无需重启即可升级 - 实践中会发生哪些问题? [英] Upgrades without reboot - what kinds of problems happen in practice?
问题描述
如果更新,在重启前会出现哪些问题?如果您使用无人值守升级来应用安全补丁,这种情况尤其常见.
If you update, what kinds of problems can happen before you reboot? This happens especially frequently if you use unattended-upgrade to apply security patches.
共享对象被替换,因此程序之间可能会不同步.
Shared objects get replaced and so it is possible for programs to get out of sync with each other.
重启前你能安全走多久?
How long can you go safely before rebooting?
说明:
我所说的程序能否彼此不同步"是指一个二进制文件具有共享对象的较早版本,而新启动的实例具有共享对象的较新版本.在我看来,如果这些版本不兼容,则两个二进制文件可能无法正确互操作.
What I meant by "can programs get out of sync with one another" is that one binary has the earlier version of the shared object and a newly launched instance has the newer version of the shared object. It seems to me that if those versions are incompatible that the two binaries may not interoperate properly.
这种情况在实践中经常发生吗?
And does this happen in practice very often?
更多说明:
我所了解的更多是安装程序通常会启动/停止依赖于共享库的服务,以便他们获得新版本的 API.如果他们获得了所有依赖项,那么您可能没问题.但是人们是否经常看到安装程序缺少依赖项?
What I'm getting at is more along the lines that installers typically start/stop services that depend on a shared library so that they will get the new version of an API. If they get all the dependencies, then you are probably ok. But do people see installers missing dependencies often?
如果服务被编写为兼容所有以前的 API 版本,那么这将不是问题.但我怀疑通常没有完成.
If a service is written to support all previous API versions compatibly, then this will not be an issue. But I suspect that often it is not done.
如果有内核更新,特别是如果有不兼容的 ABI 更改,我看不到您如何获得所有依赖项.我一直在寻找关于事情是否以及如何翻转"以及人们是否在实践中观察到这一点的经验,无论是内核更新还是库/包更新.
If there are kernel updates, especially if there are incompatible ABI changes, I don't see how you can get all the dependencies. I was looking for experience with whether and how things "tip over" and whether people have observed this in practice, either for kernel updates or for library/package updates.
是的,这可能应该被放入 ServerFault...
Yes, this probably should have been put into ServerFault...
推荐答案
一个可执行文件在任何时候都有两个版本;一个在内存中,一个在磁盘中.
There are two versions of an executable file at any moment in time; the one in memory and the one in disk.
更新时,磁盘上的会被替换;记忆中的那个是旧的.如果它是一个共享对象,它会一直留在那里,直到每个使用它的应用程序退出;如果是内核,它会一直存在,直到您重新启动.
When you update, the one on disk gets replaced; the one in memory is the old one. If it's a shared object, it stays there until every application that uses it quits; if it's the kernel, it stays there until you reboot.
坦率地说,如果它是您正在更新的安全漏洞,则该漏洞会一直存在,直到您加载(希望)修补版本.因此,如果它是内核,则在重新启动之前您是不安全的.如果它是共享对象,则重新启动可确保安全.
Bluntly put, if it's a security vulnerability you're updating for, the vulnerability stays until you load the (hopefully) patched version. So if it's a kernel, you aren't safe until you reboot. If it's a shared object, a reboot guarantees safety.
基本上,我会说这取决于漏洞的类别.如果它是安全的,请重新启动受到影响的任何东西.否则,除非该错误对您产生不利影响,否则我不会担心.如果是内核,我总是重启.
Basically, I'd say it depends on the category of the vulnerability. If it's security, restart whatever is affected. Otherwise, well, unless the bug is adversely affecting you, I wouldn't worry. If it's the kernel, I always reboot.
这篇关于无需重启即可升级 - 实践中会发生哪些问题?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
