Just OS security updates? This sounds far more complicated than a simple `apt-get upgrade` or `yum update` every month. If there happens to be new kernel that month, throw in a `reboot`, too. I'd argue that OS updates should be done when needed, sometimes in a much faster cycle than monthly, in order to prevent 29 days of possibly sitting vulnerable to known exploits.
Your data migration process sounds generally reasonable, if that's what you have to deal with policy-wise. Automate the steps you are taking manually and loop over the new DC data consistency checks to verify you're ready to cut off the old DC. As your data grows or shrinks, the time to migration completion with change, so the validations need to be solid. This just sounds like a painful exercise to perform every month. At some large data size, it's possible that a month may not be enough time to complete. This is the sort of migration I would see as totally reasonable for a complete OS major version upgrade, for example from Ubuntu 16.04 to 18.04, when that new OS version has been prescribed by the security policy writers, but not simple OS updates, in my opinion. -- Kind regards, Michael On 05/27/2017 08:04 PM, Surbhi Gupta wrote: > Thanks a lot for all of your reply. > Our requirement is : > Our company releases AMI almost every month where they have some or the > other security packages. > So as per our security team we need to move our cassandra cluster to the > new AMI . > As this process happens every month, we would like to automate the process . > Few points to consider here: > > 1. We are using ephemeral drives to store cassandra data > 2. We are on dse 4.8.x > > So currently to do the process, we pinup a new nodes with new DC name > and join that DC, alter the keyspace, do rebuild and later alter the > keyspace again to remove the old DC . > > But all of this process is manually done as of now. > > So i wanted to understand , on AWS, how do you do above kind of task > automatically ? > > Thanks > Surbhi > > > On 27 May 2017 at 16:11, Marc Selwan <marc.sel...@datastax.com > <mailto:marc.sel...@datastax.com>> wrote: > > Hi Surbhi, > > The only time I've heard of restacking, it was a specific term a > financial services company used internally to describe a security > related procedure specific to them. > > If this sounds like you/the company you work for, send me a PM > because I don't believe I can share those details in a public > mailing list outside of that organization. > > Best, > Marc > > > On Thu, May 25, 2017, 11:22 AM daemeon reiydelle <daeme...@gmail.com > <mailto:daeme...@gmail.com>> wrote: > > What is restacking? > > *****/ > /* > *Daemeon C.M. Reiydelle > USA (+1) 415.501.0198 <tel:(415)%20501-0198> > London (+44) (0) 20 8144 9872 <tel:+44%2020%208144%209872>*/ > * > *//* > *//*“All men dream, but not equally. Those who dream by night in > the dusty recesses of their minds wake up in the day to find it > was vanity, but the dreamers of the day are dangerous men, for > they may act their dreams with open eyes, to make it possible.” > — T.E. Lawrence*/*/* > > */* > > On Thu, May 25, 2017 at 10:24 AM, Surbhi Gupta > <surbhi.gupt...@gmail.com <mailto:surbhi.gupt...@gmail.com>> wrote: > > Hi, > > Wanted to understand, how do you do automatic restacking of > cassandra nodes on AWS? > > Thanks > Surbhi > > > -- > Marc Selwan | DataStax | Solutions Engineer | (925) 413-7079 > <tel:(925)%20413-7079> > > > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org For additional commands, e-mail: user-h...@cassandra.apache.org
