On Wed, 13 May 2015 08:45:08 -0400 (EDT) Kamil Paral kparal@redhat.com wrote:
- Will need to be more diligent about keeping dev/stg on updates-testing so that we don't get any nasty surprises in
production
I don't have much advice about the other points, but this one caught my attention. Do we really need to use updates-testing for dev/stg? That might be quite problematic, because anyone can submit anything, no matter how broken, into updates-testing. Wouldn't be a safer approach to update dev daily (and stg e.g. every other day) from stable updates? And production would be updated weekly or bi-weekly (or however often we need it), with the exception of security updates. Security updates would be applied to dev/stg immediately and after a few jobs were successfully executed, it would be applied to production. Would this approach work?
Yeah, I'm not dead set on using updates-testing in that scenario - it was just the easiest way to express the "test updates on dev/stg before they make it to production. I probably could have been more specific
Something like that could work as long as we were careful about only applying non-security updates on prod that had been sufficiently tested on dev/stg. At the moment, security updates are applied automatically on our fedora machines via cron job.
The one thing I'd like to improve on if we continue to use fedora is regular updates. At the moment, I try to apply updates to everything every couple of weeks but it's not a set schedule and I'd like to improve that. I'm open to suggestions on what that schedule should be and how to implement it (reminders to folks with access, cron-ish, etc.) if we go that route.
I guess the approach with security updates would be the same, no matter whether it's Fedora or RHEL. So the only difference in the volume and speed of standard updates.
Yeah, that leads into one of the disadvantages of running Fedora - more frequent updates and especially more frequent kernel updates that require a reboot.
This doesn't mean I'm in favor of running Fedora, I think you have much more experienced view on this. I'm just thinking aloud about some of the details.
Yeah, it's a good point. Thanks for pointing this out.