When running VMs and containers on a PVE node either clustered to other nodes or not and some particular updates are pushed to the update repository (like updates to the kernel and other pve services), should we restart the nodes after applying these updates or not ?
When to restart PVE ?
- Thread starter Fathi
- Start date
Hi,
in order to get the latest Kernel you will have to reboot at some point. So if you are in a cluster, migrate the VMs/CTs to another host and reboot.
Also, you will have to either stop and start a VM to use a newer qemu version or migrate it to another host.
For most of the updates however there is no reboot needed.
I think that depends on what the updates were that were applied.
I would definitely restart if the updates include kernel patches, or patches to software I rely on. I might not restart if the updates aren't as important to my usage.
I generally do the following for each node in sequence:
- migrate all active vms off to other nodes
- apply the patches
- reboot if necessary
- move the vms back from the other nodes
I would definitely restart if the updates include kernel patches, or patches to software I rely on. I might not restart if the updates aren't as important to my usage.
I generally do the following for each node in sequence:
- migrate all active vms off to other nodes
- apply the patches
- reboot if necessary
- move the vms back from the other nodes
The rule of thumb (and there are always exceptions) is:
1) a userland package change does not require Linux server restart. Qemu is a userland package.
2) to take advantage of updated userland package that service/process needs to be restarted after update. For Qemu it means full (cold) VM restart.
3) a full Kernel update requires system reboot. In production it is beneficial to understand what the kernel changes are and if they are critical for immediate application.
4) it is possible to update Kernel live ( https://tuxcare.com/developer-tutorial-live-patching-debian-10-linux-kernel-with-kpatch/) and PVE kernel appears to enable this functionality. However, standard PVE packaging does not distribute "live kernel patches".
If the system is so critical that it cant take a reboot but still requires an update, the sysadmin would have to live-patch on their own.
Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
1) a userland package change does not require Linux server restart. Qemu is a userland package.
2) to take advantage of updated userland package that service/process needs to be restarted after update. For Qemu it means full (cold) VM restart.
3) a full Kernel update requires system reboot. In production it is beneficial to understand what the kernel changes are and if they are critical for immediate application.
4) it is possible to update Kernel live ( https://tuxcare.com/developer-tutorial-live-patching-debian-10-linux-kernel-with-kpatch/) and PVE kernel appears to enable this functionality. However, standard PVE packaging does not distribute "live kernel patches".
If the system is so critical that it cant take a reboot but still requires an update, the sysadmin would have to live-patch on their own.
Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox