Can't lose my uptime!

[LuckyTaxi]

I didnt realize our mail server has been running so long until I checked the uptime this morning. I will have to upgrade to 4.11 stable tomorrow, so it's bye bye uptime.

I figure if I do it now, come this time next year, I'll have it running for over 300 days.

Uptime 196 days 11 hours 26 minutes

 

[Enfer Singe]

I would say if you do it now, come this time next year, your uptime will be approximately 365 days, but I am no good at math

 

[Nothinman]

We have a RH box at work that's in the 490 days uptime at work, although that just means it's not being maintained properly :/

 

[Sunner]

Originally posted by: Nothinman
We have a RH box at work that's in the 490 days uptime at work, although that just means it's not being maintained properly :/

Heh, tell me about it.
We have a few boxes that we won't even reboot since noone is sure what would happen...

sunner@elrohir: ~> uptime
10:09am up 1373 day(s), 1 min(s), 5 users, load average: 0.22, 0.24, 0.25

sunner@elladan: ~> uptime
10:10am up 1239 day(s), 22:51, 9 users, load average: 0.26, 0.30, 0.28

[/quote]sunner@durin:~$ uptime
10:11am up 1621 day(s), 20:43, 1 user, load average: 0.04, 0.06, 0.08[/quote]

Luckily we're replacing them a step at a time, so in the end, all will be good

 

[drag]

Well as far as the kernel goes you could be maintaining it 'correctly' even if you don't upgrade the kernel to take care of security problems.

You know the security problems are only problems if they are actual problems. Like for isntance there was a advisory with iptables in a kernel that would require a kernel upgrade to fix, but if you don't use iptables on that machine then what does it matter? Same thing with the advisories about SMB drivers being flaky.. why does that matter if your using CIFS drivers, which do the same thing?

Of course some kernel advisorise can't be ignored. 1200+ days is a long time... but it all depends on the actual machine and what it is being used for.

On the other hand, if you can easily absorb the downtime, then it makes things a lot simplier if you just use the latest packages of whatever you have, just as long as you know it all works first.



were I work we have a couple machines that haven't be down/rebooted since febuary 2002. But the majority of them have been rebooted at least once this year. Not much is needed on the weekends, so it's fairly simple to scedual some downtime to get kernel security updates applied.

 

[LuckyTaxi]

Originally posted by: Nothinman
We have a RH box at work that's in the 490 days uptime at work, although that just means it's not being maintained properly :/

Exactly what my conscious is telling me. I need to maintain my two servers properly.
I do know the last time I did an upgrade, specifically PHP, I had to downgrade back to the older version since an application we use didnt like the newer version.

 

[TGS]

Testbed?

 

[nweaver]

I had a WINDOWS machine that had 180 days uptime. Of course, it was all but useless by then.

 

[ITJunkie]

Originally posted by: nweaver
I had a WINDOWS machine that had 180 days uptime. Of course, it was all but useless by then.

LOL

 

[ProviaFan]

I think the most I got on my Linux-based home "server" was around 3 months, before I accidentally unplugged it.

 

[nweaver]

Originally posted by: ITJunkie

Originally posted by: nweaver
I had a WINDOWS machine that had 180 days uptime. Of course, it was all but useless by then.

LOL

Correction, it was all but useless from day one

byt the 180 day mark, you could not get any network reply other then ping (no connection to exchange, no RDP, no RPC, etc)

console barely worked enough to log off.

 

[Smilin]

Show me a server that's been up for a year and I'll show you a server that's not properly patched.

 

[drag]

Originally posted by: Smilin
Show me a server that's been up for a year and I'll show you a server that's not properly patched.

That's what they've been saying:

We have a RH box at work that's in the 490 days uptime at work, although that just means it's not being maintained properly :/

(and remember that's only nessicary to patch if you know a security problem affects you/your box. Otherwise it may be counter-productive to patch religiously. Personally I run updates on my computers at home all the time, but that's becuase I am lazy. I learned that _always_ (unless it's a emergency) test on a test machine before you update production machine. (especially with OS X!!))

 

[Childs]

Originally posted by: Sunner
Heh, tell me about it.
We have a few boxes that we won't even reboot since noone is sure what would happen...

We used to have boxes like those when I worked for an ISP. We had some that had uptimes of 3+ years. If it ain't broke, don't fix it.

 

[Sunner]

Originally posted by: Smilin
Show me a server that's been up for a year and I'll show you a server that's not properly patched.

Hmmm, well my OpenBSD firewall stayed up for quite a while with no relevant patches, I think ~400 days or something.

 

[djdrastic]

A little off topic , but nonetheless

When I apply a freebsd-update , does it only take effect on reboot ?

 

[TGS]

I tell you, there is *nothing* worse than a data center that does not have planned outages. Load a security patch on a windows server, and let it sit there without a reboot for a month or two before someone gets a wild hair up their diary air, to allow us to actually get the patches active on the boxes.

All they care is their security tools shows the patch file is on the box. Management sees a high level overview screen, showing the box is "patched" and everyone is happy.

 

[Nothinman]

When I apply a freebsd-update , does it only take effect on reboot ?

Without knowing about that tool in particular, I would guess no. For almost all regular files you can replace them while they're running and then simply restart the service to have the update take affect. For kernel patches, yes you will have to reboot.

 

[RedCOMET]

Originally posted by: TGS
I tell you, there is *nothing* worse than a data center that does not have planned outages. Load a security patch on a windows server, and let it sit there without a reboot for a month or two before someone gets a wild hair up their diary air, to allow us to actually get the patches active on the boxes.

All they care is their security tools shows the patch file is on the box. Management sees a high level overview screen, showing the box is "patched" and everyone is happy.

Brilliant. Thats why management gets the big bucks.