Submitted 1 day ago by PlanterTree@discuss.tchncs.de to selfhosted@lemmy.world
Or asked the other way around: How long do you keep your servers running without installing any software updates?
update means something like
sudo dnf update
or something …
apt-get upgrade apt-get update
All systems, daily via a single ansible script. That’s apt update, upgrade and reboot if needed (some systems set to only reboot with a separate script so I can handle them separately).
Rarely have any sort of problems.
Mine is set to update all the stuff I use, and the OS, automatically whenever an update is available. 🤷♂️
Anything exposed to the internet gets a daily / weekly update, depending on how exposed it is, how stable the updates are and how critical a breach would be. For example nginx would be a daily update.
Anything behind a vpn gets a more random update schedule mostly based on when I feel like it (probably around once a month or every other month)
Usely every 3/4 months roughly. I try to remeber to update. The base. Server. And docker based things! /webserices. I update. Sparingly. Every few new versions. As I am the only user of my server. I don’t have a high need to update. So I update only if a new future. Is added or a mayor bug /security patch.
First Friday of the month. Easy to remember.
Depends, on how critical something is…since we deal with servers / customers at work that often are purposely not adjusted for years…because introducing a different behaviour (even if better) would grind production to a halt, I take a not careful approach.
I was using OpenSUSE Leap, and with zypper you can review which patches are available, whether they are critical or run recommended or not needed. You can then apply which specific patch you want be CVE if necessary.
But with Leap’s path seaming messy at the moment, I moved to Tumbleweed, since you have snapshotying built in. If an update did mess something up you just rollback to the previous snapshot and in less than a minute it is fixed
Got apticron set up on my servers or similar solutions to get notified when updates are available. Then usually, from time of notification +1 or 2 days.
And for containers auto updates once every day.
Every day to once a week, depending on free time
bjoern_tantau@swg-empire.de 1 day ago
Automatic upgrades handle the security patches. Everything else maybe once a month. My big services like Nextcloud auto update as well.