Sometimes after installing updates, the server machine would say
*** System restart required ***.
And we of course we comply.
Is this really how this works? I can't imagine that this is already the best practice. Because you would not want to restart your Server. You have live traffic running on your Server.
Running Ubuntu 14.04. We install updates with sudo apt-get upgrade and sudo apt-get dist-upgrade.
Guidance needed.
Thanks!
That message probably only appears when the kernel has been upgraded, and the only way to replace the old kernel with the new is to reboot.
You typically don't need to restart the machine right away, but you'll be vulnerable to any security problems fixed in the new kernel until you do, so before deciding to delay the reboot, you should find out what is changed, consider the implications for your system and then decide how long you can live with not having the fixes. And if your server has really important traffic, maybe look into some high-availability solution that allows you to handle the traffic from two (or more) servers, such that you can reboot one and let the other(s) handle the job in the mean time.
The solution: Don't just do
apt-get upgrade. Instead, carefully check what updates you need and only install those that affects you, especially for kernel updates. Then, do updates with planned downtime only.And also: If you can't afford downtime for system maintenance, your system structure is not very well thought out. Make your environment redundant so you can put pieces of it into planned maintenance.
Lastly, there exist technologies to live patch kernels, e.g. kpatch and ksplice.
I know this post is a bit old, but Canonical just released this service for Ubuntu specifically on 16.04.
This uses the live patching technology in the upstream Linux kernel since 4.0 was released.