I am about to set up a computer with Centos 6 that I'll probably never see again. I don't want to give out the root password, but I would like to have it automatically and transparently update itself.
What is the best way to do this? I have been looking at webpages about yum-cron and yum-updatesd but nothing directly addresses Centos 6 and it appears that at least one of those two methods is now obsolete.
I am about to set up a computer with Centos 6 that I'll probably never see again. I don't want to give out the root password, but I would like to have it automatically and transparently update itself.
What is the best way to do this? I have been looking at webpages about yum-cron and yum-updatesd but nothing directly addresses Centos 6 and it appears that at least one of those two methods is now obsolete.
While you could certainly set a regular cron job I wouldn't recommend doing this. While a great many updates are non-intrusive, some could cause applications to stop working properly until restarted.
Then there's kernel updates, which require reboots, but which do not happen automatically upon installation...and if the system does not reboot, properly after that update, someone is going to have to lay hands on the keyboard.
Point being that it's probably better if someone plans on running an attended, periodic update.
I am about to set up a computer with Centos 6 that I'll probably never see again. I don't want to give out the root password, but I would like to have it automatically and transparently update itself.
What is the best way to do this? I have been looking at webpages about yum-cron and yum-updatesd but nothing directly addresses Centos 6 and it appears that at least one of those two methods is now obsolete.
While you could certainly set a regular cron job I wouldn't recommend doing this. While a great many updates are non-intrusive, some could cause applications to stop working properly until restarted.
Then there's kernel updates, which require reboots, but which do not happen automatically upon installation...and if the system does not reboot, properly after that update, someone is going to have to lay hands on the keyboard.
Point being that it's probably better if someone plans on running an attended, periodic update.
However, if you're bound and determined to perform unattended updates, a simple Google search for "unattended yum update" turned up this link:
http://syamsul.net/2011/01/02/unattended-updates-on-centos/
Which even includes a comment with a link to an updated process for CentOS 6.
On 10/25/2012 10:01 PM, Mike Burger wrote:
Then there's kernel updates, which require reboots, but which do not happen automatically upon installation...and if the system does not reboot, properly after that update, someone is going to have to lay hands on the keyboard.
I have machines with /etc/cron.weekly/newkernel with:
/usr/bin/yum list recent | /bin/fgrep -q kernel EXITVALUE=$?
if [ $EXITVALUE == 0 ]; then /sbin/reboot fi
exit 0
for automatic reboot Sunday morning if a new kernel was installed during the week.
It has worked for years.
On the other hand, I've seen other machines with CentOS 6 where the network had stopped working after the reboot. Physical access - or in my case HP's iLo - saved it by rebooting the previous kernel (it was a problem with some NIC's and VLAN).
I had done a test by booting the new kernel on the machine which is a mirror of this machine, without problems. They are identical - except for the network setup (no VLAN on the mirror).
Mogens
On Thu, 25 Oct 2012, Frank Cox wrote:
To: centos@centos.org From: Frank Cox theatre@melvilletheatre.com Subject: [CentOS] Completely automatic yum updating on Centos 6
I am about to set up a computer with Centos 6 that I'll probably never see again. I don't want to give out the root password, but I would like to have it automatically and transparently update itself.
What is the best way to do this? I have been looking at webpages about yum-cron and yum-updatesd but nothing directly addresses Centos 6 and it appears that at least one of those two methods is now obsolete.
Hello Frank.
What about doing a ssh root login to the box from far away, and then running yum check-update, to see what the consequences of updating the box could do before commiting to the update first?
HTH
Keith
On 25 October 2012 21:19, Keith Roberts keith@karsites.net wrote:
On Thu, 25 Oct 2012, Frank Cox wrote:
To: centos@centos.org From: Frank Cox theatre@melvilletheatre.com Subject: [CentOS] Completely automatic yum updating on Centos 6
I am about to set up a computer with Centos 6 that I'll probably never see again. I don't want to give out the root password, but I would like to have it automatically and transparently update itself.
What about doing a ssh root login to the box from far away, and then running yum check-update, to see what the consequences of updating the box could do before commiting to the update first?
what about creating a user, sticking ssh on a different port, use key based authentication, keep PermitRootLogin no then using su - :)
mike
On Thu, 25 Oct 2012 21:19:24 +0100 (BST) Keith Roberts wrote:
What about doing a ssh root login to the box from far away, and then running yum check-update, to see what the consequences of updating the box could do before commiting to the update first?
As far as I know, while it will have a public IP address (I don't think it will be behind a NAT, though I could be wrong), it won't have a static address.
So if I plan to log into it remotely, I'll have to have it report its current address to me on occasion.
Which probably wouldn't be a bad thing, anyway.
On Thu, Oct 25, 2012 at 5:19 PM, Frank Cox theatre@melvilletheatre.com wrote:
So if I plan to log into it remotely, I'll have to have it report its current address to me on occasion.
Which probably wouldn't be a bad thing, anyway.
