[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP upgrade cycle

--On Thursday, December 02, 2004 9:05 AM -0500 "Matthew J. Smith" <matt.smith@uconn.edu> wrote:

I have noticed, in my short time on this list, that the upgrade cycle
for OpenLDAP seems to be very short.  I initially installed 2.2.6,
because that is the only RPM available for my SuSE distro.  Then, on
advice from this list, I compiled my own 2.2.15.  Shortly after, 2.2.17
was released, and now 2.2.19 is available.  So, a few questions:

*  Are most of you scheduling frequent maintenance windows to stay
*  Is there a version of the OpenLDAP 2.x series that is "stable enough"
and secure, perhaps at the expense of new features, that I can rely on,
without having to upgrade for a while?
*  When I do need to upgrade, can I do "rolling upgrades" (upgrade one
instance at a time), or do all instances in my (SyncRepl) replication
grid need to be upgraded at the same time?

I personally run a load-balanced pool, and rotate servers out for upgrades. Using a simple package management system like stow allows in-branch upgrades of OpenLDAP to be particularly trivial. I believe you should be able to upgrade an instance at a time, but the fact that you are using syncrepl makes me unsure, because of the fixes to syncrepl that have been occurring between versions. There don't appear to be any syncrepl related fixes between 2.2.17 and 2.2.19 however, so I assume that would be smooth.

Basically, @ Stanford we design our applications around the idea that we may need to upgrade various software components at any given time, and use load balancing as much as is feasible to allow us to do upgrades to our infrastructure services at any time.

How often you really wish to upgrade OpenLDAP is of course, entirely up to you. Depending on the bug fixes, I sometimes wait several releases. For me, the cache/memory leak issues make moving to 2.2.19 a must. If they aren't affecting you, it may be something you choose to put off.


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html