Hi list, I know that there are automatic update with yum-cron but never tried. In my experiences I never did automatic backup because if update was broken my installation will be broken and I wait some time before apply update. Today seems to be that automatic update are used more than before. What do you think about automatic update? It is a good practice on a server? What is your experiences? Thanks in advance. Alessandro
On 03/11/2016 10:41 AM, Alessandro Baggi wrote:> Hi list, I know that there are automatic update with yum-cron but never > tried. > In my experiences I never did automatic backup because if update was broken > my installation will be broken and I wait some time before apply update. > Today seems to be that automatic update are used more than before. > What do you think about automatic update? It is a good practice on a > server? What is your experiences? > > Thanks in advance. > > AlessandroFor me, yum-cron only downloads the updates and e-mails me to let me know they are ready. It does not actually apply them. To apply them, I ssh in and run the command "yum update" and they install fast w/o me needing to wait for the download. That lets me test everything that is critical and make sure it works after the update.
Alessandro Baggi wrote:> Hi list, I know that there are automatic update with yum-cron but never > tried. > In my experiences I never did automatic backup because if update was > broken > my installation will be broken and I wait some time before apply update. > Today seems to be that automatic update are used more than before. > What do you think about automatic update? It is a good practice on a > server? What is your experiences? >1. Under *NO* *CIRCUMSTANCES* would I *ever* have that running on a production machine. That's what test boxes are for. 2. If it was my own machine at home, thanks, but I want to wake up, or come home, to a guaranteed working system. I'll update, so I can always undo.
Sorry, <enter> accidentally got hit before I finished. m.roth at 5-cent.us wrote:> Alessandro Baggi wrote: >> Hi list, I know that there are automatic update with yum-cron but never >> tried. >> In my experiences I never did automatic backup because if update was >> broken >> my installation will be broken and I wait some time before apply update. >> Today seems to be that automatic update are used more than before. >> What do you think about automatic update? It is a good practice on a >> server? What is your experiences? > > 1. Under *NO* *CIRCUMSTANCES* would I *ever* have that running on > a production machine. That's what test boxes are for. > 2. If it was my own machine at home, thanks, but I want to wake up, > or come home, to a guaranteed working system. I'll update, so > I can always undo.3. Systems like backup servers, etc, sure. They're not critical. 4. We don't do it on users' systems unless we're *sure* that it won't break something. Finally, on systems where there is a concern that something might break, like video drivers, we put excludes in /etc/yum.conf, and disable them under controlled conditions (i.e., one of us is sitting there doing it.) mark
Personally I enable yum-cron on relatively simple configs without much that could break, for example a LAMP server. Especially when they are public-facing and thus have greater exposure to security threats. But I don't as often on things that are internal-only and/or have a more complex setup such as running software I had to compile from source.> On Mar 11, 2016, at 10:41, Alessandro Baggi <alessandro.baggi at gmail.com> wrote: > > Hi list, I know that there are automatic update with yum-cron but never > tried. > In my experiences I never did automatic backup because if update was broken > my installation will be broken and I wait some time before apply update. > Today seems to be that automatic update are used more than before. > What do you think about automatic update? It is a good practice on a > server? What is your experiences? > > Thanks in advance. > > Alessandro > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
On 03/11/2016 12:41 PM, Alessandro Baggi wrote:> Hi list, I know that there are automatic update with yum-cron but never > tried. > In my experiences I never did automatic backup because if update was broken > my installation will be broken and I wait some time before apply update. > Today seems to be that automatic update are used more than before. > What do you think about automatic update? It is a good practice on a > server? What is your experiences? > > Thanks in advance. > > AlessandroWe run an automatic yum update nightly on most of the centos infrastructure servers. When I managed IT for an engineering firm, for the production machines I would never automate updates though. I would have a test environment and run my own local mirror and only put things onto the local mirror that passed through my test system and worked. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20160314/60791240/attachment-0001.sig>
On 03/14/2016 06:36 AM, Johnny Hughes wrote:> On 03/11/2016 12:41 PM, Alessandro Baggi wrote: >> Hi list, I know that there are automatic update with yum-cron but never >> tried. >> In my experiences I never did automatic backup because if update was broken >> my installation will be broken and I wait some time before apply update. >> Today seems to be that automatic update are used more than before. >> What do you think about automatic update? It is a good practice on a >> server? What is your experiences? >> >> Thanks in advance. >> >> Alessandro > > We run an automatic yum update nightly on most of the centos > infrastructure servers. > > When I managed IT for an engineering firm, for the production machines I > would never automate updates though. > > I would have a test environment and run my own local mirror and only put > things onto the local mirror that passed through my test system and worked.I sort of do that - I have a custom local repo and when something in an update causes breakage (can't remember the last time) I google for the problem online and find a fix and rebuild the src.rpm appending a .1 to the end of release so it looks newer. So I don't exclude things from CentOS or EPEL, I just add things to it... right now all my custome repo really has in it is solitaire and a texlive fake package that fakes out packages with require texlive (I run vanilla texlive managed by their utility, I don't like texlive as a zillion different RPMs) Honestly though I haven't personally experienced a breakage as a result of a package update in years, and when it happens it almost always is EPEL where the maintainer did a major version bump.