[CentOS] running yum update on remote servers
Robert Moskowitz
rgm at htt-consult.com
Mon Feb 25 18:35:35 UTC 2013
On 02/25/2013 01:00 PM, Les Mikesell wrote:
> On Mon, Feb 25, 2013 at 7:48 AM, Robert Moskowitz <rgm at htt-consult.com> wrote:
>> I have read a couple old threads here on updates for servers, and I am
>> looking for some mechanics to getting the actual updates done. I don't
>> want automatic updates; I want to control when and what gets updated.
> Keep in mind that to _not_ install an update, you have to know more
> than the RH engineers about the code. I usually assume they had a
> good reason for going to the trouble of shipping it and that they
> would have to have a very, very good reason to ship anything that
> would break an existing API in an update. Of course it is always good
> policy to test the combination of things you run in production on a
> non-critical box first.
For example, an apache update MAY require that I first check what it
will do to http.conf. First install it on a test server, check out what
is new, then apply it. Or a firefox update, and I only run firefox
anymore on the server when I am running in via vnc, and probably will
never again (after setup) run firefox, so I will apply that update when
I don't have something more to do. I see mysqld on my DNS server, but I
have it off. Also cups is there, and I don't do printing. I have not
uninstalled these, so if they get updates, I will apply them, but not
when I am on the road. Now a bind or apache security update will get
applied....
yes, I still tend to install desktop on my servers to get them
configured, the set inittab to 3 and will rarely ever run desktop again.
>
>> First I have to determine that a particular server needs updates. I
>> suppose a daily script that would run "yum check-updates' and emails me
>> the results could work, but then I would only want the email IF there
>> was something to update, at my limited use of this option does not show
>> anything to trigger a notify on changes. Does anyone know of a script
>> that would do this?
> How about just joining the centos-announce mail list?
I am on it, and I do look at the announcements. Still which rpm is used
on which server? What is critical and what is not?
More information about the CentOS
mailing list