1

We have a server-side app running Linux Debian. We plan to distribute the app as VM images (e.g. ovf images that can be later imported to VMware ESX servers)

Our major concern is how to organize updates of our app. I think this is more complex than just replace our app with a new version. A new version of the app may require a new version of some Linux libraries or tools (say, new libstdc++ or libssl or new grep) It may even need an entire upgrade of Linux system.

Of course the upgrade process should need as little user involvement as possible. The most straightforward is to invoke 'apt upgrade' as a pre-upgrade step for the app. But I find this approach fragile because:

  • if the system part of the upgrade succeeds and the app-part of the upgrade fails it will leave us with a potentially broken system
  • if the system part of the upgrade breaks half-way this will leave up with a potentially broken system
  • Internet connection is required for 'apt upgrade' and the friends, which is not always the case

Therefor I am looking for a way to bundle our app together with Linux (having all needed libs and tooling) and push this to our users. This way the entire bundle will be installed on a secondary partition and will be activated after reboot. I like this 'all-in-one' approach very much since this way we have full control over what we ship and can also implement rollbacks in case something goes wrong during an update (just switch back to the original partition).

What I am looking for are the existing technologies to implement such upgrades with 'os+app' bundles Or at least keywords hints to google for them. I am interested in Linux Debian 8 in particular.

Vitaly P
  • 123
  • 3
  • 1
    You mean containers like lxd/lxc, docker? What kind of app are we talking about, what software does it use? I vote to put this question on hold as too broad until the desired end state is more fully explained. – mzhaase Feb 24 '17 at 15:21
  • Why are you using Debian? The interesting technology advances in this space are not on Debian at all (and might never be). See for instance [Project Atomic](https://www.projectatomic.io/) (which is only on Red Hat derived distros). – Michael Hampton Feb 24 '17 at 20:40
  • @MichaelHampton The funny thins is that we recently switched from CentOS to Debian for several reasons: 1. bigger community of Debian 2. more choice of packages 3. Debian packaged are generally more up-to-date 4. I had negative experience release-to-release upgrades on CentOS, but never on Debian Enough reasons for now, don't want to turn this topic in a RHS vs Debian holly war ;) Thanks for your reference about Project Atomic. Why do you think Debian will never have something like that? – Vitaly P Feb 27 '17 at 06:37
  • @mzhaase This is commercial server software aiming at distributing of client-side X.509 certificates towards users. Therefor proper security is a number 1 requirement. The software is written mostly on C++, runs behind lighttpd and uses MySQL for storage The software will be offered as a self-hosted image (say, as VMware-compatible image) and as Amazon Web Service image (AMI) – Vitaly P Feb 27 '17 at 06:49
  • I'm sure you had some problem with upgrading an old version of CentOS, though you're probably the only person who's never had a problem upgrading Debian. Anyway, given the requirements you describe, switching from CentOS to Debian seems quite bizarre. If security was the first requirement, Debian wouldn't even be on my short list of distros to choose. And it has nothing like atomic OS updates, nor have I heard of any plans along those lines. – Michael Hampton Feb 27 '17 at 06:58
  • @MichaelHampton My experience upgrading Debian is based on upgrading from Debian 6 to Debian 7 and from Debian 7 to Debian 8. Five different servers, no big problems. What is that wrong with security on Debian? – Vitaly P Feb 27 '17 at 07:58

0 Answers0