Point by Point then. On Thu, 27 Jun 2002, Ashley M. Kirchner wrote:
> > I need to upgrade a live system, and I wonder how people tackle this > problem. The system hosts users and their websites, email and several other > services. I need to perform a full OS upgrade (mainly because I'm more > comfortable doing that, than the usual Upgrade path), so naturally the system > will be down for quite some time while I reload a new OS, download and install > erratas, perform security updates, blah blah blah, before finally putting it Save your self some down time here and generate an up to date errata image that contains the updates, and hence will be a part of the upgrade. Please refer to http://www.linuxworks.com.au/redhat-installer-howto.html This is good stuff, and thanks to Tony Nugent for providing it to the community. > back online. Doing this will also nuke the system's SSH keys, causing everyone > to have to generate new ones. And I'm not sure yet how to deal with having to This is not correct. I believe if the new sshd finds existing system keys, it will not regenerate new ones. > recreate people's logins - not sure if just pulling /etc/passwd, shadow and > group files from backup and dropping them back in place is all that needs to > happen. "If" the upgrade goes smoothly, this too will be a non-issue. Unless you are repartitioning as part of the upgrade process. Which I try not to do. Is this really and upgrade or an OS wipe and install? > How do you folks deal with having to take the system down to perform an OS > upgrade, without much of a downtime to your users? Overnight? And what > happens if you run into trouble? How do you (politely) tell your users they > can't access their accounts till the system is done being rebuild. Most IT departments have established polocies for server down time (scheduled). Pre-announce a week prior, do so again 3 days prior, and every day until the outage. Give 'em an estimate of the duration. What services won't be available. Who to call for questions or scheduling conflicts. The reason for the first sentence in this paragraph is if you IT dept is not large or you do not have proceedures already established, talk to your peers in other companies and see if you can get a copy of their's to use as a template. > Also, what happens with the Apache SSL key that was once generated and used > to acquire a Thawte certificate? I have the files that were used, but I'm not > sure how to redo that without screwing up the certificate (and consequently > having to buy a new Thawte cert.) Again, I thinks this will be an non-issue for an upgrade, but at the very least you should be able to incorporate the cert in the new instance of apache using the same proceedure as the old one was. Not a strong point of mine, as I've not delved into certs yet. _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
