Recent Discussions
Ubuntu live-patch and docker live-restore
Unanswered
Blanc de Hotot posted this in #questions
55 messages
0 views
Blanc de HototOP
Hello, I have Linux server management experience but this is the first time I'm planning to run a small Minecraft server host. After research it appears that to achieve high uptime without missing out on security updates is to use Ubuntu love's live patch for the kernel and docker live restore to update docker without shutting down the containers. However:
While researching, I read that some rare live patches can cause docker container to break or misbehave, starting from a simple network disconnect to corruption, is this correct? If so, how do I know that prior to applying the patch, so it can be turned into a scheduled reboot instead.
And for docker live restore, it appears that it isn't supported if there are specific changes to the engine, meaning docker will not be able to connect to the containers again due to incompatibly issues, especially if the new version is a major update, not a small patch. Is this true? And how do I know this prior instead of just breaking everything all of a sudden?
When I search for that on Google or Ask AI, The answer is always load balancing or node offloading which is not for Minecraft server hosting.
I also understand that I may not have fully understood this topic so maybe I'm missing something, feel free to let me know.
While researching, I read that some rare live patches can cause docker container to break or misbehave, starting from a simple network disconnect to corruption, is this correct? If so, how do I know that prior to applying the patch, so it can be turned into a scheduled reboot instead.
And for docker live restore, it appears that it isn't supported if there are specific changes to the engine, meaning docker will not be able to connect to the containers again due to incompatibly issues, especially if the new version is a major update, not a small patch. Is this true? And how do I know this prior instead of just breaking everything all of a sudden?
When I search for that on Google or Ask AI, The answer is always load balancing or node offloading which is not for Minecraft server hosting.
I also understand that I may not have fully understood this topic so maybe I'm missing something, feel free to let me know.
Ruddy Ground-Dove
Let's take a few steps back on this one and real quick just ask what your experience in Linux sysadmin is? Livepatch is good for some things and bad for others, it very much depends on your style and how you're running workloads if it's a good idea or not.
@Ruddy Ground-Dove Let's take a few steps back on this one and real quick just ask what your experience in Linux sysadmin is? Livepatch is good for some things and bad for others, it very much depends on your style and how you're running workloads if it's a good idea or not.
Blanc de HototOP
I'm planning to run some Minecraft servers for some clients, previously it was just my own servers and my friends who did not mind downtime so I would just reboot the machine when there is a kernel update or there is a docker update. It's going to be a pterodactyl setup, running panel and wings on the same machine since it's just one machine, aside from pterodactyl I would be running some docker containers outside of pterodactyl of my own
Ruddy Ground-Dove
Ok so don't take this badly, but you're not even remotely ready to run a host.
There's a LOT of data you haven't learned yet and it takes a good while.
@Ruddy Ground-Dove There's a LOT of data you haven't learned yet and it takes a good while.
Blanc de HototOP
Yes but what am I missing?
Ruddy Ground-Dove
There's a borderline nightmarish level of small issues MC hosting will bring up, things you won't see coming without years of experience in public server hosting you don't need to worry about.
As an example;
DDOS protection
Interserver hardening
Container management
Storage management
Onsite and offsite backups
Hardware maintenance
External attack surface hardening
Etc etc
As an example;
DDOS protection
Interserver hardening
Container management
Storage management
Onsite and offsite backups
Hardware maintenance
External attack surface hardening
Etc etc
Blanc de HototOP
We're not running a host, we simply bought a dedicated server with really high specs and would like to share it with some clients
Ruddy Ground-Dove
Like if you want to share it with friends then it's a different story.
If you want to be making money off this? Don't for your own sake.
Not until you're ready in any case.
@Ruddy Ground-Dove There's a borderline nightmarish level of small issues MC hosting will bring up, things you won't see coming without years of experience in public server hosting you don't need to worry about.
As an example;
DDOS protection
Interserver hardening
Container management
Storage management
Onsite and offsite backups
Hardware maintenance
External attack surface hardening
Etc etc
As an example;
DDOS protection
Interserver hardening
Container management
Storage management
Onsite and offsite backups
Hardware maintenance
External attack surface hardening
Etc etc
Blanc de HototOP
Ddos protection is offered by the data center we're co-locating at, and half of the things you mentioned in here.
Things like storage management and container management is something I have quite a bit of experience with, as my old pc is running Linux and I've been experimenting with it for fun. I'm the kind of person to read alot of articles and be excited to try it out, but the Ubuntu live patch and docker live restore is what I never tried before
Things like storage management and container management is something I have quite a bit of experience with, as my old pc is running Linux and I've been experimenting with it for fun. I'm the kind of person to read alot of articles and be excited to try it out, but the Ubuntu live patch and docker live restore is what I never tried before
^ this has been the case for many years
Ruddy Ground-Dove
Livepatch won't help you much and doing a live restore on an MC container is asking for a server implosion.
Anyway if you wanna try making money off it make sure you learn your lessons and take your lumps whenever the service completely implodes, it happens to everyone.
@Ruddy Ground-Dove Livepatch won't help you much and doing a live restore on an MC container is asking for a server implosion.
Blanc de HototOP
That's what initially thought, but I saw that many Minecraft hosting servers hadn't rebooted and the only way this can happen securely is by utilizing Ubuntu pro's live restore, Is this correct?
Ruddy Ground-Dove
Nope, it's partially lies and bullshit mixed with not updating anything about server security and that being a '''good''' thing.
Firstly Hetrix, what most people use, doesn't pick up downtime if it's a minute or two and you're quick about it.
Secondly how they have huge uptime is just by neglecting the server and not rebooting for an upgrade.
@Ruddy Ground-Dove Firstly Hetrix, what most people use, doesn't pick up downtime if it's a minute or two and you're quick about it.
Blanc de HototOP
Yup I'm aware about that, but my friend told me from experience that he never experienced a single unexpected reboot or anything like that too
@Ruddy Ground-Dove Secondly how they have huge uptime is just by neglecting the server and not rebooting for an upgrade.
Blanc de HototOP
So they're leaving their nodes vulnerable just to achieve high uptime?
Ruddy Ground-Dove
Sir, a lot of hosts are running Debian 12 stock, having vulns is the least surprising thing about this.
@Ruddy Ground-Dove Sir, a lot of hosts are running Debian 12 stock, having vulns is the least surprising thing about this.
Blanc de HototOP
Yeah that's fair, I thought they achieved high uptime without sacrificing security, seems like I might be wrong
Loading...
Loading...