night.