Hello,
As I've learned recently, I do not have any auto updates configured on my system. I see some posts on the web encouraging the use of "yum-cron", but I'd like to know what people feel about the use of automatic updates.
That is, for a server (non-desktop) system, automatic updates could break things or have other unforeseen consequences, and that could happen at the worst of times, since the process runs regularly.
On the other hand, for small businesses without highly trained sysadmins or ones with enough time to baby their servers, missing critical updates to, say openssl or some other mission-critical package could spell disaster.
Is the only reasonable solution to schedule a "human cron" once a week to look at needed updates? Ouch.
Thanks in advance for your considered opinions.
If you don't want your system to break unexpectedly, do not enable automatic updates; especially if you are running any packages with non-standard configurations. In some cases, with bare packages and stock configurations, automatic updates may prove to be a viable and SEMI-safe solution. But, if you wish to maintain the integrity of a production system, I would suggest that you do not use them.
Josh
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of email builder Sent: Wednesday, April 06, 2011 2:36 PM To: centos@centos.org Subject: [CentOS] Auto-updates -- Bad Idea?
Hello,
As I've learned recently, I do not have any auto updates configured on my system. I see some posts on the web encouraging the use of "yum-cron", but I'd like to know what people feel about the use of automatic updates.
That is, for a server (non-desktop) system, automatic updates could break things or have other unforeseen consequences, and that could happen at the worst of times, since the process runs regularly.
On the other hand, for small businesses without highly trained sysadmins or ones with enough time to baby their servers, missing critical updates to, say openssl or some other mission-critical package could spell disaster.
Is the only reasonable solution to schedule a "human cron" once a week to look at needed updates? Ouch.
Thanks in advance for your considered opinions. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
At Wed, 6 Apr 2011 11:35:47 -0700 (PDT) CentOS mailing list centos@centos.org wrote:
Hello,
As I've learned recently, I do not have any auto updates configured on my system. I see some posts on the web encouraging the use of "yum-cron", but I'd like to know what people feel about the use of automatic updates.
That is, for a server (non-desktop) system, automatic updates could break things or have other unforeseen consequences, and that could happen at the worst of times, since the process runs regularly.
On the other hand, for small businesses without highly trained sysadmins or ones with enough time to baby their servers, missing critical updates to, say openssl or some other mission-critical package could spell disaster.
Is the only reasonable solution to schedule a "human cron" once a week to look at needed updates? Ouch.
I use the "human cron" option. It might make some sense to use "yum-cron", but the ideal way that would work best would be if the machines using "yum-cron" were tied to a local repo that contains only tested updates -- that is there would be developmental / test systems getting manually updated and then the updates would be tested. Once the updates have pased a QA process, they would be pushed to te internal / local repo, where they would be automagically picked up by "yum-cron". This covers both worlds: avoiding a automagical disaster AND automating updates across a pile of machines without a lot of manual labor.
For small shop, just doing manual updates is probably best. Generally, basic CentOS updates are unlikely to cause problems, unless there is odd (non-standard) q hardware and/or odd software involved, so for many people a (blind) yum-cron might actually work just fine. It just depends on how much of a disaster a machine brought down by a update that happens to break something.
Thanks in advance for your considered opinions. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
----- Original Message ----
From: Robert Heller heller@deepsoft.com To: CentOS mailing list centos@centos.org Cc: centos@centos.org Sent: Wed, April 6, 2011 11:58:46 AM Subject: Re: [CentOS] Auto-updates -- Bad Idea?
At Wed, 6 Apr 2011 11:35:47 -0700 (PDT) CentOS mailing list centos@centos.org wrote:
Hello,
As I've learned recently, I do not have any auto updates configured on my
system. I see some posts on the web encouraging the use of "yum-cron", but
I'd
like to know what people feel about the use of automatic updates.
That is, for a server (non-desktop) system, automatic updates could break
things or have other unforeseen consequences, and that could happen at the
worst
of times, since the process runs regularly.
On the other hand, for small businesses without highly trained sysadmins
or
ones with enough time to baby their servers, missing critical updates to,
say
openssl or some other mission-critical package could spell disaster.
Is the only reasonable solution to schedule a "human cron" once a week to
look
at needed updates? Ouch.
I use the "human cron" option. It might make some sense to use "yum-cron", but the ideal way that would work best would be if the machines using "yum-cron" were tied to a local repo that contains only tested updates -- that is there would be developmental / test systems getting manually updated and then the updates would be tested. Once the updates have pased a QA process, they would be pushed to te internal / local repo, where they would be automagically picked up by "yum-cron". This covers both worlds: avoiding a automagical disaster AND automating updates across a pile of machines without a lot of manual labor.
For small shop, just doing manual updates is probably best. Generally, basic CentOS updates are unlikely to cause problems, unless there is odd (non-standard) q hardware and/or odd software involved, so for many people a (blind) yum-cron might actually work just fine. It just depends on how much of a disaster a machine brought down by a update that happens to break something.
Thanks for taking the time to answer. This seems to be the consensus of all those who answered, and that was my hunch, so that it is. Too bad those posting instructions for yum-cron on their blogs don't talk about these issues, but they are likely desktop users I suppose.
Thanks again
At Wed, 6 Apr 2011 17:08:55 -0700 (PDT) CentOS mailing list centos@centos.org wrote:
----- Original Message ----
From: Robert Heller heller@deepsoft.com To: CentOS mailing list centos@centos.org Cc: centos@centos.org Sent: Wed, April 6, 2011 11:58:46 AM Subject: Re: [CentOS] Auto-updates -- Bad Idea?
