Do You Need to Reboot Linux?
Вставка
- Опубліковано 22 чер 2024
- People often claim you don't need to reboot Linux, but is this really true?
In this video we'll look at why you may or may not need to reboot Linux and introduce a "best of both worlds" option in the form of LibraryCare from TuxCare, which can perform in-memory live-patching for critical shared libraries like glibc and OpenSSL without the need to reboot or restart services.
Video sponsored by TuxCare.
➡️ Check out LibraryCare live patching services from TuxCare:
bit.ly/3pYLH1i
➡️ Use the free uchecker script to find vulnerable libraries in memory:
github.com/cloudlinux/kcare-u...
📽️ Rebootless kernel patching with KernelCare
• Don't Reboot Your Serv...
💬 Follow Me
/ andrewmrquinn
Video timestamps:
0:00 - Introduction
0:44 - Linux Is Not Windows
3:25 - Linux Is Different
4:09 - The Kernel
4:47 - Shared Libraries
5:18 - Glibc Exploit & Patching
6:19 - The Problem with Shared Libraries
8:46 - LibraryCare
10:58 - Other Reasons to Reboot
12:43 - Security Vs Downtime
The Pro Tech Show provides tech, tips, and advice for IT Pros and decision-makers.
#Linux #CyberSecurity #TuxCare #LibraryCare - Наука та технологія
Great video. I learned alot.
Thanks!
My opinion? This whole dance avoids the fundamental problem that your services are not redundant/HA and need to be.
That's a fair criticism. I've said to people on many occasions that if you can't afford to have something go down for a reboot you can't afford a hardware failure either, but you don't get to choose when those happen.
I think this fits best either as a middle-ground where you don't have the budget for full HA, where you still want to avoid the brief service blip as HA systems fail over, or for one of those frustrating systems that simply don't support HA. Unfortunately those also tend to be the sort of critical, industry-standard systems that don't have any competition so if you're in their space you have to use them and there is no incentive for them to improve without a competitor to challenge them (I've had a call about one like that today!).
I have to agree, back in the 90s I worked at the head office of a steel manufacturer, the nack was to gather the system requirements including availability. Then be brutally honest with the stakeholders. If they wanted HA then they needed to pay for it. If they didn’t have the budget then it was about being clear what they could have for that money.
The reality was while it seemed harsh at the time they weren’t disappointed because we were clear about expectations.
My favourite system back then was netware sft iii. We had 4 servers 2 running with a server link fibre in different servers rooms and the other 2 were cold hardware backups. The overnight backups were also duplicated so a copy could go offsite each day by motorcycle courier and the other stay onsite for more imitate restore needs. We rehearse restores every month. It cost a fortune to buy and run.
Very interesting thank you
You're welcome
"No Linus", shoutout to LTT XD
😁 I couldn't resist the reference when the prompt came up
I save you some time without watching the video:
You have an enterprise Linux with live kernel patching (pretty expensive) - you can live without rebooting.
All other cases.. If you update the kernel you need to reboot
Nb after an update you need to restart the app always - yea also you desktop environment / display manager.. is it workstation just reboot.. is it a server.. plan maintenance.. you have fault tolerance hopefully.. if not.. hire a professional.. it’s not a mainframe
I recommend watching the video before commenting. There's a whole section about shared libraries that is not addressed by live kernel patching.
the problem i have with windows is using the "update and shutdown", the next day you turn on your pc, and it's take a second time to finish their update....
can't they "update and reboot and then shutdown" so the next day we dont have to wait it to finish....
i dont mind reboot my linux pc/server time to time, it's so fast....
That would definitely be a useful feature
It’s a good advert for your sponsor. Perhaps you should let people know up front that it’s an advert.
I assume you didn't notice the popup right at the very start that says "Includes paid promotion", or the massive banner embedded in the video itself that says "Video sponsored by TuxCare" before the actual sponsored content?
@@ProTechShow Apparently I didn’t :) Just watched the beginning and saw the pop up.
I did see the embedded banner that was in the middle of the video though but that seemed a bit late.
Most seem to declare that it’s a promotional video at the beginning in the actual video.
I did like the product though. Seems a great idea.
@@SirHackaL0t. Haha, fair enough. I prefer to use both methods of declaring it - the UA-cam setting that creates the "official" popup at the start and then explicitly mentioning it in the video myself just before I talk about the product. That way anyone using some kind of integration with the UA-cam metadata receives the promotional content flag, and it's also clear what part is sponsored. If I only mention it at the very start it can get missed by anyone following links from Google (which often links to specific timestamps) or people who skip the intro. There's never a perfect solution but by displaying my own banner right before I talk about it I try to make it as difficult as possible to hear about the sponsored product without also hearing that it is in fact sponsored.
TuxCare advertising aside, the video provides good content, weather you like TuxCare or not.
You always do a great job explaining subjects in a way anyone can easily understand! 👍👊👏
Thanks @@alexycox1347!
If something is so critical that you can not afford 20 seconds of downtime you need a failover. Thus solving your problem. If management/budget doesnt allow for failover costs. .. then they decided you can afford a reboot of 20 seconds thus solving your problem.
I agree with the sentiment that if it's important enough that you can't afford downtime, it's also important enough that you should invest in high availability.
That said, Xbox is an interesting case study, albeit from Windows. They have ~1000 servers, all highly available. Nondisruptive patching of the full estate using traditional methods used to take 3 weeks. With live patching it takes less than 2 days, so it had a huge benefit to their use case even with high availability.
@@ProTechShow Oh I was a bit black and white with the statement if you can not afford 20 seconds of downtime. But of course live patching and minimizing risk and optimizing your time is the way to go! My statement was more, sometimes decisions are made that are out of your control. Can't afford downtime yet it's inevitable. Be transparent to your organization and you should never stress about stuff like patching and downtime. Because that's what I see a lot of colleagues do. The less black and white context! :P Great videos! I learn a lot!
When you buy a new graphic card for your computer :D, then you reboot GNU/Linux :D. Unless the hardware is hot pluggable.
If you have a new GPU to play with I don't think you will be too upset about having to restart! 😉
@@ProTechShow :D indeed, where is that shutdown button.
Not true lol. BTW - I use arch. If you use a Linux Desktop / Window Manager you usually have to reboot cause things do crash with Xorg, window managers, memory is not freed automatically , etc... If you don't want to reboot .....use a Linux with no Xorg (e.g., Linux Server). Yesterday I had to reboot cause My arch system would not wake up from sleep, I had to power off cause it froze. Tried everything, even opening another tty.
@@sirmongoose Perhaps been using Void but it has it's own problems as well. What do you suggest I use that's not systemd?
YOLO reboots for everybody!
Reeeeeboooooot!!
(I'm imagining a sort of Leeroy Jenkins reboot operation here)
i dont reboot windows