[CentOS] Auto-updates -- Bad Idea?

Wed Apr 6 19:34:22 UTC 2011
Les Mikesell <lesmikesell at gmail.com>

On 4/6/2011 1:35 PM, email builder wrote:
> Hello,
>
>    As I've learned recently, I do not have any auto updates configured on my
> system.  I see some posts on the web encouraging the use of "yum-cron", but I'd
> like to know what people feel about the use of automatic updates.
>
>    That is, for a server (non-desktop) system, automatic updates could break
> things or have other unforeseen consequences, and that could happen at the worst
> of times, since the process runs regularly.
>
>    On the other hand, for small businesses without highly trained sysadmins or
> ones with enough time to baby their servers, missing critical updates to, say
> openssl or some other mission-critical package could spell disaster.
>
>    Is the only reasonable solution to schedule a "human cron" once a week to look
> at needed updates?  Ouch.

A middle-of-the-road approach is to have a machine or VM where you can 
test things, perhaps the one you use as your own desktop or for 
development, where you have all the packages installed that the other 
systems use.  You can 'yum update' this one frequently, noting what 
packages are affected and that everything still works after a reboot 
(for things where that might make a difference).  Then if you have the 
yum-downloadonly package installed on the machines that need 
babysitting, you can 'ssh yum -y --downloadonly update' on them ahead of 
time so you don't have to wait for the packages when you you are ready 
to do the update (via ssh or not).  It is extremely rare for an update 
on RHEL or Centos to break anything since the whole point of an 
'enterprise' distribution is not change things in ways that will break 
previously working applications, but it is still always a possibility.

-- 
   Les Mikesell
    lesmikesell at gmail.com