[Date Prev][Date Next]
Re: OpenLDAP upgrade cycle
--On Thursday, December 02, 2004 9:05 AM -0500 "Matthew J. Smith"
I have noticed, in my short time on this list, that the upgrade cycle
for OpenLDAP seems to be very short. I initially installed 2.2.6,
because that is the only RPM available for my SuSE distro. Then, on
advice from this list, I compiled my own 2.2.15. Shortly after, 2.2.17
was released, and now 2.2.19 is available. So, a few questions:
* Are most of you scheduling frequent maintenance windows to stay
* Is there a version of the OpenLDAP 2.x series that is "stable enough"
and secure, perhaps at the expense of new features, that I can rely on,
without having to upgrade for a while?
* When I do need to upgrade, can I do "rolling upgrades" (upgrade one
instance at a time), or do all instances in my (SyncRepl) replication
grid need to be upgraded at the same time?
I personally run a load-balanced pool, and rotate servers out for upgrades.
Using a simple package management system like stow allows in-branch
upgrades of OpenLDAP to be particularly trivial. I believe you should be
able to upgrade an instance at a time, but the fact that you are using
syncrepl makes me unsure, because of the fixes to syncrepl that have been
occurring between versions. There don't appear to be any syncrepl related
fixes between 2.2.17 and 2.2.19 however, so I assume that would be smooth.
Basically, @ Stanford we design our applications around the idea that we
may need to upgrade various software components at any given time, and use
load balancing as much as is feasible to allow us to do upgrades to our
infrastructure services at any time.
How often you really wish to upgrade OpenLDAP is of course, entirely up to
you. Depending on the bug fixes, I sometimes wait several releases. For
me, the cache/memory leak issues make moving to 2.2.19 a must. If they
aren't affecting you, it may be something you choose to put off.
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html