Proper Port Upgrading Practices

[monarckco]

This will most likely induce a bit of laughter from the more experienced admins, but please at least pretend to be kind to this newbie. I've managed low-traffic network servers and even local development servers, but haven't been responsible for a live production web/mail server until now. I'm extremely nervous about upgrading some of the outdated software running in the server, but I know that I need to for security reasons. I have a very simple question: What do the professionals do in this situation? Do you run something like jails to test the upgrade? Or do you even have a separate machine that you test the upgrades on before doing it on the live server? The biggest problem I face is the fact that the person before me didn't do updates for about 9 months, so some of the updates are more of a leap than a small patch. Any advice?

 

[SirDice]

Or do you even have a separate machine that you test the upgrades on before doing it on the live server?

If you have the equipment to do this then it's highly recommended.

Always test new things, make a plan, try it out on the test server, change the plan where needed, test it again. When everything works out only then you move to your production servers.

Ideally you'd even have more servers, DTAP principle.

The biggest problem I face is the fact that the person before me didn't do updates for about 9 months, so some of the updates are more of a leap than a small patch. Any advice?

Definitely read through /usr/ports/UPDATING. If there's really a lot to upgrade it may even be simpler just to pkg_delete -a the whole lot and start over. It definitely helps if you have a spare server to build all your packages on. Once those packages have been built it's about a 10 minute job for each server.