At Wed, 6 Apr 2011 11:35:47 -0700 (PDT) CentOS mailing list centos@centos.org wrote:
Hello,
As I've learned recently, I do not have any auto updates configured on my
system. I see some posts on the web encouraging the use of "yum-cron", but
I'd
like to know what people feel about the use of automatic updates.
That is, for a server (non-desktop) system, automatic updates could break
things or have other unforeseen consequences, and that could happen at the
worst
of times, since the process runs regularly.
On the other hand, for small businesses without highly trained sysadmins
or
ones with enough time to baby their servers, missing critical updates to,
say
openssl or some other mission-critical package could spell disaster.
Is the only reasonable solution to schedule a "human cron" once a week to
look
at needed updates? Ouch.
I use the "human cron" option. It might make some sense to use "yum-cron", but the ideal way that would work best would be if the machines using "yum-cron" were tied to a local repo that contains only tested updates -- that is there would be developmental / test systems getting manually updated and then the updates would be tested. Once the updates have pased a QA process, they would be pushed to te internal / local repo, where they would be automagically picked up by "yum-cron". This covers both worlds: avoiding a automagical disaster AND automating updates across a pile of machines without a lot of manual labor.
For small shop, just doing manual updates is probably best. Generally, basic CentOS updates are unlikely to cause problems, unless there is odd (non-standard) q hardware and/or odd software involved, so for many people a (blind) yum-cron might actually work just fine. It just depends on how much of a disaster a machine brought down by a update that happens to break something.
Thanks for taking the time to answer. This seems to be the consensus of all those who answered, and that was my hunch, so that it is. Too bad those posting instructions for yum-cron on their blogs don't talk about these issues, but they are likely desktop users I suppose.
And/or small shops with very 'vanila' systems: no specialized hardware or software. And are not mission critical -- eg the occasional day of downtime is not a total disaster -- maybe some lost sales maybe.
Thanks again _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
email builder said the following on 06/04/11 20:35:
Is the only reasonable solution to schedule a "human cron" once a week to look at needed updates? Ouch.
I use "human cron".
I have a CenOS server at home and I follow CentOS and other software announcements.
When there is a critical or important upgrade, I do the upgrade on all the servers.
Ciao, luigi
- -- / +--[Luigi Rosa]-- \
That is the biggest fool thing we have ever done [research on]... The bomb will never go off, and I speak as an expert in explosives. --Adm. William D. Leahy, U.S. Atomic Bomb Project, 1944.
On 4/6/2011 1:35 PM, email builder wrote:
Hello,
As I've learned recently, I do not have any auto updates configured on my system. I see some posts on the web encouraging the use of "yum-cron", but I'd like to know what people feel about the use of automatic updates.
That is, for a server (non-desktop) system, automatic updates could break things or have other unforeseen consequences, and that could happen at the worst of times, since the process runs regularly.
On the other hand, for small businesses without highly trained sysadmins or ones with enough time to baby their servers, missing critical updates to, say openssl or some other mission-critical package could spell disaster.
Is the only reasonable solution to schedule a "human cron" once a week to look at needed updates? Ouch.
A middle-of-the-road approach is to have a machine or VM where you can test things, perhaps the one you use as your own desktop or for development, where you have all the packages installed that the other systems use. You can 'yum update' this one frequently, noting what packages are affected and that everything still works after a reboot (for things where that might make a difference). Then if you have the yum-downloadonly package installed on the machines that need babysitting, you can 'ssh yum -y --downloadonly update' on them ahead of time so you don't have to wait for the packages when you you are ready to do the update (via ssh or not). It is extremely rare for an update on RHEL or Centos to break anything since the whole point of an 'enterprise' distribution is not change things in ways that will break previously working applications, but it is still always a possibility.
On 07/04/11 05:34, Les Mikesell wrote:
Is the only reasonable solution to schedule a "human cron" once a week to look at needed updates? Ouch.
A middle-of-the-road approach is to have a machine or VM where you can test things, perhaps the one you use as your own desktop or for development, where you have all the packages installed that the other systems use. You can 'yum update' this one frequently, noting what packages are affected and that everything still works after a reboot (for things where that might make a difference).
I use a VM set up this way with the following crontab:
# check for yum updates every 12 hours 5 0,12 * * * root /usr/bin/yum -q check-update 2>/dev/null
so I get an email whenever there's any updates due. I can then evaluate, test, and (perhaps) schedule a time to manually update the production servers.
Kal
Is the only reasonable solution to schedule a "human cron" once a week
to look
at needed updates? Ouch.
A middle-of-the-road approach is to have a machine or VM where you can test things, perhaps the one you use as your own desktop or for development, where you have all the packages installed that the other systems use. You can 'yum update' this one frequently, noting what packages are affected and that everything still works after a reboot (for things where that might make a difference).
I use a VM set up this way with the following crontab:
# check for yum updates every 12 hours 5 0,12 * * * root /usr/bin/yum -q check-update 2>/dev/null
so I get an email whenever there's any updates due. I can then evaluate, test, and (perhaps) schedule a time to manually update the production servers.
The yum-updatesd package does all of this. Its config file is pretty simple and has your choice of whether to download, whether to install, and where updates should go.
-
Baird, Josh -
email builder -
Kahlil Hodgson -
Les Mikesell -
Luigi Rosa -
Robert Heller