Effects of Windows Update

Discussion in 'Installation, Configuration and Upgrade' started by Jonathan Gilbert, Dec 6, 2015.

Tags:
  1. Jonathan Gilbert

    Jonathan Gilbert Bit Poster

    Messages:
    1
    Hello :)

    I recently signed up for a VPS with a hosting provider that uses Virtuozzo containers. This is my first exposure with Virtuozzo containers, and without truly understanding how weird they are I went ahead and clicked on the "Check for Windows Updates online" button. Some 88 updates installed, and the VPS rebooted, and it's up and running now, but I've started to read about how you're really not supposed to do that... :)

    Like I say, as of right now it is running okay, seems to be stable. As a precaution, I've begun uninstalling as many of the updates as possible. Some of them won't or can't uninstall. I'm finding myself worried about what will happen when the provider runs vzup2date on the host (if they ever do -- 88 updates is an awful lot to have outstanding, so I'm a little bit worried about their update schedule... :p).

    Just how screwed am I?

    • If the suite of updates currently installed is working okay at this point, am I good to go for the future, and I should just avoid doing Windows Updates myself again, to avoid the risk of installing something incompatible with Virtuozzo's virtualization changes?
    • As an alternative channel to get "safe" updates if the provider isn't doing a very good job, is the "http://vzwinupdate.sw-soft.com" WSUS server for use in containers or only on the host?
    • Is my VPS going to crash & burn horribly the next time the host installs updates?

    Thanks very much :)

    Jonathan Gilbert
     
  2. Pavel

    Pavel A.I. Auto-Responder Odin Team

    Messages:
    403
    Hello Jonathan,

    Clicking "Check for updates online" certainly was a bad idea. On both nodes and containers this is considered a destructive operation.
    This comes from the fact some MS updates are actually breaking Containers Virtualization when installed on the host. That is why it was necessary to come up with a separate WSUS that only distributes approved updates that are supported for a current patch level, and supported in the product.

    On the other hand, containers are tightly integrated with the Hardware Node. At some point discrepancy between node's and ct's system files might lead to various services outage/malfunction such as broken .NET, RDP, network overall and even CT startup itself. Even if right now container is working fine and can survive a reboot there is no telling whether it will be stable in the future.

    By clicking "Check for updates online" you fetch updates directly from MS website, and updates are not filtered for supported/unsupported.
    Even if you get 88 updates it does not necessarily mean your hoster is not installing updates - it might exactly be a list of "unapproved" updates.

    At this point I'd recommend to restore container from a backup if possible, or re-install it beforehand while it is still working and you can backup/migrate/retrieve data from it easily.

    So, answering the 3 questions:
    0) Pretty much screwed, but apparently not instantly. I'd say it's a long-time investment in a screw-up.
    1) No way to predict this. It all depends on set of installed updates, and on updates which will be installed in the future.
    2) No, it's not a good option. Your CT must be on a same patch level as the hardware node to behave flawlessly. Installed them before they are isntalled on HW node itself is not safe.
    3) It might be, and it might not. As I said, there is no certain way to predict this. But chances are real.
     

Share This Page