- From: Brad Knowles <
>
- To:
- Cc: Brad Knowles <
>
- Subject: [chef] Re: apt_package_hold or preventing version critical packages from being upgraded
- Date: Wed, 19 Dec 2012 08:58:09 -0800
On Dec 19, 2012, at 8:22 AM, Holger Amann
<
>
wrote:
>
> That way, Chef would never try to upgrade a package in the first place.
>
>
Yeah, chef is not the problem in that case. But sometimes there are more or
>
less tons of system packages which are to be upgraded due to bug or
>
security fixes. If you're (or a staff member) doing 'apt-get upgarde' and
>
you're seeing about 80 packages to be upgraded, how do you manage that?
Don't allow anyone to do that manually. All package management should be
done exclusively through Chef. In fact, all systems management of all types
should be done exclusively through Chef.
If there is ever an emergency need to have an exception to this rule, and
that same emergency happens more than once, you should think about updating
your Chef recipes to be able to handle that emergency so that you don't have
to do that manually anymore. Or, at the very least, you should be able to
manually kick off the appropriate Chef process.
--
Brad Knowles
<
>
LinkedIn Profile: <
http://tinyurl.com/y8kpxu>
Archive powered by MHonArc 2.6.16.