Enhance system stability

From ArchWiki
Jump to navigation Jump to search

zh-cn:Enhance system stability

Merge-arrows-2.pngThis article or section is a candidate for merging with System maintenance.Merge-arrows-2.png

Notes: One common place for recommended practices (Discuss in Talk:System maintenance)

The purpose of this wiki article is to provide tips and best practices on how to make an Arch Linux system as stable as possible. While Arch Developers and Trusted Users work hard to produce high quality packages, given Arch's rolling release system and rapid package turnover, an Arch system may not be suitable for a mission critical, commercial production environment.

However, Arch is inherently stable due to its commitment to simplicity in configuration, coupled with a rapid bug-report/bug-fix cycle, and the use of unpatched upstream source code. Thus, by following the advice below on setting up and maintaining Arch, the user should be able to enjoy a very stable system. Furthermore, advice is included that will ease system repair in the event of a major malfunction.

How stable can Arch Linux really be? There are numerous reports in the Arch forums of skilled system administrators successfully using Arch for production servers. Archlinux.org is one such example. On the desktop, a properly configured and maintained Arch installation can offer excellent stability.

Avoid certain pacman commands

Avoid doing partial upgrades, i.e. never run pacman -Sy and instead use pacman -Syu.

Avoid using the --force option with pacman, especially in commands such as pacman -Syu --force involving more than one package. The --force option ignores file conflicts and can even cause file loss when files are relocated between different packages! In a properly maintained system, it should never need to be used.

Do not use pacman -Rdd package. Using the -d flag skips dependency checks during package removal. As a result, a package providing a critical dependency could be removed, resulting in a broken system.

Configuration files

Before editing any configuration files, create a backup. This way, you can revert to a working version in case of problems. Editors like vim and emacs can do this automatically, as well as tools like etckeeper which keep /etc in a version control system (VCS).

Periodically clean configuration files

Old configuration files may conflict with newer software versions, or corrupt over time. Remove unneeded configurations periodically, particularly in your home folder and ~/.config. For similar reasons, be careful when sharing home folders between installations.

Upgrading the system

For repetitive tasks that need to be done regularly see System maintenance. To revert upgrades causing instability, see Downgrading packages.

Read before upgrading the system

Before upgrading Arch, always read the latest Arch News to find out if there are any major software or configuration changes with the latest packages. Before upgrading fundamental software (such as the kernel, xorg, systemd, or glibc) to a new version, look over the appropriate forum to see if there have been any reported problems.

Act on alerts during an upgrade

When upgrading the system, be sure to pay attention to the alert notices provided by pacman. If any additional actions are required by the user, be sure to take care of them right away. If a pacman alert is confusing, search the forums and the recent news posts for more detailed instructions.

Deal promptly with new configuration files

When pacman is invoked .pacnew, .pacsave, and .pacorig files can be created. Pacman provides notice when this happens and users must deal with these files promptly. Users are referred to the Pacnew and Pacsave files wiki page for detailed instructions.

Also, think about other configuration files you may have copied or created. If a package had an example configuration that you copied to your home directory, check to see if a new one has been created.

Test updates on a non-critical system

If possible, test changes to configuration files, as well as updates to software packages, on a non-critical duplicate system first. Then, if no problems arise, roll out the changes to the production system.

Install the linux-lts package

The linux-lts package is an alternative Arch kernel package, and is available in the core repository. This particular kernel version has long-term support (LTS) from upstream, including security fixes and some feature backports. It can be used by those who want a fallback kernel in case a new kernel version causes problems.

To make it available as a boot option, you will need to update the bootloader's configuration file. For Syslinux, you have to edit /boot/syslinux/syslinux.cfg and duplicate the current entries, except using vmlinuz-linux-lts and initramfs-linux-lts.img. For GRUB, the recommended method is to automatically re-generate the configuration file.

Follow NVD/CVE alerts

Subscribe to the Common Vulnerabilities and Exposure Security Alert updates, made available by National Vulnerability Database, and found on the NVD Download webpage. See also Arch CVE Monitoring Team and CVE-2014.

Warning: Do not be tempted to perform partial updates, as they are not supported by Arch Linux and may cause instability: the whole system should be upgraded when upgrading a component. Also note that infrequent system updates can complicate the update process.

Use the package manager to install software

Pacman does a much better job than you at keeping track of files. If you install things manually you will, sooner or later, forget what you did, where you installed to, install conflicting software, install to the wrong locations, etc.

From a stability standpoint you should try to avoid unsupported package and custom software, but if you really need such things making a package is better than manually compiling and installing.

Use proven software packages

Install mature and proven software, while avoiding cutting edge software that is still buggy. Do not deploy newly developed software until it is proven to be reliable. Use software that has a strong and active development community, as well as a high number of competent users.

Avoid any use of the testing repository, or individual packages from testing. These packages are experimental and not suitable for a stable system.

Unless recommended explicitly, do not install any development packages. These are usually found in AUR, occasionally in the community repository, and are packages taken directly from upstream development branches. They usually feature one of the following words appended to the package name: "dev", "devel", "svn", "cvs", "git", "hg", "bzr", or "darcs". In particular, avoid installing development versions of crucial system packages such as the kernel or glibc.

Choose open-source drivers

Wherever possible, choose open source drivers. Try to avoid proprietary drivers. Most of the time, open source drivers are more stable and reliable than proprietary drivers. Open source driver bugs are fixed more easily and quickly. While proprietary drivers can offer more features and capabilities, this can come at the cost of stability. To avoid this dilemma, choose hardware components known to have mature open source driver support with full features. Information about hardware with open source Linux drivers is available at linux-drivers.org.

Be careful with unofficial packages

Use precaution when using packages from the AUR or an unofficial user repository. Most are supplied by regular users and thus may not have the same standards as those in the official repositories. Be careful with AUR helpers which highly simplify installation of AUR packages. Always check PKGBUILDs for sanity and signs of mistake or malicious code before building and/or installing the package.

To simplify maintenance, limit the amount of unofficial packages used. Make periodic checks on which are in actual use, and remove (or replace with their official counterparts) any others. See pacman/Tips and tricks#Maintenance for useful commands.