如何处理 PHP 和框架的补丁/更新

发布于 2024-11-07 05:56:29 字数 197 浏览 3 评论 0原文

我们公司目前正在进行大讨论。如何处理 PHP 的更新以及使用的 PHP (Zend Framework)/JavaScript 框架(如 JQuery 和 Dojo)。

你们给每个 php 版本打补丁吗?您是否将每个框架更新部署到生产服务器?我认为测试所有依赖项需要花费大量时间?或者是火&忘记最佳实践?

很想听听您在这个领域的经验!谢谢。

Big discussions in the moment at our company. How to handle updates to PHP and used PHP (Zend Framework) / JavaScript Frameworks like JQuery and Dojo.

Do you patch every php version? do you deploy every Framework update to production servers? I think it takes and huge amount of time to test all depencys? Or is fire & forget best practise?

Would love to hear your expirence in this field! Thanks.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

再浓的妆也掩不了殇 2024-11-14 05:56:29

首先,最好有一个具有多个服务器的负载均衡器来处理请求。这样,如果其中一个发生部署问题,您可以将其从平衡器上拉下来并让其他人处理。

关于我是否会更新上述框架或 PHP,问题归结为:

  1. 它会破坏兼容性吗? ——这是最重要的因素。即使对于关键的安全更新,您也必须将代码放在临时服务器上并解决所有问题。
  2. 这是一个错误修复吗? bug 修复是否会影响我正在使用的内容? - 如果我不使用 SOAP,并且 SOAP 代码有 bug 修复,那么我会通过。现在,如果数组的处理方式出现错误,我肯定会升级。
  3. 这是一个安全修复吗?它会影响我正在使用的东西吗? - 这里的政策相同,但我会更快地进行升级。

现在就如何处理它而言,我建议如下:

  1. 从负载均衡器中取出一个节点,确保在出现问题时可以使用先前源的副本。
  2. 更新您需要的任何内容,然后将其带回负载均衡器,但将其限制为只有您可以看到的 IP 地址。
  3. 检查一切看起来是否合法。如果出现问题,请将其恢复并查看问题是否可以解决,或者是否需要放回以前的源。
  4. 如果问题可以解决,请解决它,然后返回步骤 2。
  5. 接下来,从负载平衡器中关闭另一台服务器并执行相同的操作。
  6. 执行此操作,直到旧版本节点和新版本节点之间的比例达到 50/50。
  7. 现在,强制所有用户请求转到新版本,以确保面向公众的网站正常。如果出现故障,请强制旧版本节点重新上线。
  8. 如果一切正常,请升级旧版本节点,并在完成后将它们带回平衡器。

您需要多少个节点取决于您站点的规模。请注意,这是一种更加偏执的更新方法。

First off, it's best to have a load balancer with multiple servers to process requests. That way if a deployment issue happens on one, you can pull it off the balancer and let the others handle it.

In regards to whether or not I would update said framework or PHP, the question comes down to:

  1. Does it break compatibility? - This is the most important factor. Even for critical security updates, you'll have to put your code on a staging server and work through all the issues.
  2. Is it a bug fix? Does the bug fix affect something I'm using? - If I don't use SOAP and there's a bug fix on SOAP code, I pass. Now if there's a bug in how arrays are handled, I will definitely upgrade.
  3. Is it a security fix? Does it affect something I'm using? - Same policy here, but I'll be quicker about the upgrades.

Now as far as how to handle it, I'd recommend the following:

  1. Take a node off the load balancer, make sure a copy of the previous source is available for if things go wrong.
  2. Update whatever you need to, then bring it back to the load balancer, but restrict it to an IP address that only you can see.
  3. Check that everything looks legit. If there's an issue bring it back down and see if the issue can be resolved, or if you need to put back the previous source.
  4. If it's an issue that can be resolved, resolve it then go back to step 2.
  5. Next, bring down another server from the load balancer and do the same.
  6. Do this until you have a nice 50/50 split between old version nodes and new version nodes.
  7. Now, force all user requests to go to the new version noes to make sure the public facing site is okay. If something fails, force the old version nodes back online.
  8. If everything is okay, upgrade the old version nodes and bring them back to the balancer when you're done.

How many nodes you need will depend on the scale of your site. Please note that this is somewhat of a more paranoid method for updates.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文