If your computers are physical machines, where each piece of hardware runs a single OS image, then upgrading that OS image puts your services at risk or makes them unavailable for a period of time.
Sure, you have a development and test environment, where you can prove the process, but those machines cost money. So processes develop to either ensure you have a good backout, or you can make changes you know will work.
Virtual Machines have changed the game. I have a couple of Linux (Debian) based VM’s. They’re piddly little things that run some websites and a news server. They’re basically vanity VM’s, I don’t need them. I could get away with shared hosting, but I like having servers I can play with. It keeps my UNIX skills sharp, and let’s me learn new skills.
Debian have just released v6 (Squeeze). Debian’s release schedule is slow, but very controlled and it leads to hopefully, very stable servers. Rather than constantly update packages like you might find with other Linux distributions, Debian restricts updates to security patches only, and then every few years a new major release is made.
This is excellent, but it does introduce a lot of change in one go when you move from one release of Debian to the next. A lot of new features arrive, configuration files change in significant ways and you have to be careful with the upgrade process as a result.
For matrix (the VM that runs my news server), I took the plunge and ran through the upgrade. It mostly worked fine, although services were out for a couple of hours. I had to recompile some additional stuff not included in Debian, and had to learn a little bit about new options and features in some applications. Because the service is down, you’re doing that kind of thing in a reasonably pressured environment. But in the end, the upgrade was a success.
However, the tidy neat freak inside me knows that spread over that server are config files missing default options, or old copies of config files lying round I need to clean up; legacy stuff that is supported but depreciated sitting around just waiting to bite me in obscure ways later on.
So I decided to take a different approach with yoda (the server that runs most of the websites). I don’t need any additional hardware to run another server, it’s a VM. Gandi can provision one in about 8 minutes. So, I ordered a new clean Debian 6 VM. I set about installing the packages I needed, and making the config changes to support my web sites.
All told, that took about 4 hours. That’s still less time than the effort required to do an upgrade.
I structure the data on the web server in such a way that it’s easy to migrate (after lessons learned moving from Gradwell to 1and1 and then finally to Gandi), so I can migrate an entire website from one server to another in about 5 minutes, plus the time it takes for the DNS changes to propagate.
Now I have a nice clean server, running a fresh copy of Debian Squeeze without any of the confusion or trouble that can come from upgrades. I can migrate services across at my leisure, in a controlled way, and learn anything I need to about new features as I go (for example, I’ve switched away from Apache’s worker MPM and back to the prefork MPM).
Once the migration is done, I can shut down the old VM. I only pay Gandi for the hours or days that I have the extra VM running. There’s no risk to the services, if they fail on the new server I can just revert to providing them from the old.
Virtual Machines mean I don’t have to do upgrades in place, but equally I don’t have to have a lot of hardware assets knocking around just to support infrequent upgrades like this.
There are issues of course, one of the reasons I didn’t do this with matrix is that it has a lot of data present, and no trivial way to migrate it. Additionally, other servers using matrix are likely to have cached IP details beyond the content of DNS, which makes it less easy to move to a new image. But overall, I think the flexibility of VM’s certainly brings another aspect to major upgrades.