Stackato 2.10.6 - Patching Linux on a Stackato VM

Posted by grahams on 2013-11-25 15:46
OS: Debian / Ubuntu | Product: Stackato | tags: 2.10.6 patch stackato ubuntu
Question: 

How do I ensure that my Stackato nodes are running the latest patches released for Ubuntu?

Answer: 

Stackato 2.10.6 supports the use of the standard Ubuntu "apt-get" patching tools. Critical Stackato components are protected by pinning the affected packages, so users are able to run
'sudo apt-get update&&sudo apt-get dist-upgrade'
from a terminal window (ssh) to patch the base VM. Each VM will need to be patched separately.

Pinning packages means that apt-get is unlikely to result in a reboot being needed, however, it is still good practice to check the content of the recommended patches. Planning for the use of maintenance mode, with a contingency of a controlled reboot if appropriate, is strongly recommended.

Pinned packages can only be updated by upgrading to a newer version of Stackato. To see a list of pinned packages, execute 'sudo apt-mark showhold'.

After patching the base VM, the template for generating new LXC containers should also be patched. See the FAQ for patching the templates:
http://community.activestate.com/node/10406

While it is possible to 'stackato ssh' into a running container and patch it if you have sudo enabled for that container, we do not recommend this. Patching the template, spinning up new containers, and dropping the old container will give more consistent results over the long term.