Often, when logging into via SSH to an Amazon EC2 instance, you are told that there are several updates (usually including security updates) waiting to be updated on your system.
The panel on Amazon Linux even goes so far as to explain how one might go about updating to this version. HOWEVER, as this may often involve an update of the kernal (which is actually running in your production server?!) and it may also cause memory issues to run an update on an already running, close-to-the-limit EC2 instance (for example, a micro instance running WordPress on the free usage tier!). These reasons mean it may not be a good idea just to go ahead and type in “yum update” and see what happens. You could end up breaking bits and pieces. You could have yum transactions that don’t complete satisfactorily.
Instead, the below will allow you to update safely.
Once you notice there is a new update available (and we check for clients regularly about this here at Silicon Dales under our maintenance plans), you should set aside a quiet time to do a quick update.
Pick a time when there are likely to be few – or no – visitors to your website.
Table of Contents
ZERO Downtime Option
If you can absolutely abide no downtime, then you should create another copy of your server, then direct your public IP at that machine, before updating your original instance. We’re not explaining how to do that here.
Minimal Downtime Option
Take a snapshot of your EC2 instance from your EC2 control panel. This way you’ll have something to roll back to if you mess things up in the next steps. Sometimes this just “happens”. So take a backup. It really isn’t that hard, so do it!
Then login to your EC2 instance via your favoured SSH tool (I like PuTTy), and run the following:
sudo -i
service httpd stop
service mysqld stop
yum update -y
reboot
** AFTER REBOOT (assuming you don’t have this configured to turn on during reboot) **
service httpd start
service mysqld start
The above code should see you right until the next batch of updates rolls out. You should try always to be at the latest stable release, unless this breaks your application, as this presents the best security for your application.
Silicon Dales maintenance clients get all of the above, and much more, performed by experienced, accredited developers.