On Thu, 23 Feb 2012 13:16:41 +0200
Coert Waagmeester <email@example.com> wrote:
> > Not doing it this way means a very high likelyhood of the machine
> > not booting with every single upgrade, plus the huge amount of work
> > it takes to go through everything in menuconfig.
> indeed, especially when the server is stuck in a far away rack.
Ooooooooooh, those are the scary ones.
Two excellent things can help with that:
A proper RAC setup, or
Copy the debian boot scheme, where is a kernel won't boot, it panics
and times out after 30 seconds. Grub then automagically boots the
previous working kernel.
Just don't do what I did earlier: sit in Joburg and configure the
firewall on a Xen host in deepest darkest Africa where there's no
tarred roads to get to it. Check the iptables config three times,
plus get your colleagues to look it over as well. We all signed off on
Guess what? Yup, you got it. We all missed something and now we are
locked out. Remember, it's in deepest darkest Africa.
On Thu, February 23, 2012 12:25 pm, Alan McKinnon wrote:
> Just don't do what I did earlier: sit in Joburg and configure the
> firewall on a Xen host in deepest darkest Africa where there's no
> tarred roads to get to it.
How did you get the server there? Flown it in?
I've seen the roads in Africa and those are difficult to navigate...
(The tarmac'd ones are decent though)
> Check the iptables config three times,
> plus get your colleagues to look it over as well. We all signed off on
> Guess what? Yup, you got it. We all missed something and now we are
> locked out. Remember, it's in deepest darkest Africa.
That's why I like the "ADMINISABSENTMINDED" option in the Shorewall
config. It doesn't kill existing connections.
I always test a new remote connection prior to closing the one I used to
change it with.
If I do accidentally kill my existing connection, the "safe_restart"
option will cause it to roll-back if I don't accept the new settings
before a time-out.
On Thu, Feb 23, 2012 at 3:16 AM, Coert Waagmeester
> On 02/23/2012 01:08 PM, Alan McKinnon wrote:
>>> Is there a way to import old config files with newer kernel sources?
>>> I tried it once by simply copying .config into the newer src dir, but
>>> I read somewhere that there could be incompatibilities.
>> That is exactly how you do it. Copy a .config over and run make
> I am definitely going to try this.
If I can offer one additional step then at the end also do a make
menuconfig even if you don't intend to change anything. The additional
menuconfig runs checks on the combination of options selected and not
selected and in some cases will pop up some messages about
incorrect/inconsistent settings. No messages means it's OK to do the
build, but if you get messages then it's best to take care of them