Hello, As I've learned recently, I do not have any auto updates configured on my system. I see some posts on the web encouraging the use of "yum-cron", but I'd like to know what people feel about the use of automatic updates. That is, for a server (non-desktop) system, automatic updates could break things or have other unforeseen consequences, and that could happen at the worst of times, since the process runs regularly. On the other hand, for small businesses without highly trained sysadmins or ones with enough time to baby their servers, missing critical updates to, say openssl or some other mission-critical package could spell disaster. Is the only reasonable solution to schedule a "human cron" once a week to look at needed updates? Ouch. Thanks in advance for your considered opinions.
If you don't want your system to break unexpectedly, do not enable automatic updates; especially if you are running any packages with non-standard configurations. In some cases, with bare packages and stock configurations, automatic updates may prove to be a viable and SEMI-safe solution. But, if you wish to maintain the integrity of a production system, I would suggest that you do not use them. Josh -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of email builder Sent: Wednesday, April 06, 2011 2:36 PM To: centos at centos.org Subject: [CentOS] Auto-updates -- Bad Idea? Hello, As I've learned recently, I do not have any auto updates configured on my system. I see some posts on the web encouraging the use of "yum-cron", but I'd like to know what people feel about the use of automatic updates. That is, for a server (non-desktop) system, automatic updates could break things or have other unforeseen consequences, and that could happen at the worst of times, since the process runs regularly. On the other hand, for small businesses without highly trained sysadmins or ones with enough time to baby their servers, missing critical updates to, say openssl or some other mission-critical package could spell disaster. Is the only reasonable solution to schedule a "human cron" once a week to look at needed updates? Ouch. Thanks in advance for your considered opinions. _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos
At Wed, 6 Apr 2011 11:35:47 -0700 (PDT) CentOS mailing list <centos at centos.org> wrote:> > Hello, > > As I've learned recently, I do not have any auto updates configured on my > system. I see some posts on the web encouraging the use of "yum-cron", but I'd > like to know what people feel about the use of automatic updates. > > That is, for a server (non-desktop) system, automatic updates could break > things or have other unforeseen consequences, and that could happen at the worst > of times, since the process runs regularly. > > On the other hand, for small businesses without highly trained sysadmins or > ones with enough time to baby their servers, missing critical updates to, say > openssl or some other mission-critical package could spell disaster. > > Is the only reasonable solution to schedule a "human cron" once a week to look > at needed updates? Ouch.I use the "human cron" option. It might make some sense to use "yum-cron", but the ideal way that would work best would be if the machines using "yum-cron" were tied to a local repo that contains only tested updates -- that is there would be developmental / test systems getting manually updated and then the updates would be tested. Once the updates have pased a QA process, they would be pushed to te internal / local repo, where they would be automagically picked up by "yum-cron". This covers both worlds: avoiding a automagical disaster AND automating updates across a pile of machines without a lot of manual labor. For small shop, just doing manual updates is probably best. Generally, basic CentOS updates are unlikely to cause problems, unless there is odd (non-standard) q hardware and/or odd software involved, so for many people a (blind) yum-cron might actually work just fine. It just depends on how much of a disaster a machine brought down by a update that happens to break something.> > Thanks in advance for your considered opinions. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >-- Robert Heller -- 978-544-6933 / heller at deepsoft.com Deepwoods Software -- http://www.deepsoft.com/ () ascii ribbon campaign -- against html e-mail /\ www.asciiribbon.org -- against proprietary attachments
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 email builder said the following on 06/04/11 20:35:> Is the only reasonable solution to schedule a "human cron" once a week to look > at needed updates? Ouch.I use "human cron". I have a CenOS server at home and I follow CentOS and other software announcements. When there is a critical or important upgrade, I do the upgrade on all the servers. Ciao, luigi - -- / +--[Luigi Rosa]-- \ That is the biggest fool thing we have ever done [research on]... The bomb will never go off, and I speak as an expert in explosives. --Adm. William D. Leahy, U.S. Atomic Bomb Project, 1944. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2cuVYACgkQ3kWu7Tfl6ZThAgCgsTfqKxb249NEbq8oYVLcncIF LyQAoIVsnvqyHiNo49YjbXcbeR7AK/+L =kQGG -----END PGP SIGNATURE-----
On 4/6/2011 1:35 PM, email builder wrote:> Hello, > > As I've learned recently, I do not have any auto updates configured on my > system. I see some posts on the web encouraging the use of "yum-cron", but I'd > like to know what people feel about the use of automatic updates. > > That is, for a server (non-desktop) system, automatic updates could break > things or have other unforeseen consequences, and that could happen at the worst > of times, since the process runs regularly. > > On the other hand, for small businesses without highly trained sysadmins or > ones with enough time to baby their servers, missing critical updates to, say > openssl or some other mission-critical package could spell disaster. > > Is the only reasonable solution to schedule a "human cron" once a week to look > at needed updates? Ouch.A middle-of-the-road approach is to have a machine or VM where you can test things, perhaps the one you use as your own desktop or for development, where you have all the packages installed that the other systems use. You can 'yum update' this one frequently, noting what packages are affected and that everything still works after a reboot (for things where that might make a difference). Then if you have the yum-downloadonly package installed on the machines that need babysitting, you can 'ssh yum -y --downloadonly update' on them ahead of time so you don't have to wait for the packages when you you are ready to do the update (via ssh or not). It is extremely rare for an update on RHEL or Centos to break anything since the whole point of an 'enterprise' distribution is not change things in ways that will break previously working applications, but it is still always a possibility. -- Les Mikesell lesmikesell at gmail.com