Is it recommended to run Ubuntu Server updates on a live server?
When I ssh into an Ubuntu server which is running a live web site, I see the following messages:
2 packages can be updated.
2 updates are security updates.
At that point, I can update and upgrade with the following command:
sudo apt-get update
sudo apt-get upgrade
Is it recommended to run the above on a live server with mission critical applications?
Solution 1:
Short answer is no.
It is best to carefully choose and test the updates prior to applying them in your production environment. Before I run and updates on production machines they first get applied in a QA environment and run through a suite of tests to makes sure that they work as expected.
Solution 2:
If you run apt-get --just-print upgrade
and apt-get --just-print update
he would show you the packages.
I see you are using 10.04. Everything they put in those repo's is tested profoundly, so you should be safe.
Solution 3:
In my experience none of my services have ever been disrupted by an apt-get update
/apt-get upgrade
. However, if it's mission-critical, you should take precaution and warn users of impending maintenance, and schedule it at a time of least disruption. Nothing is likely to go wrong, but do this if you want to be safe.
Also, listen to sreimer below (or above), if it's really mission-critical, defintely test it on a non-production system first.
Solution 4:
This is why we have a test server with the same environment and the same applications, so we can see what happens when we upgrade, and make sure everything will still work.
Without that, you're going to have to get apt to tell you what packages it wants to upgrade, and see if those packages are used by your mission critical applications. If this is a webserver and it wants to upgrade apache, then you'll need to expect at the absolute best a minute or two of downtime while it stops the server, upgrades the files, then starts it again. Some libraries require restarting some servers, others don't.
Solution 5:
In general, it's always a good idea to have a test environment. Even with small projects, whenever possible I try to keep a copy of my environment in something like an EC2 image so that I can break things without fearing for production.
Absent a test environment: running apt-get --just-print upgrade should show you the list. Upgrade only the packages you don't expect to touch your application.