[Dovecot] Server update strategies (was: Experience moving mailboxes from Dovecot 0.99.14 to Dovecot 1.07 => Improvement possible)

Patrick Nagel patrick.nagel at star-group.net
Wed Aug 6 20:44:34 EEST 2008 

Hi,

it's always interesting to observe and discuss the different update
strategies (although not entirely on-topic)...

On Wed, 06 Aug 2008 11:25:59 -0500, Eric Rostetter
<rostetter at mail.utexas.edu> wrote:
> Quoting Charles Marcus <CMarcus at Media-Brokers.com>:
>> On 8/6/2008, Eric Rostetter (rostetter at mail.utexas.edu) wrote:
>>> Anyone know about Dovecot 1.1.x rpms for Centos/RHEL 3.x?
>>
>> I'd be more interested in upgrading the server to a reasonably  
>> recent version of the distro...
> 
> Unfortunately, it isn't a redundant setup, so an upgrade is downtime.
>
> I've thought about doing an on-line (e.g., yum) upgrade from 3 to 4,
> but I'm not sure 4 would qualify as "reasonably recent" and it would
> still require a reboot, but this is an option and would get me the
> new dovecot rpms at least...
> 
> Since there is no good way to do an on-line upgrade from CentOS/RHEL 3
> to CentOS/RHEL 5, that isn't really an option at this time (too much
> downtime).

How can such an important system be a non-redundant setup? Hardware
breakage (or a cracker, see below) would cause minutes or probably even
hours of downtime...

> I've also had machines that were hardware frozen at older OS versions...
> Though that is not the case in this instance (was for my print server
> I had to recently deal with).
> 
>> This is one huge reason why I like gentoo so much.
> 
> It has nothing to do with gentoo, IMHO.

It has in that way, that there are no releases, no big jumps with lots of
breakage and config file syntax changes... But I definitely wouldn't say
Gentoo is a good distribution for systems that need to be highly available.
(I'm using Gentoo myself on desktops and servers, but none of them do run
really critical stuff).

>> As long as I update it regularly, I never have to worry about a  
>> massive update that breaks everything.
> 
> Same can be said for most distros, but I can't afford the downtime of
> the constant upgrades which mean constant reboots...  That is why
> people pick a "enterprise" solution like RHEL/CentOS, so they can have
> better uptime (with support) than a non-enterprise systems...

"Enterprise system" - surely sounds professional and all ;) But not
rebooting (during scheduled maintenance on a time of week/day where the
least clients will be affected) for a new kernel that fixes a critical
security issue definitely does not. IMHO.

> I regularly have machines with 2 or 3 years of uptime before I need
> to reboot them for an upgrade (they are behind firewalls, in case
> you wonder how I get along on such old kernels).

Maybe you should upgrade your security knowledge along with your kernels ;)
Many (if not most) attacks come from the inside (e.g. via
trojans/viruses/rootkits on client (laptop) computers). Thus, the concept
of something being "secure because behind firewalls" is at least partly
obsolete.

> Obviously, RHEL/CentOS 3.x will end of life, and I'll need to upgrade
> eventually because of that, but the more I can put it off, then better...
> But sometimes you just need to bite the bullet, and that day may be close
> at hand for this server...

Build it with redundancy this time. At least software-wise (for example
using virtualisation), so that you have a test system on which you can
"simulate" a pending update before you roll it out on the production
system.

Patrick.

-- 
STAR Software (Shanghai) Co., Ltd.            http://www.star-group.net/
Phone:    +86 (21) 3462 7688 x 826             Fax:   +86 (21) 3462 7779

PGP key:         https://stshacom1.star-china.net/keys/patrick_nagel.asc
Fingerprint:           E09A D65E 855F B334 E5C3 5386 EF23 20FC E883 A005

More information about the dovecot mailing list