Ask Your Question
0

Best practices for Fedora servers?

asked 2015-02-11 05:09:51 -0600

laur gravatar image

Matthew Miller wrote in the Fedora Magazine, about Fedora already being used on the server:

There are big, serious deployments in the real world.

I think that the Fedora Project also runs quite a number of Fedora servers, along with RHEL/CentOS (they mentioned using Ansible for deployments). The System Administrator's Guide and Security Guide already offer a lot of information about managing and securing a Fedora system; is there any document detailing best practices for running Fedora on servers in production? CentOS is not an option, due to its missing Python 3 support.

I am especially interested in minimizing downtime and the frequency of reboots. Would it be better to use the previous, still-supported release, due to less frequent systemd updates? Perhaps applying just security updates (yum update-minimal --security)? Maybe consider every server disposable, running Fedora Cloud, and setup automatic replication and fail-over, everything behind a load balancer?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2015-02-11 15:32:28 -0600

sideburns gravatar image

Generally speaking, there are very few Linux programs other than the kernel that need you to reboot after an update. Most of the time, all you need to do is restart the programs you just updated, or which use the affected libraries and you're good to go. My suggestion is to do this, as root, after every update:

needs-restarting

It needs root because it examines parts of /proc that only root can read, but if I'm not mistaken, you'll end up with the right answers even if you run it as a regular user. (Using root makes the output much more easy to read.) Do be warned, however, that if you've installed a new kernel, you'll need to reboot, but the script won't remind you of it. Most of the time, you'll either need to exit and restart a few programs or restart one or more services to get the latest version up and running. The script is part of yum-utils so it's probably installed already.

edit flag offensive delete link more

Comments

Thanks! I know about needs-restarting (using Linux almost exclusively since around 1998 - I started with RedHat Linux 4.2). Besides kernel updates, you also need to restart the system after updating glibc or systemd. In both cases, you don't want to have programs still seeing the old copy communicating with programs using the new version - which is why Fedora Workstation now performs such critical updates during shutdown, and only does that about once per week. On a server, you can just restart the daemons as needed, but systemd updates are happening pretty often (mostly enhancements and bug fixes, I guess).

laur gravatar imagelaur ( 2015-02-12 02:37:46 -0600 )edit

Question Tools

2 followers

Stats

Asked: 2015-02-11 05:09:51 -0600

Seen: 628 times

Last updated: Feb 11 '15