On 03/28/2013 11:38 AM, Nick Khamis wrote: > Hello Everyone, > > Just got a ticket assigned to me where we need to update our production > servers. > > uname -a > Linux noun 3.4.9-gentoo #2 SMP Sat Oct 13 09:35:07 EDT 2012 x86_64 > Intel(R) Xeon(TM) CPU 3.60GHz GenuineIntel GNU/Linux > > eselect > [18] hardened/linux/amd64 * > > I don't think they have been updated since the initial install and > wanted to get a little feedback on some safe practices and methods > that should be performed before and while doing so.
This isn't that old, you'll be fine. First run an emerge --sync to update the tree. Then list everything it wants to upgrade: emerge -puDN1 world Once you have that list, go through a few at a time, updating non-essential packages. For example, emerge -u1 timezone-data man-pages ... Every once in a while, run a revdep-rebuild. If you have service monitoring (e.g. Nagios), great, it'll alert you if something breaks. If not, you'll have to test the services yourself every few packages. And don't forget to open a counter-ticket for someone to implement a monitoring solution, already. After a while, only important packages (apache, mysql, postfix...) will be left. Do those one at a time, and restart the services afterwards. Read the release notes first. Run revdep-rebuild. Check that the services work. Finally, you'll be left with the guaranteed-to-break updates like grub2 (50/50) and udev (100% you're fucked prepare for downtime). Grub2 can of course be skipped until the hardware dies. Best of luck to you with udev =)
