[CentOS] Auto-updates -- Bad Idea?
Les Mikesell
lesmikesell at gmail.com
Wed Apr 6 19:34:22 UTC 2011
On 4/6/2011 1:35 PM, email builder wrote:
> Hello,
>
> As I've learned recently, I do not have any auto updates configured on my
> system. I see some posts on the web encouraging the use of "yum-cron", but I'd
> like to know what people feel about the use of automatic updates.
>
> That is, for a server (non-desktop) system, automatic updates could break
> things or have other unforeseen consequences, and that could happen at the worst
> of times, since the process runs regularly.
>
> On the other hand, for small businesses without highly trained sysadmins or
> ones with enough time to baby their servers, missing critical updates to, say
> openssl or some other mission-critical package could spell disaster.
>
> Is the only reasonable solution to schedule a "human cron" once a week to look
> at needed updates? Ouch.
A middle-of-the-road approach is to have a machine or VM where you can
test things, perhaps the one you use as your own desktop or for
development, where you have all the packages installed that the other
systems use. You can 'yum update' this one frequently, noting what
packages are affected and that everything still works after a reboot
(for things where that might make a difference). Then if you have the
yum-downloadonly package installed on the machines that need
babysitting, you can 'ssh yum -y --downloadonly update' on them ahead of
time so you don't have to wait for the packages when you you are ready
to do the update (via ssh or not). It is extremely rare for an update
on RHEL or Centos to break anything since the whole point of an
'enterprise' distribution is not change things in ways that will break
previously working applications, but it is still always a possibility.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list