I am using Archlinux as a server for my infrastructure. Does anyone have experience with ignoring kernel upgrades on Archlinux for a while? If so, how do you decide on what kernel release you are staying? If you upgrade the kernel, have you found a way to circumvent having to restart the machine?
I just using the linux-lts kernel on servers
I was going to recommend
linux-lts
kernel but actually it too seems to be getting quite a bit of updates.partial upgrades aren’t supported I believe, but i believe if you really wanted you could add the following line to your
/etc/pacman.conf
:IgnorePkg = linux
myself, I just depending on the server i’m upgrading, i just don’t update as frequently and reboot the machine if needed (i don’t think there’s any getting around that).
Agreed, maybe just establish a maintenance cycle that works for you and only update then. Otherwise you might use arch-audit to check for security issues in your packages and only upgrade when a package you have has a known vulnerability.
I have come up with the idea to just setup two hypervisors under arch, virtualizing all services and using keepalived under arch to fail over the hypervisors. With that, one can take down one server for upgrades, without having “downtime” of the services. However, I don’t know how to achieve that yet :)
Look into HAProxy. It will load balance traffic between servers based on your preference, and can be configured to detect when 1 server is down, thus keeping your service active when 1 server goes down.
I already had the lts kernel ignored in the pacman.conf. Haven’t updated it since several months and everything is still working fine. The only issue that I’ve found is the dkms module for virtual box that I tried to install 2 days ago and it failed.
In any case if you really want to skip the kernel upgrades maybe a distro like hyperbola will suit you best.
About the upgrades without restart, systemd is working on user space restart which in theory will allow your server to restart with the new software without even closing the established connections. I think that you can also live patch the kernel, but I’ve never tried it.
IMHO a server would benefit from all updates… but as with all updates a pre-update backup is always wise.
Do you have specific issues to deal with?
I use the LTS kernel on my Arch server, but I don’t ignore kernel upgrades. I just leave it up until I can schedule some downtime for a reboot. Depending on how fast releases happen, there have been a few times where I didn’t reboot for 2 or 3 kernel upgrades. Hasn’t ever been a problem for me personally.
Maybe take a look at this: https://wiki.archlinux.org/title/Kernel_live_patching
LTS kernel would help a little, but it also still receives updates.
Why are you running Arch on a server if you are concerned with frequent updates, though?
I am not at all concerned with frequent updates, I do want them. The thing with the Kernel is, for some applications you need to reboot to make the update complete. E.g. libvirts default network doesn’t work when you upgrade the kernel but don’t reboot, with docker I also had problems. I just want to minimize downtime.
I will likely try to achive a setup with a clustered file system and two physical servers for failover