How to update server regularly?

Hi! I’m very glad with how easy it is to manage my server provision using Cleavr. But (there always has to be a but), my server has been running for about a year and I did not install any updates :sweat_smile:

So, I searched a bit and ssh’d into my machine to run some update commands. All is (almost) well but I’d like to confirm that this is the correct way of doing things. Could you see whether this is okay?

Commands I ran:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
sudo reboot now

A couple of challenges I had along the way:

  • I was asked about different configuration files that had changed (and choose to keep the existing file in all cases).
  • After apt-get dist-upgrade I was suddenly running PHP 8.1 instead of PHP 8.0. Can that be prevented? By running update-alternatives --config php I could switch back to the correct version.
  • The update is done for >10 minutes now but CPU utilisation is still at 100% (~80% user, ~20% system). Will check this again in a bit to see whether it stays that way.

Would appreciate any feedback so I can create a nice routine to do this more regularly from now on :slight_smile:

Cheers,

Barry

Fixed the CPU utilisation issue. Yesterday I removed some sites from this server, including 1 Nuxt SSR app. Apparently, NodeJS still thinks it needs to run that app and it fails. I hit repair on the NodeJS service and that fixed the CPU issue. Would live to know how I can go about removing the app, it is still reported in the PM2 status:

Hello Barry,

Thanks for the kind words and we are flattered to hear that you find it easy but (a fine gentleman once said that there always has to be a but) let’s answer your questions first :wink:

Regularly running sudo apt-get update is safe but we highly recommend NOT running sudo apt-get upgrade and highly recommend AGAINST running sudo apt-get dist-upgrade unless you are absolutely sure that’s what you want to do for whatever reason. In my life I’ve only found one time where I had to absolutely upgrade the distribution - the infamous Heartbleed Bug.

Any kind of upgrades is very very dangerous as they might break packages in an unrecoverable way and will silently upgrade dependencies that your app might be depending on. And to make things worse, sometimes you find these issues down the road.

If you want to upgrade a specific package, we actually recommend just upgrading the package:

apt-get install --only-upgrade <packagename> This will upgrade only that single package, and only if it is installed.

Hi,
the first one updates only the packages list :slight_smile:
To install the recent updates for php, sshd, mysql, etc you need to run the upgrade command too.
I agree installing the distribution is some you should not do with any serious backup plan

1 Like

Thanks both for sharing, I guess I should have asked about this before running those commands :slight_smile:

Ashok, I guess one of the reasons for not running dist-upgrade is that it might also interfere with the services I have installed using the Cleavr interface. Is there a preferred way to update the underlying server in a more fundamental way, say upgrade the Ubuntu version? Should I provision a new server and move my site(s) over?

Cheers,

Barry

If you really need to upgrade the distro itself, then, even though it sucks to have the resources transferred, that’s probably the best way.

Given the fragility of doing an upgrade, Cleavr will probably never support distro upgrade, however, we might consider adding a way to upgrade individual packages based on users’ feedback.

To be honest, I don’t really need it at all. It mostly comes from the (perceived) need to keep things up-to-date. Not sure what the security risk is of running a more outdated Ubuntu distro…

For me, moving the site over to a new server is most of the work. If you could build something that copies the site/webapp to another server that would save me time. For me, it is all about the server settings and configuration (env) because there is no data stored on the server other than the code. User uploads and that kind of data go to S3 or similar services.

Understandable and the main reason why Cleavr only uses LTS (long term support) version of Ubuntu as an image for your server, which means you get security updates for almost half a decade!

We already have and it is currently going through QA :slight_smile: Site migration across servers is a tricky business so we are going to keep it behind a feature flipper for some time and enable it for only few users. If you want to try it out, let us know and we will enable it for you and then notify you as soon as it is out.

1 Like

Is there a feature planned in future that handles safe non-breaking updates right from the cleavr dashboard and sends the update log to the mail or other notification provider? Would love to see this. :slight_smile:

There is now! Thanks for sharing your feedback. We have added it to our backlog. There are a couple of awesome goodies we are working on right now so this won’t take priority over them but rest assured, it is high on the list.

2 Likes