What distro for new linode?

If you want to run a server on the Internet, updates are a requirement. Not updating is putting your server, your customers, Linode and the Internet at risk. Maybe you could retain someone to do those for you on a periodic basis. I think Linode has a managed server plan.

Your current choices are:
* Debian 8 (Jessie) [full support until June 2018, Long Term Support (LTS - just security fixes) until June 2020]

• Ubuntu 16.04 LTS (Xenial Xerus) [support until April 2021]
  Whichever version you choose, you should update at least weekly, to get any available security fixes. If you don't do this, you will eventually get pwned – bots scan the internet all the time looking for unpatched systems to attack.

I use Debian on four servers and update on Mondays:
* Check that the backups all ran in the early hours of Monday morning

• On each machine:

  apt-get update 
  

  apt-get upgrade
  

• Check that all services are running OK

Very occasionally, you will have to amend some configuration files, but that is a small price to pay for security peace-of-mind.

I had a similar discussion on the Arch forum and they told me it's a must to update weekly at the minimum, basically faster the better, and they told me to do it manually not with a script.

I understand that security issues need to be patched at he earliest, there's no escaping from that.

On Arch i had to do a

pacman -Syu

I'm sure there would be similar commands on these distro's.

one of the reasons I was try to shift to a fixed release is not doing periodic updates(except security updates), maybe I'm missing something here.

There really is no getting away from weekly updates. If you choose Debian, they don't introduce new versions of any software within one release, they just do bug fixes and security upgrades (during standard support) and then just security fixes (during LTS).

On a Ubuntu system, I set up a script like the following to run weekly. It sends out e-mail if updates are required, and then I log in and perform the updates manually. It should work on Debian as well. There are probably more standardized ways to accomplish this, but it works for me.

#!/bin/sh
servername="your identifier"
to="you@example.com"
apt-get update >/dev/null 2>&1
upgrades="$( apt-get --dry-run -u dist-upgrade | \
  sed -n '/^The following packages/,/^[0-9][0-9]* upgraded/p' )"
if [ -n "$upgrades" ] ; then
  sendmail -ti <<- EOT
To: $to
Subject: Updates available for $servername

There are updated packages available for $servername.  Please take
the opportunity to log in and run (as root) 'apt-get dist-upgrade' to
apply them.

$upgrades

Thanks,
the update-check script
EOT
fi

Note: you will need to set the $servername and $to variables at the top of the script to values that make sense for you.

@Vance:

On a Ubuntu system, I set up a script like the following to run weekly. It sends out e-mail if updates are required, and then I log in and perform the updates manually. It should work on Debian as well. There are probably more standardized ways to accomplish this, but it works for me.

Thanks for the info Vance.

I am a bit hesitant about upgrades since it might disrupt my server. However if there is no way I out of it I would have to do it.

I don't have much running on the server a few node processes and mysql.

That being said when we talk about the upgrade processes what is it that needs to be definitely upgraded?.

Is it only that security updates and bugfixes / patches are a must?.

I'm not so keen on newer versions of packages.

How do other's manage such a process do they have a VM copy of the server distro and they first check it out there and then if everything works out fine then upgrade the server?

Most distros (exceptions: Arch Linux and Gentoo, but most people don't run those) do not update packages to new versions between their own releases, meaning if you install say irssi on Debian Jessie, you will get version 0.8.17, and it will stay at 0.8.17 for as long as you're on the Jessie release, unless you do something yourself to install a different version. Debian will provide bugfix and security updates, but won't add any new features. When Debian releases their next version, which is called Stretch, once you upgrade to it, you'll get newer versions of packages. That upgrade is something you would have to do yourself; it isn't something that would happen automatically through the normal course of getting package updates (this is done to avoid breaking people's setups, in case they were relying on something that went away in a new version of something they were using). The bugfix and security updates put out generally do not break things, but it's always a good idea to have backups just in case they do. Having another Linode or a local VM to test updates on first is not a bad idea if what you run is especially fragile or important.

@dwfreed:

Most distros (exceptions: Arch Linux and Gentoo, but most people don't run those) do not update packages to new versions between their own releases

Now that is an eye-opener dwfreed I hope Ubuntu is also on that list of distros that don't update packages between their own releases.

@dwfreed:

meaning if you install say irssi on Debian Jessie, you will get version 0.8.17, and it will stay at 0.8.17 for as long as you're on the Jessie release, unless you do something yourself to install a different version. Debian will provide bugfix and security updates, but won't add any new features. When Debian releases their next version, which is called Stretch, once you upgrade to it, you'll get newer versions of packages. That upgrade is something you would have to do yourself; it isn't something that would happen automatically through the normal course of getting package updates (this is done to avoid breaking people's setups, in case they were relying on something that went away in a new version of something they were using).

