When I ssh into an Ubuntu server which is running a live web site, I see the following messages:

2 packages can be updated.
2 updates are security updates.

At that point, I can update and upgrade with the following command:

sudo apt-get update
sudo apt-get upgrade

Is it recommended to run the above on a live server with mission critical applications?

Thierry Lam
  • 6,041
  • 9
  • 26
  • 24

6 Answers6


Short answer is no.

It is best to carefully choose and test the updates prior to applying them in your production environment. Before I run and updates on production machines they first get applied in a QA environment and run through a suite of tests to makes sure that they work as expected.

  • 2,168
  • 14
  • 17

If you run apt-get --just-print upgrade and apt-get --just-print update he would show you the packages.
I see you are using 10.04. Everything they put in those repo's is tested profoundly, so you should be safe.

Bart De Vos
  • 17,761
  • 6
  • 62
  • 81
  • `apt-get update` does not have a `--just-print` option. `apt-get update` downloads the package lists from the repositories and "updates" them to get information on the newest versions of packages and their dependencies. A great description of these commands can be found [here](http://askubuntu.com/a/222352/470244) – PanPipes Aug 02 '16 at 20:58

In my experience none of my services have ever been disrupted by an apt-get update/apt-get upgrade. However, if it's mission-critical, you should take precaution and warn users of impending maintenance, and schedule it at a time of least disruption. Nothing is likely to go wrong, but do this if you want to be safe.

Also, listen to sreimer below (or above), if it's really mission-critical, defintely test it on a non-production system first.

  • 1,192
  • 6
  • 14
  • In my experience, apt-get upgrade on a box of some age with lots of packages installed is very likely to be severely affected. – Bittrance Apr 12 '11 at 22:26

This is why we have a test server with the same environment and the same applications, so we can see what happens when we upgrade, and make sure everything will still work.

Without that, you're going to have to get apt to tell you what packages it wants to upgrade, and see if those packages are used by your mission critical applications. If this is a webserver and it wants to upgrade apache, then you'll need to expect at the absolute best a minute or two of downtime while it stops the server, upgrades the files, then starts it again. Some libraries require restarting some servers, others don't.

  • 19,313
  • 2
  • 35
  • 51

In general, it's always a good idea to have a test environment. Even with small projects, whenever possible I try to keep a copy of my environment in something like an EC2 image so that I can break things without fearing for production.

Absent a test environment: running apt-get --just-print upgrade should show you the list. Upgrade only the packages you don't expect to touch your application.

  • 1,291
  • 4
  • 14
  • 21

I have had some issues doing aptitude safe-upgrade on a live (non-critical) server. Sometimes when packages are upgraded like postgesql or mysql or other services, they get restarted. If the applications that are using those services don't react well to the database disappearing from under them you can have issues.

Specifically I have found that my rails 3 apps using sequel as the ORM and postgresql as the DB hang when postgresql is restarted without stopping rails first. Its a bug but it happens.

  • 221
  • 1
  • 3