Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:server_os_updates [2019/12/17 07:43] fiserp [Performing the OS update] |
tutorial:adm:server_os_updates [2019/12/17 07:53] fiserp [Solving issues] |
||
---|---|---|---|
Line 42: | Line 42: | ||
- Perform the update | - Perform the update | ||
- Begin the maintenance. | - Begin the maintenance. | ||
+ | - Disable monitoring system notifications. | ||
- (If you use hot snapshots, make one.) | - (If you use hot snapshots, make one.) | ||
- Make sure no user or external application can access the IdM. | - Make sure no user or external application can access the IdM. | ||
Line 53: | Line 54: | ||
- Make backup of ``/boot``, ``/etc``, list of processes ``ps -ef`` and list of network services ``netstat -tulnp`` (or ``ss -tulnp``). Those dumps will help you check if all the services started. You can also recover some settings from backups in case something goes wrong (in a minor way) - you will not need to roll back whole snapshot. | - Make backup of ``/boot``, ``/etc``, list of processes ``ps -ef`` and list of network services ``netstat -tulnp`` (or ``ss -tulnp``). Those dumps will help you check if all the services started. You can also recover some settings from backups in case something goes wrong (in a minor way) - you will not need to roll back whole snapshot. | ||
- Perform the update (e.g. ``yum update``). | - Perform the update (e.g. ``yum update``). | ||
- | - Reboot the affected services or the whole machine if necessary. | + | - Restart |
- When the machine is up, check ``dmesg`` and ``/ | - When the machine is up, check ``dmesg`` and ``/ | ||
- Check running processes and network services whether everything started properly. | - Check running processes and network services whether everything started properly. | ||
- Namely PostgreSQL and HTTPd should be up and running. Those are parts of IdM deployment. | - Namely PostgreSQL and HTTPd should be up and running. Those are parts of IdM deployment. | ||
- If everything is ok, start the IdM service. | - If everything is ok, start the IdM service. | ||
- | - Enable autostart of IdM service upon OS start. | ||
- Check IdM logs whether it started successfuly. | - Check IdM logs whether it started successfuly. | ||
- Log into the IdM and test connection to end systems (configuration form for the system, green button "Test connector" | - Log into the IdM and test connection to end systems (configuration form for the system, green button "Test connector" | ||
- Check your testing use-cases. | - Check your testing use-cases. | ||
+ | - Enable autostart of IdM service upon OS start. | ||
+ | - (If there were changes to the database (e.g. PostgreSQL major version upgrade), make a backup of the upgraded database.) | ||
- Allow users to access the IdM. | - Allow users to access the IdM. | ||
+ | - Enable monitoring system notifications. | ||
- End the maintenance. | - End the maintenance. | ||
- Wrap-up | - Wrap-up | ||
Line 72: | Line 75: | ||
< | < | ||
- | ==== Solving | + | ==== Resolving |
For maintenance actions, it is necessary to: | For maintenance actions, it is necessary to: | ||
* Know how long each task will take and to measure the task duration when actually performing them. | * Know how long each task will take and to measure the task duration when actually performing them. | ||
Line 80: | Line 83: | ||
* Know how long (at worst) the whole rollback will take (rollback time **RT**). | * Know how long (at worst) the whole rollback will take (rollback time **RT**). | ||
* Have a maintenance window that spans at least **MT**+**RT** with some extra time **ET**. | * Have a maintenance window that spans at least **MT**+**RT** with some extra time **ET**. | ||
- | * You are not able to safely perform the maintenance in shorter window, there is simply not enough time. If something goes wrong, you need at most **RT** time to perform the rollback! | + | * You are not able to safely perform the maintenance in shorter window, there is simply not enough time. If something goes wrong, you will need **RT** time to perform the rollback! |
- | * If you do not have any **ET**, if anything goes wrong you have to perform rollback procedure. Therefore, **ET** gives you some time you can spend on solving the issue so you can carry on with updates. | + | * When you have no **ET**, if anything goes wrong you have to perform rollback procedure. Therefore, **ET** gives you some time you can spend on solving the issue so you can carry on with updates. |
- | + | ||
- | You should have a rollback procedure that can safely restore the deployment. This depends on your environment. | + | |
- | + | ||
- | Fortunately, | + | |
- | Minor issues can be generally resolved with the help of ``/boot`` and ``/etc`` backups you created before updating the OS. | + | |
- | If IdM installation gets hit, you can debug the configuration or restore it from periodic backup. Since IdM is not installed from OS packages, this basically never happens. | + | * You should have a rollback procedure that can safely restore the deployment. |
+ | * This depends on your environment and on the way you updated OS packages. | ||
+ | * Fortunately, | ||
+ | * After restoring the snapshot, you have to perform tests (with test use-cases) to confirm the rollback was performed correctly. | ||
+ | * Minor issues can be generally resolved with the help of ``/boot`` and ``/etc`` backups you created before updating the OS. | ||
+ | * If IdM installation gets hit, you can debug the configuration or restore it from periodic backup. Since IdM is not installed from OS packages, this basically never happens. |