++1 2. I would like to have an operating system that I can boot or reboot on multiple servers and know that it's going to be consistent. If there needs to be a patch, I really don't want to have that happen in real time; I'd much rather have a set of patches that I can stage before applying, which would then let me define or create a new, consistent operating system to which I can upgrade my servers. We have a policy that patches or fixes have to go through some level of testing before they run on a production system. How does patching-on-the-fly satisfy any kind of change management? Is there no way to say that I don't want patching-on-the-fly for this particular server, or for these hundred servers? Is it not possible to stage updates?
R; Rob Hamilton Infrastructure Engineer Chemical Abstracts Service -----Original Message----- From: Linux on 390 Port <LINUX-390@VM.MARIST.EDU> On Behalf Of Dave Jones Sent: Wednesday, September 4, 2019 3:31 PM To: LINUX-390@VM.MARIST.EDU Subject: [EXT] Re: NSS not possible in SLES 12 [Actual Sender is owner-linux-...@vm.marist.edu] ++1 You guys are going backwards.... DJ --- DAVID JONES | MANAGING DIRECTOR FOR ZSYSTEMS SERVICES | z/VM, Linux, and Cloud 703.237.7370 (Office) | 281.578.7544 (CELL) INFORMATION TECHNOLOGY COMPANY On 09.04.2019 12:03 PM, Rick Troth wrote: > On 9/4/19 11:39 AM, Christian Borntraeger wrote: >> On 04.09.19 16:41, Scott Rohling wrote: >>> Let's start with who or what said it wasn't possible.... ? >> [...] >>>> Just to be sure, by "nss" I meant Named Saved System. >> [...] >>>>> what is the reason for nss not being possible with SLES from >>>>> version 12? >> [...] >> >> The Linux kernel now makes use of self-patching in several places and >> several core >> features would no longer work without those. To make NSS possible, >> the NSS would >> need to have a copy-on-write semantics instead of being read-only. >> With global patching >> we would copy almost everything over time making the feature not >> useful. >> >> So the feature was not only removed in SLES but will go away in other >> future distros >> and it is no longer part of the upstream kernel. > > > What's this? a little uptime funk? That's cool as long as it _doesn't > break other things_. > > Seriously? You whacked NSS for live patching? Don't! (Too late.) > https://www.youtube.com/watch?v=SYRlTISvjww > > > Bad enough all the PUTTERING around in userland, even INIT, but now the > kernel's borken too. Babies and bath-water both banished. Bummer! > > > Hey, hey, hey, HAY ... Stop! ... wait a minute ... I'm a fan of > advances > (hallelujah!), but not at the cost of flexibility. > > I believe y'all killed XIP too, right? That was brilliant. (NOT) > > > Not all the world's containers (or whatever shiny thing). Don't believe > me? Just watch: I'll introduce you to a container escaper and > kubernetes > breaker. > > > -- R; <>< > > > > > > > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 > or visit > http://www2.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390 Confidentiality Notice: This electronic message transmission, including any attachment(s), may contain confidential, proprietary, or privileged information from CAS, a division of the American Chemical Society ("ACS"). If you have received this transmission in error, be advised that any disclosure, copying, distribution, or use of the contents of this information is strictly prohibited. Please destroy all copies of the message and contact the sender immediately by either replying to this message or calling 614-447-3600. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
