On Tue, Jul 22, 2025 at 10:04:28AM +0200, Anders Andersson said:
I'm all for *manual* daily restart of servers like this, but I would
only do automatic restart if the server has all its configuration and
storage read-only, and hardly even then. Too many things can go wrong
unexpectedly at startup, not necessarily from malicious sources. If
something happens, you better be there to fix it if you care at all
about the service.
I've been managing all my server configurations with Puppet (and to some
extent Ansible) for an embarassingly long time at this point and it will
quite happily restart services or even reboot servers when it needs to
to enforce the specified configuration state. I've done this both for
small services and at scale and it has served me well.
The other upside is I barely need to backup servers, just the
repositories and user data. When I do major version OS upgrades I can
just wipe the system and reinstall from scratch and let the
configuration management re-apply the needed customizations. Keeps the
DR plan fresh, too.
--
Please direct replies to the list.
