Regularly updating your Virtual Machine (VM) is essential to ensure security, stability, and performance. Operating system vendors release updates to fix vulnerabilities, improve reliability, and provide new features. Keeping your VM current reduces the risk of security incidents and ensures compatibility with EWC services and tools.

This page outlines the general practices for maintaining an up‑to‑date VM, regardless of the operating system or workload running on it.

Why Updates Matter

• Security: Patches fix vulnerabilities that could be exploited by attackers.

• Stability: Updates improve system reliability and fix known bugs.

• Performance: New kernels, drivers, and libraries often bring optimizations.

• Supportability: Outdated systems may fall outside support.

General Good Practices

1. Apply OS Updates Regularly

Ensure your VM receives the latest security and maintenance updates from the operating system vendor.

Rocky Linux: Use dnf to install updates.

Ubuntu: Use apt to install updates.

2. Enable Automatic Security Updates

Enable automatic installation of security patches to reduce exposure windows.

Rocky Linux: Use dnf-automatic or vendor‑specific tools.

Ubuntu: Use unattended-upgrades.

3. Reboot When Required

Some updates (kernel, drivers, security patches) require a reboot to take effect. Plan maintenance windows to reboot safely without impacting workloads.

4. Keep System Packages and Libraries Updated

Applications depend on system libraries. Updating them ensures compatibility and reduces vulnerabilities.

5. Remove Unsupported or End‑of‑Life OS Versions

End‑of‑life operating systems no longer receive security updates. Plan migrations before the vendor support window ends.

6. Monitor Available Updates

Use built‑in tools or configuration management systems to track pending updates.

7. Snapshot Before Major Upgrades

Before kernel upgrades or distribution upgrades, take a VM snapshot to allow quick rollback if needed.

Application‑Level Updates

In addition to the operating system, certain applications and tools installed on your VM must also be kept up to date to ensure security and compatibility.

Common components in EWC environments requiring regular updates:

• Docker / container runtime

• Kubernetes CLI tools (kubectl, helm, kustomize)

• Python environments (pip, uv, pipenv, conda)

• OpenBao CLI (bao / vault)

• Ansible and automation tooling

• Monitoring agents or exporters

You can find specific update guides below: