From: | Mark Morgan Lloyd <markMLl(dot)pgsql-general(at)telemetry(dot)co(dot)uk> |
---|---|
To: | pgsql-general(at)PostgreSQL(dot)org |
Subject: | Re: pg on Debian servers |
Date: | 2017-11-11 14:23:06 |
Message-ID: | ou714a$hd$1@pye-srv-01.telemetry.co.uk |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 11/11/17 13:45, Christoph Berg wrote:
> Re: Magnus Hagander 2017-11-11 <CABUevExt7aLarQ2RE5KP9rRUTQSioAxi5FMq=JJ9neBTbC++OA(at)mail(dot)gmail(dot)com>
>>> Is there any way that either the package maintainer or a site
>>> administrator/programmer such as myself can mark the Postgres server
>>> packages as "manual upgrade only" or similar? Or since I'm almost certainly
>>> not the first person to be bitten by this, is there a preferred hack in
>>> mitigation?
>>
>>
>> Certainly. Unrelated to PostgreSQL, this is a standard feature in Debian.
>> Commonly used to prevent things like kernel upgrades from happening on the
>> same schedule as others.
>>
>> Basically, you put the package "on hold". See the debian administratino
>> guide at
>> https://debian-administration.org/article/67/Preventing_Debian_Package_Upgrades
>
> Another thing you can do is preventing package upgrades from
> stopping/starting services by using a policy-rc.d:
>
> https://jpetazzo.github.io/2013/10/06/policy-rc-d-do-not-start-services-automatically/
> https://people.debian.org/~hmh/invokerc.d-policyrc.d-specification.txt
>
> However, if you do that, you need to take measures to actually restart
> into the new version manually later.
Thanks Christoph, Magnus and Rob (and anybody else whose contribution
I've not seen yet :-)
I think that the "preventing upgrades" route is the one to follow, since
inhibiting the restart would obviously present a risk that something
loaded dynamically could get out of step. As an at least temporary hack
I've disabled unattended updates using
# systemctl disable unattended-upgrades.service
This is obviously a system which is deeply isolated from public exposure.
In the general case I'd caution against any attempt to edit the content
of /etc/init.d on recent versions of Debian, since I've come across at
least one package that puts a file in there and then ignores both it and
the associated control in /etc/default.
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
From | Date | Subject | |
---|---|---|---|
Next Message | Jan Claeys | 2017-11-11 16:40:59 | Re: pg on Debian servers |
Previous Message | Clodoaldo Neto | 2017-11-11 14:19:35 | Fedora 25 packages not signed |