Linux weekly maintenance

Maintenance schedule

Installation of patches is done during the shutdown procedure, with the following options for desktop users:

  • To save energy and still install patches, just logout and shutdown manually before you leave.
  • Else the shutdown procedure will be part of the weekly reboot in the night from Sunday to Monday.

Most of the needed maintenance can be done during shutdown procedures. Only by exception will we request you to keep your desktop switched on.

The shutdown implies that all sessions and background jobs are killed. The patch installation will start usually whithin a minute and announced by a message including instructions to show the progress.

Which systems

The schedule applies to all the Linux workstations, but not the servers.

Requesting postponement

You can ask for postponement of maintenance at the helpdesk:

  • Postponement for 1 week is granted almost without questions, if no urgent security-patches are pending.
  • Postponement longer than 1 week needs to be considered with BCF.

Why patch, my desktop is working fine

Are you sure? To put it mildly, not all software is developed after the rules of Dijkstra.

Security
Linux may seem stable, but they are just snapshots of a development where still lots of arrays exist without proper boundary checking. These arrays are the hacker's entry to exploits. New exploits are discovered each day, published on the internet almost immediately and tried out on our workstations.
Functionality
Bugs that "only" concern functionality, not security, may cause a lot of discomfort, even if you do not experience them directly. For example, we have been struggling for months with a bug that "sometimes" disabled users to log in.

Ok, we need to patch, but why reboot?

The state of nobody-being-logged-in is needed to make sure that the needed resources are available. Else a half-installed patch can arise that would make the system unusable. A reboot is needed anyway to make sure that patches become effective.

Ok, we need to reboot, but why not next week?

Security patches should be applied immediately. We could postpone functional patches to an "opportune" moment, but 400 users have different opinions about which moment that is. Allowing different patchlevels has a number of disadvantages:

  • Even small deviations in patchlevels can cause facilities not to work, which we can only test on the most recent patchlevel.
  • Teachers expect that whatever they prepare on workstation A still works if they start their course and have students try it out on workstation B, which may be svstud.
  • In case you ask for support, note that we cannot keep the consequences of different patchlevels for over 100 desktops in our mind. If your workstation is trailing by one or more patchlevels, we may decide to suspend support until the patchlevel is restored to the current level.
  • Even "simple" facilities such as homedirectories, mail and printing are still developing and still require transitions to new versions or more diskspace.
    Preparing such transitions will take more time for different patchlevels.

Advantages of reboot for users

Although Unix is known for long up-times, this does not imply that all facilities remain available.

It is difficult to find all dangling processes and remove them automatically. Such processes occupy resources:

  • Processor cycles
  • Memory, although often swapped away
  • References to filesystems of servers that no longer exist

The references to not existing filesystems can even block other processes, for example if they look for their "current working directory" (pwd) and cross a directory which contains the mountpoint to the not-existing filesystem in a clumsy way.


Contact us | Webmaster

Questions? Mail to helpdesk.win@tue.nl