Or, if someone else will be logging in and you just don't want to give them root access, you could set up sudo access to a script that does a 'yum -y update' and then asks if they want to reboot.
On Thu, 25 Oct 2012 17:50:49 -0500 Les Mikesell wrote:
Or, if someone else will be logging in and you just don't want to give them root access, you could set up sudo access to a script that does a 'yum -y update' and then asks if they want to reboot.
I did consider that, but if it doesn't happen automatically it ain't gonna happen.
on 10/25/2012 3:54 PM Frank Cox spake the following:
On Thu, 25 Oct 2012 17:50:49 -0500 Les Mikesell wrote:
Or, if someone else will be logging in and you just don't want to give them root access, you could set up sudo access to a script that does a 'yum -y update' and then asks if they want to reboot.
I did consider that, but if it doesn't happen automatically it ain't gonna happen.
The more standard and limited the server, the more likely it won't have errors on auto updating... But it is a crapshoot... Sooner or later it will throw snake eyes...
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Frank Cox Sent: den 26 oktober 2012 00:19 To: centos@centos.org Subject: Re: [CentOS] Completely automatic yum updating on Centos 6
So if I plan to log into it remotely, I'll have to have it report its current address to me on occasion.
Which probably wouldn't be a bad thing, anyway.
How would one do that?
Using an applet from eg Noip.com or something bashish that mails you the info?
On 26/10/2012 01:19, Frank Cox wrote:
On Thu, 25 Oct 2012 21:19:24 +0100 (BST) Keith Roberts wrote:
What about doing a ssh root login to the box from far away, and then running yum check-update, to see what the consequences of updating the box could do before commiting to the update first?
As far as I know, while it will have a public IP address (I don't think it will be behind a NAT, though I could be wrong), it won't have a static address.
So if I plan to log into it remotely, I'll have to have it report its current address to me on occasion.
You could set up cron job for check-updates and send the result in mail to you. In this mail you could send the server's IP address too (in mail header appear anyway) But server's address can change meantime, so you consider to report current address when server is connect. Depends how often connect-re-connect. :)
Which probably wouldn't be a bad thing, anyway.
From: Frank Cox theatre@melvilletheatre.com
I am about to set up a computer with Centos 6 that I'll probably never see again. I don't want to give out the root password, but I would like to have it automatically and transparently update itself.
What about .rpmsave and .rpmnew files...? How long does the apps support the old configurations files formats...?
JD
On Fri, Oct 26, 2012 at 5:19 AM, John Doe jdmls@yahoo.com wrote:
From: Frank Cox theatre@melvilletheatre.com
I am about to set up a computer with Centos 6 that I'll probably never see again. I don't want to give out the root password, but I would like to have it automatically and transparently update itself.
What about .rpmsave and .rpmnew files...? How long does the apps support the old configurations files formats...?
That's the whole point of 'Enterprise' versions. Updates are never supposed to disrupt previously working behavior. It's not perfect, but if you have any internet exposure I'd guess that the odds of being hacked if you don't stay up to date over the life of a release are way higher than having something break if you do.
On Thursday, October 25, 2012 03:05:56 PM Frank Cox wrote:
I am about to set up a computer with Centos 6 that I'll probably never see again. I don't want to give out the root password, but I would like to have it automatically and transparently update itself.
Now, what I'm about to say may sound a little strange; I am a CentOS user, and have pretty much standardized on it for my applications.
But, having said that, this is more suited to the Scientific Linux model, where you can choose to stay at a particular point release and only take security updates. There are extra packages for SL that make it easy to implement what you are wanting to do.
If I were needing to do what you're wanting to do, that's what I'd do, as it's close enough to CentOS to where everything will work the same way.
But, having said all of that, it must be said that the SL update 'nondisruptive index' is not 100%; it is really close to 100%, but there have been a few niggles over the years.
On Fri, Oct 26, 2012 at 8:23 AM, Lamar Owen lowen@pari.edu wrote:
But, having said all of that, it must be said that the SL update 'nondisruptive index' is not 100%; it is really close to 100%, but there have been a few niggles over the years.
How many things have you had break from a Centos update?
On Friday, October 26, 2012 10:41:19 AM Les Mikesell wrote:
On Fri, Oct 26, 2012 at 8:23 AM, Lamar Owen lowen@pari.edu wrote:
But, having said all of that, it must be said that the SL update 'nondisruptive index' is not 100%; it is really close to 100%, but there have been a few niggles over the years.
How many things have you had break from a Centos update?
While there haven't been many, I haven't counted, and those things would have broken with upstream EL as well. The worst one was back in EL4 days when a kernel update in the PCI enumeration order caused eth0 and eth1 to swap ports on some Dell servers I had.
-
Birta Levente -
Frank Cox -
John Doe -
Keith Roberts -
Lamar Owen -
Les Mikesell -
Michael Simpson -
Mike Burger -
Mogens Kjaer -
Scott Silva -
Sorin Srbu