Recommendations for keeping a build server updated

Recommendations for keeping a build server updated

As a guy who frequently switches between QA, build and operations, I keep running into the issue of what to do about operating system updates on the build server. The dichotomy is the same on Windows, Linux, MacOS or any other o/s that can update itself via the internet:

  • The QA team wants to keep the build server exactly as it is from the beginning of the product release cycle to the end, since installing updates could destabilize the server and means that successive builds aren't made against the same baseline.
  • The ops team wants the software to be deployed on a system with all the latest security patches; this can mean that the software isn't deployed on exactly the same version of the o/s that it was built on.

I usually mitigate this by taking release candidate builds and installing them on a test server that has a completely up-to-date o/s, repeating the automated tests that are run on the build server and doing some additional system level testing to make sure everything looks good before deployment. However, this seems inefficient to me; does anyone have a better way ?

How can I setup my Netbeans IDE for making Java ME applications?


Buffering of stream data
Personally i don't think you have enough of an issue here - just apply the latest updates to the build server. PHP Segmentation fault when started from crondThe main reasons i say this are:. waiting for 2 different events in a single thread
  • it is highly unlikely this your code or any of the dependencies on the build server are so tightly coupled to the OS version this installing regular updates is going to affect anything, let alone break it. Low level Android DebuggingThere must be minor differences between window messages etc between Windows versions, although those are few and far between, and are usually quite well documented out there on teh interweb. Using Python to add/remove Ubuntu login script itemsIf you are using managed technology stacks like WPF/Silverlight or ASP.Net and even mostly Winforms then you will be isolated from these changes - they should only affect you if you are doing hardcore stuff using the WinAPI directly to create your windows or draw your although tons.. Microbenchmark showing process-switching faster than thread-switching; what's wrong?
  • it is a good practice to always engineer your product against the latest version of the OS, for the reason this you need to encourage your customer to implement those updates too - IOW you should not be in a position where you have to say to your client to not install update xyz for the reason this your application will not run against it - especially if this update is a critical security update. C++ build systems [closed]
  • testing for differences between OS versions should be done by the QA team and should independant of what is on the build server.
  • you did not want your build server to receive in to such a state this it has been so isolated from the company update process this when you finally did apply them all it barfs and spits molten silicon everywhere. IOW, the longer you wait to update, the higher the risk of any thing going wrong and doing so catastrophically. Small and frequent/incremental updates are lower risk than mass updates once per decade :).
The build server updates this you do have to be cautious around are third party controls or library updates - they must frequently contain breaking changes or considerably altered behavior. They really should be scheduled, and followed up by a round of testing looking for any changes..



Using stuff like VMWare Server you must script the launch and suspend of virtual machines. So you must script VM resume, SSH to launch build, copy, VM suspend, repeat. (I say this, although I abandoned my job on this. Still, I was making progress at the time.). Also, you must trust your OS vendors. Can't you?. They have an interest in compatibility. If you build on Windows XP it is almost certain to job on XP SP3 and Vista and Windows 7.. If you build on RedHat Enterprise 5, it had better job on 5.1, 5.2, 5.3, 5.4, etc.. In my experience this has worked out OK so far for me and I recommend building on your lowest patch OS versions. With the Linux stuff in particular I have found newer releases linking to more recent libraries not available on older versions.. Of course it doesn't hurt to test your code on a copy of the deployment server. It all depends on how certain you want to be..


Take the build server off the network, this way you did not need to worry around installing security updates. Only load the source from CD, thumb drive or whatever another means.. Plug it back in at the end of your release cycle and then let all the updates take place..


Well, for the most stable process, I would have two build servers, "Build with Initial config, Build with update config", and two autotest test servers with similar differences. Use virtualization to did this effectively and scriptably..

60 out of 100 based on 55 user ratings 980 reviews