PVE hosts package upgrade - Best practice and tips?

M

monotroska

New Member
Jul 27, 2023
2
0
1
Hello everyone.

Have a handful of PVE hosts running in a cluster. I was wondering how everyone approached everyday upgrades?

Do you wait for kernel or major PVE upgrades to be available, migrate all the VM's, upgrade and full restart?
Or do you upgrade smaller packages for the hosts as they become available? In that case, do you migrate the VM's or simply let them run?
Got one host you test upgrades on first?
Are there any packages you wont update while VM's are running? For example qemu, pve-manager or libc or something else?
What about if your running containers? More focus on upgrades in that case?

Look forward to hearing some inputs on how everyone else manages their upgrades. Any tips on making the task fast and secure?

Best regards,
Mono
 
There is a script from tuxis that will migrate the VMs to other nodes and later back. Maybe this could be helpful in an upgrade script? Migrate all VMs, do upgrade, reboot, migrate VMs back.

And yes, a test server is useful, but would be best with a homogenious cluster. Wouldn't help much if a kernel upgrade for example screws up some drivers but the test server is using different hardware so you don't encounter a problem.

And a subscription of cause would help, so you aren't betatesting for enterprise repo users ;)
 
Last edited:
monotroska said:
Or do you upgrade smaller packages for the hosts as they become available?
Click to expand...
Depends on the severity of the security implications.

monotroska said:
In that case, do you migrate the VM's or simply let them run?
Click to expand...
Again, depends on the update. If this is a PVE QEMU update, it is different from e.g. recent OpenSSH patches.

monotroska said:
Are there any packages you wont update while VM's are running? For example qemu, pve-manager or libc or something else?
Click to expand...
Yes and it is very hard to find out which.
 
Dunuin said:
There is a script from tuxis that will migrate the VMs to other nodes and later back. Maybe this could be helpful in an upgrade script? Migrate all VMs, do upgrade, reboot, migrate VMs back.

And yes, a test server is useful, but would be best with a homogenious cluster. Wouldn't help much if a kernel upgrade for example screws up some drivers but the test server is using different hardware so you don't encounter a problem.

And a subscription of cause would help, so you aren't betatesting for enterprise repo users ;)
Click to expand...
Thank you for the link. Looks like a great script. We will certainly look into that in order to make our tasks easier.
Valid point about being betatesters ;)

LnxBil said:
Depends on the severity of the security implications.


Again, depends on the update. If this is a PVE QEMU update, it is different from e.g. recent OpenSSH patches.


Yes and it is very hard to find out which.
Click to expand...
Thank you for the advice. I agree there are no black and white. Its always on a case by case basis in the end.

Best regards,
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom