Errata Installation Affect Running Processes?
Does errata installation affect a process that is currently running or do running processes require a reboot/restart to be impacted by new errata?
Responses
Good Morning Brian,
You could find an answer to your question in the RHEL 7 Security Guide, Chapter 3.1.3. Applying Changes Introduced by Installed Updates.
Also you could use the program needs-restarting to check wether a service/system restart is required or not after applying updates to your system. See needs-restarting(1) for additional information.
Here is an example output from an already up-to-date system:
# needs-restarting -r
No core libraries or services have been updated.
Reboot is probably not necessary.
Hope this helps, Joerg K.
Hi Brian,
There are different opinions about what would be the best practice. Applying updates like a new kernel definitely require a restart. Applying updates for applications don't necessarily - but to be on the safe side, it is always a good idea to reboot the system after updates are deployed, right because all services are restarted correctly and this practice prevents you from experiencing issues. :)
Regards,
Christian
I respectfully disagree. Applying errata most certainly can affect running processes, in at least two ways that I know of:
1) Updating certain packages will cause the daemon associated with the package to be restarted (e.g. OpenSSH package update -> sshd process is restarted; httpd (apache) package update -> httpd process is restarted).
2) In the specific case of Apache, I believe due to its default forking model, the 'httpd' process can hang if the 'glibc' package is updated such that the on-disk copy and in-memory copy no longer match. So when patching 'glibc' on a server running Apache, you must either stop and restart 'httpd' service or reboot the system.
Since O.P. is dealing with "uptime-critical" systems, I assume they have a test environment where they can confirm if either of these issues is present or not - then perhaps the overall patching process could be broken up into a bulk portion, run ahead of time with "sensitive" packages excluded, followed by a final "yum -y update && shutdown -r now" (or something like that) during the downtime window.
Hi James,
Yes, you are right ... and as it is with everything in life - there always exist some exceptions. Not to be misunderstood, I generally recommend to run upgrades when the systems are not in (production) use and to reboot the system afterwards, right as I said in my first response. I think what Brian meant was, if it would be dangerous running upgrades while users are doing their "normal" work, like editing files, working on documents or browsing the web. I think Brian is aware of the risks and acts accordingly ...
as he said - I'll quote : "Before, the owners would shut all applications down, then say it is OK to begin updating." But to make my statement above somewhat more precise - I have added "in most cases". :)
Regards,
Christian
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
