Trellis good practice suggestions for ongoing maintenance


I’m using Trellis and it’s awesome. I’m interested in what the next steps/best practice should be for ongoing server maintenance, security etc should be. Kinda like the Sage book, but for Trellis…

I know one option is to use a managed host like Kinsta, but I want to learn rather than just offload it.

  1. Is it assumed that there are next steps to take outside of what is in the documentation or is re-provisioning occasionally enough to keep the server safe and stable?
  2. Should all changes to the server be done through Trellis rather than sshing directly to the server and doing (for example) apt-get upgrade?
  3. What resources other than this discourse and the docs would be good to read?

Thanks :slight_smile:


I don’t know of any resources that can be looked at but there are a fair amount of videos on YouTube around it.

As for point 2, you shouldn’t ever make changes manually over SSH. For adding Ubuntu packages, you can define them in your Trellis configurations like so:

## /path/to/trellis/group_vars/all/main.yml

  zip: "{{ apt_package_state }}"
  htop: "{{ apt_package_state }}"

The packages zip and htop will be installed to the server on the next provision using their latest stable versions.


The only things Trellis doesn’t really do are:

  1. backups

  2. software updates

  3. automatically managing disk space

  4. depends on your solution of course so not too much we can do. 2. we might be able to handle, but don’t yet. I’d recommend at least trying to run/automate the dist upgrades. 3. I’d suggest setting up warnings for this at least. Many cloud providers offer it (like DO).


And on this. If you rely on unattended upgrades to solve 2, you will eventually run afoul of 3! :smiley:


I’ll be honest. I try to log into my various instances every month or so and run software updates from the admin account to try and keep things secure and up to date. It is something I’d be interested in seeing some better automated management of, but I’m not sure if that’s possible without a lot of caveats?