--=-rcFUPN9yATM22D984nr5
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi,
Due to CVE on openssl and on kernel, I did upgrade various piece of the
infrastructure ( foreman, lists, stats, monitoring ), which implied a
few reboots ( due to kernel lagging behind, which is not that great with
local root exploit ). As this is friday and I assumed most of the Tel
Aviv office was not working, i hope this kept the disruption to a
minimum. However, if something is broken, please tell it so we can fix.
This also got me thinking. In order to bring a bit more order, what
about having a fixed schedule for upgrade ?
In my previous position, we were doing that once per month ( except
during end of quarter freeze ), with mandatory reboot ( cause if
something do not boot, you want to know it when you have a planned
outage, not when everyone is running around updating stuff ). Fedora has
a rather complex procedure to decide what to upgrade, hilighted on
http://infrastructure.fedoraproject.org/infra/docs/massupgrade.txt
So we could adopt a schedule ( once per month, unless there is something
critical, in which case we do it ASAP, with warning on the list and irc
).=20
The schedule should of course take in account "business need", which is
"release schedule of ovirt".
So what about "first friday of the month, unless exception" ?
And by update, i mean "yum upgrade -y". Cleaning the list of repo on
various servers is also IMHO another task to discuss, to make sure the
task can be safely executed. ( having something like
mcollective/ansible/func is also needed, but that's more a convenience
than a requirement at this stage ).
--=20
Michael Scherer
Open Source and Standards, Sysadmin
--=-rcFUPN9yATM22D984nr5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJTkaYoAAoJEE89Wa+PrSK9rrcQAI7MICLBqIhmnTJQC8eW2Wnq
h6UcClJxH5E0rJNT6LFYRfmOh6+Y8CPASevTsPFTUZFe1Eby6dwVYMeRINieVHRK
y5/kgFXlpPVm+W+GdwwyHqNqy/zjZZXaJdOqczUiDerK57yA5IJMMGbvqGDIQH5c
sJOBtL8/4D7lPZCrBd9rsw4Td6yY+mrmHjhaQfKojvHXn9ZKwjmFCRvi4eJ4/+04
n7w6nywQHDNzwaNS17wmWQyMkfOGFwdZCYxzi4I6kYtCmbgNF5iaYgt6GLpaZ24W
qpNEp8RST1JpknzfVoZ9ASL5cNeP/gqaFX/1rK6AOCMIr23qghaz2Ku6rYhUwL/O
jKHp+HOYs+o4xiIbMBKMCj9D4HE08xveOuLxKMkrENrL0V3FrRTZu9kCDxeMUorc
cL/lG/oWEsEvJVbx4VCKYssdX2qXK57UaDCk2KT6oeUqnWcvYR9KgYhfDpUhjN2T
rOD5uM9VhbD0LgVdom8iBpRVH8yLsawp0WWC/uSte0yxFnHG60IjHwl/nDC/teF8
YE9N5Hy/lAOWI9N43OB6ppAB8SmsPLendk3VG14nHOkmdWHGadw3i9A87VP45bZl
NRr8H7miqTDFdp+v6pmrzvzP6L9pCGGYHoSI3pfF9CZDYCwgQ57gA314iyeDHrjK
a8bpf5lAIELnWlmD3s2E
=1/P5
-----END PGP SIGNATURE-----
--=-rcFUPN9yATM22D984nr5--