Craig Sanders wrote: > On Sun, Mar 16, 2008 at 03:14:58AM +0100, Michael Biebl wrote:
> >> Second, if you replace files while the daemon is still running, >> this can lead to all sorts of subtle failures, e.g. daemons that >> dynamically load functionality via shared modules (as rsyslog does) >> might crash. > > 'MIGHT crash' is a whole lot better than 'definitely WILL be shut down > for the entire duration of the upgrade - many minutes or even hours(*)'. > > with the former you have a chance of significant downtime during > upgrade. > > with the latter, you are guaranteeing significant downtime during > upgrade. > > The difference is, that a crashing daemon might lead to data corruption, which is much worse than a slightly longer downtime. FWIW, if it is correct, that postfix behaves the way you describe, than this is broken. postfix can be combined with several other daemons (getting user data from mysql, postgresql, virus scanning, spam scanning etc). postfix itself can't control how those daemons are started. If postfix is not stopped, before those are services are stopped, this will lead to much worse results than a downtime which is a bit longer (emails not getting virus-scanned, rejected emails because user data is not available (db down),...). The only reasonable and safe choice is, to stop postfix in prerm before those other services. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
