[volunteers] Fwd: [web-team] Linode Support Ticket 5649987 - Critical Xen Maintenance / Reboot Schedule

Rick Moen rick at linuxmafia.com
Sun Dec 13 18:36:35 PST 2015

Previous message: [volunteers] Fwd: [web-team] Linode Support Ticket 5649987 - Critical Xen Maintenance / Reboot Schedule
Next message: [volunteers] (forw) [web-team] Linode Account Usernames
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Tim Utschig (tim at tetro.net):

> AFAICT the only two public services this host provides are DNS
> (nsd3) and HTTP (lighttpd)

Appears to be right, except that you omitted sshd.  ;->  Other daemons:

nullmailer:  Outbound-only simple SMTP forwarder to ensure that root's
mail goes to an off-system receipient (just me, at the moment).

crond
syslogd, klogd
udevd and crud related to that
upstart stuff (note obsolete)  related to udev*

Notice that the host runs as DHCP client owing to something arcane about
how Linode operates.  Also, note that the Lighttpd setup includes a
vital bit of plumbing to support FastCGI.  At least, that _used_ to be
vital, but I haven't checked closely since Lisa reworked the whole HTTPd
setup to support PHP.

Micah Dowty originally (2006) had the host run other stuff:  snmpd,
svnserve, inetd.   Over the years, I've carefully pared down the bloat,
and fixed a number of sysadmin errors and omissions.  (For example,
svnserve wasn't actually needed, but was enabled somewhat lazily by
someone (er, Lisa), so I turned it and xinetd off, realised our svn
setup broke, fixed the svn serup to no longer need svnserve, and then
everything was happy.  

To slightly correct my post of ~1/2 hour ago, the breakage introduced
with NSD 3.x replacing 2.x wasn't a total surprise, and I warned about
it in advance in the file in the site-docs directory called ChangeLog, 
which I earnestly recommend Tim and any other core volunteers read
(_and_ maintain whenever making system changes).  Also, just to be fair
to Canonical, Ltd., they did at least note the NSD discontinuity by
intrudocing new package nsd3 to replace earlier package nsd.  So, in a
way, the one package's conffile, etc. being incompatible with the
earlier one's is understandable:  These things happen.  OTOH, the forced
upgrade and lack of warning except something saying the equivalent of
'Oh, by the way, your NSD setup is now broken.  Have a nice day!' really
pissed me off and did nothing for my already poor estimate of Ubuntu's
suitability for critical systems.

I have kept us on the LTS (long term support) track, but we are now
behind.

Important:  Linode publishes Linode-specific docs for many such
upgrades, and it is important to seek out and follow them.  In this
case:
https://www.linode.com/docs/security/upgrading/how-to-upgrade-to-ubuntu-14-04-lts

Note that one Linode peculiarity is the that running kernel's on-disc
location is NOT within the VM disc.  That is why, as you'll see in the 
ChangeLog, I eliminated /boot (because the kernel and all of the
boot-related plumbing aren't in the VM at all), and also eliminated 
/opt, /sys, and /selinux at that time, too, as they are not used at this
time in our system.


*The latest Ubuntu LTS still uses Upstart as the default init.  This
will be changing later.

Previous message: [volunteers] Fwd: [web-team] Linode Support Ticket 5649987 - Critical Xen Maintenance / Reboot Schedule
Next message: [volunteers] (forw) [web-team] Linode Account Usernames
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the volunteers mailing list