On 02/25/2013 01:00 PM, Les Mikesell wrote:
On Mon, Feb 25, 2013 at 7:48 AM, Robert Moskowitz rgm@htt-consult.com wrote:
I have read a couple old threads here on updates for servers, and I am looking for some mechanics to getting the actual updates done. I don't want automatic updates; I want to control when and what gets updated.
Keep in mind that to _not_ install an update, you have to know more than the RH engineers about the code. I usually assume they had a good reason for going to the trouble of shipping it and that they would have to have a very, very good reason to ship anything that would break an existing API in an update. Of course it is always good policy to test the combination of things you run in production on a non-critical box first.
For example, an apache update MAY require that I first check what it will do to http.conf. First install it on a test server, check out what is new, then apply it. Or a firefox update, and I only run firefox anymore on the server when I am running in via vnc, and probably will never again (after setup) run firefox, so I will apply that update when I don't have something more to do. I see mysqld on my DNS server, but I have it off. Also cups is there, and I don't do printing. I have not uninstalled these, so if they get updates, I will apply them, but not when I am on the road. Now a bind or apache security update will get applied....
yes, I still tend to install desktop on my servers to get them configured, the set inittab to 3 and will rarely ever run desktop again.
First I have to determine that a particular server needs updates. I suppose a daily script that would run "yum check-updates' and emails me the results could work, but then I would only want the email IF there was something to update, at my limited use of this option does not show anything to trigger a notify on changes. Does anyone know of a script that would do this?
How about just joining the centos-announce mail list?
I am on it, and I do look at the announcements. Still which rpm is used on which server? What is critical and what is not?