So lets say that I did

sudo apt-get install mysql-server

today and it installed version 5.7.15 what if i do an update process a week later or a month later or this would stay at 5.7.15 ? what if Oracle releases a bugfix to that version and it becomes 5.7.16 would ubuntu now upgrade to the newer version.

@dwfreed:

The bugfix and security updates put out generally do not break things, but it's always a good idea to have backups just in case they do. Having another Linode or a local VM to test updates on first is not a bad idea if what you run is especially fragile or important.

When you say backups you mean "data" backups right? and not an image of the whole system?

I am concerned of a situation where an upgrade causes downtime I mean the server fails to start on the next reboot (if its ever done)… How do you handle such a situation because the time scale for such a case to get the server back on would be hours rather than minutes, right?

Is there any command only to intall bugfixes and security updates? What are your views of setting the server for automatic updates (security and bugfixes only) what have been your experiences with that?

Many Thanks

@LivelyOde:

@dwfreed:

Most distros (exceptions: Arch Linux and Gentoo, but most people don't run those) do not update packages to new versions between their own releases

Now that is an eye-opener dwfreed I hope Ubuntu is also on that list of distros that don't update packages between their own releases.

Ubuntu follows the same pattern as Debian, so yes, they'd be included in the list of distros that don't change versions between their own releases. Arch Linux and Gentoo are the only ones I have experience with that don't, because they don't actually have distro releases (this is referred to as rolling release).

@LivelyOde:

@dwfreed:

meaning if you install say irssi on Debian Jessie, you will get version 0.8.17, and it will stay at 0.8.17 for as long as you're on the Jessie release, unless you do something yourself to install a different version. Debian will provide bugfix and security updates, but won't add any new features. When Debian releases their next version, which is called Stretch, once you upgrade to it, you'll get newer versions of packages. That upgrade is something you would have to do yourself; it isn't something that would happen automatically through the normal course of getting package updates (this is done to avoid breaking people's setups, in case they were relying on something that went away in a new version of something they were using).

So lets say that I did

sudo apt-get install mysql-server

today and it installed version 5.7.15 what if i do an update process a week later or a month later or this would stay at 5.7.15 ? what if Oracle releases a bugfix to that version and it becomes 5.7.16 would ubuntu now upgrade to the newer version.

Yes. If Oracle releases a bugfix version later, Ubuntu would backport the bugfixes and leave the version number the same.

@LivelyOde:

@dwfreed:

The bugfix and security updates put out generally do not break things, but it's always a good idea to have backups just in case they do. Having another Linode or a local VM to test updates on first is not a bad idea if what you run is especially fragile or important.
Is there any command only to intall bugfixes and security updates? What are your views of setting the server for automatic updates (security and bugfixes only) what have been your experiences with that?

Many Thanks

The regular 'apt-get upgrade' will only install bugfixes and security updates, as counterintuitive as it sounds. The distro package version has to be bumped in order for the package manager to notice there are updates, but the version number reported by the installed program is not changed. So in your mysql scenario, you'd get something like mysql-server 5.7.15 when you first install it, and then when the update comes, mysql-server 5.7.15-ubuntu1 would be installed, the ubuntu1 part meaning that Ubuntu made a change from the originally released version, to apply the bugfix. I'm not a fan of installing updates automatically, because however unlikely, they can break things, and I'd rather be around to fix things when they break rather than find out hours later.

Many Thanks for the extended reply dwtweed.

The backport topic that you bought up are indeed quiet profound.

I think what you said makes it clear on how the upgrade/update system works.

so to end it all up…

I have to run these commands weekly right?

sudo apt-get update
sudo apt-get upgrade

Regards,

I run the following to get the most complete updates and clean up old removed packages:

sudo apt-get update && sudo apt-get dist-upgrade && sudo apt-get autoremove

@jebblue:

I run the following to get the most complete updates and clean up old removed packages:

sudo apt-get update && sudo apt-get dist-upgrade && sudo apt-get autoremove

I've read elsewhere that

sudo apt-get dist-upgrade

tends to remove packages if it cannot resolve conflicts.

Isn't that a bit risky to do especially in a production environment.

It works for me LivelyOde and has fixed issues that just "apt-get upgrade" didn't.

http://askubuntu.com/questions/194651/w … st-upgrade">http://askubuntu.com/questions/194651/why-use-apt-get-upgrade-instead-of-apt-get-dist-upgrade

My view is, if using dist-upgrade breaks stuff then your system was broken in the first place. Fix it so dist-upgrade works 100% and then it will work 100% and you can sleep good at night.

I am agree with Jebblue…follow him please