CentOS And Automatic Update On Server
Hi list, I know that there are automatic update with yum-cron but never tried. In my experiences I never did automatic backup because if update was broken my installation will be broken and I wait some time before apply update. Today seems to be that automatic update are used more than before. What do you think about automatic update? It is a good practice on a server? What is your experiences?
Thanks in advance.
Alessandro
6 thoughts on - CentOS And Automatic Update On Server
For me, yum-cron only downloads the updates and e-mails me to let me know they are ready. It does not actually apply them.
To apply them, I SSH in and run the command “yum update” and they install fast w/o me needing to wait for the download.
That lets me test everything that is critical and make sure it works after the update.
Alessandro Baggi wrote:
1. Under *NO* *CIRCUMSTANCES* would I *ever* have that running on
a production machine. That’s what test boxes are for.
2. If it was my own machine at home, thanks, but I want to wake up,
or come home, to a guaranteed working system. I’ll update, so I can always undo.
Sorry, accidentally got hit before I finished.
m.roth@5-cent.us wrote:
3. Systems like backup servers, etc, sure. They’re not critical.
4. We don’t do it on users’ systems unless we’re *sure* that
it won’t break something.
Finally, on systems where there is a concern that something might break, like video drivers, we put excludes in /etc/yum.conf, and disable them under controlled conditions (i.e., one of us is sitting there doing it.)
mark
Personally I enable yum-cron on relatively simple configs without much that could break, for example a LAMP server. Especially when they are public-facing and thus have greater exposure to security threats.
But I don’t as often on things that are internal-only and/or have a more complex setup such as running software I had to compile from source.
–HlAQBa5pdcC7oI6jSCj8Dq5SnwfvsleB9
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
We run an automatic yum update nightly on most of the CentOS
infrastructure servers.
When I managed IT for an engineering firm, for the production machines I
would never automate updates though.
I would have a test environment and run my own local mirror and only put things onto the local mirror that passed through my test system and worked.
–HlAQBa5pdcC7oI6jSCj8Dq5SnwfvsleB9
I sort of do that – I have a custom local repo and when something in an update causes breakage (can’t remember the last time) I google for the problem online and find a fix and rebuild the src.rpm appending a .1 to the end of release so it looks newer.
So I don’t exclude things from CentOS or EPEL, I just add things to it… right now all my custome repo really has in it is solitaire and a texlive fake package that fakes out packages with require texlive (I run vanilla texlive managed by their utility, I don’t like texlive as a zillion different RPMs)
Honestly though I haven’t personally experienced a breakage as a result of a package update in years, and when it happens it almost always is EPEL where the maintainer did a major version bump.