CentOS - Jan 2012 - anyone doing automatic yum updates via yum-updatesd on production servers?

I've read that it's not recommended to automatically apply updates via
yum-updated on production servers, but I keep encountering servers that
have this enabled.

Are any of you doing automatic yum updates on production servers in CentOS
5 via yum-updatesd? Have you experienced any negative side effects?

The only thing I can think of is if say a client had a custom version of
PHP installed that was not properly excluded in yum and then it was over
written.
Unless I'm missing something else that could go horribly wrong.

Any feedback is appreciated. (if this question has already been asked my
apologies, searching the archive didn't find what I was looking for)

Thanks,

-PJ

On 01/17/2012 02:30 PM, P J wrote:
> I've read that it's not recommended to automatically apply updates
via
> yum-updated on production servers, but I keep encountering servers that
> have this enabled.
>
> Are any of you doing automatic yum updates on production servers in CentOS
> 5 via yum-updatesd? Have you experienced any negative side effects?
>
> The only thing I can think of is if say a client had a custom version of
> PHP installed that was not properly excluded in yum and then it was over
> written.
> Unless I'm missing something else that could go horribly wrong.
>
> Any feedback is appreciated. (if this question has already been asked my
> apologies, searching the archive didn't find what I was looking for)
>
> Thanks,
>
> -PJ
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
Hi PJ,


Good practices is don't update any package on server directly without
test before.

It's because some update may not full compatible with your configuration.

I do the update first on test server to ensure that update will not
break my system.

I didn't update directly without test this new package before, so I
never get troubles on updates to my servers.

If you have many server with same package to update, first try one in
Testing (of Dev) Environment, if no have problems, send your servers
update the packages.



best regrads
--aslan




best regards.

Best reason I can think of is application feature deprecation.

If an update contains changes to the default configuration file then the
file will normally be installed with the '.rpmnew' extension.

If an application decides to deprecate and phase out options which you
actually use in the current configuration then the automatic update will
invalidate your configuration and the service will not start.

This would cause downtime for your servers. In the case of some services
e.g. ssh, it could be catastrophic, requiring you to physically visit the
servers, would could incur a cost to you.

If you're OK with that, then you're not really in a high-availability
production environment and you can use the automatic update daemon if you
wish.


On Tue, January 17, 2012 17:30, P J wrote:
> I've read that it's not recommended to automatically apply updates
via
> yum-updated on production servers, but I keep encountering servers that
> have this enabled.
>
> Are any of you doing automatic yum updates on production servers in CentOS
> 5 via yum-updatesd? Have you experienced any negative side effects?
>
> The only thing I can think of is if say a client had a custom version of
> PHP installed that was not properly excluded in yum and then it was over
> written.
> Unless I'm missing something else that could go horribly wrong.
>
> Any feedback is appreciated. (if this question has already been asked my
> apologies, searching the archive didn't find what I was looking for)
>
> Thanks,
>
> -PJ
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

From: P J <pauljflists at gmail.com>
> I've read that it's not recommended to automatically apply updates
via
> yum-updated on production servers, but I keep encountering servers that
> have this enabled.
Some parameters/configurations/functionalities might 
change/appear/disappear, depending on the type of 
development (some projects are stable and other projects? just 
do not care about backward compatibility).
If you do manual updates, you will notice that some configuration 
files may change in the process (see the .rpmnew and .rpmsave)...
If your server is critical, you'd better test the updates on a non 
critical server before.

JD

On 01/17/2012 10:30 AM, P J wrote:
> I've read that it's not recommended to automatically apply updates
via
> yum-updated on production servers, but I keep encountering servers that
> have this enabled.
>
> Are any of you doing automatic yum updates on production servers in CentOS
> 5 via yum-updatesd? Have you experienced any negative side effects?
>
> The only thing I can think of is if say a client had a custom version of
> PHP installed that was not properly excluded in yum and then it was over
> written.
> Unless I'm missing something else that could go horribly wrong.
>
> Any feedback is appreciated. (if this question has already been asked my
> apologies, searching the archive didn't find what I was looking for)
>
I would always say it is "best practice" to manually install updates
on
at least one machine of a specific type and make sure everything is OK
... then automatically machines that are like that one after you are happy.

We do automatically upgrade all the CentOS infrastructure servers all
the time ... but I do not do that for my $work servers.

There are hardly ever any issues ... but I always test and then push.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20120117/fac45932/attachment-0005.sig>

On Tue, Jan 17, 2012 at 9:59 AM, Johnny Hughes <johnny at centos.org>
wrote:
> On 01/17/2012 10:30 AM, P J wrote:
> > I've read that it's not recommended to automatically apply
updates via
> > yum-updated on production servers, but I keep encountering servers
that
> > have this enabled.
> >
> > Are any of you doing automatic yum updates on production servers in
> CentOS
> > 5 via yum-updatesd? Have you experienced any negative side effects?
> >
> > The only thing I can think of is if say a client had a custom version
of
> > PHP installed that was not properly excluded in yum and then it was
over
> > written.
> > Unless I'm missing something else that could go horribly wrong.
> >
> > Any feedback is appreciated. (if this question has already been asked
my
> > apologies, searching the archive didn't find what I was looking
for)
> >
>
> I would always say it is "best practice" to manually install
updates on
> at least one machine of a specific type and make sure everything is OK
> ... then automatically machines that are like that one after you are happy.
>
> We do automatically upgrade all the CentOS infrastructure servers all
> the time ... but I do not do that for my $work servers.
>
> There are hardly ever any issues ... but I always test and then push.
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
Thanks for the feedback guys, I agree about best practices but it's nice to
get direct feedback from your peers.

On Tue, Jan 17, 2012 at 12:59 PM, Johnny Hughes <johnny at centos.org>
wrote:
> I would always say it is "best practice" to manually install
updates on
> at least one machine of a specific type and make sure everything is OK
> ... then automatically machines that are like that one after you are happy.
I would like to expand on this a little.  Once you get a certain
number of machine it probably makes sense to have your own internal
mirror.  That way you can update your test machines from upstream, do
the tests, then once you are satisfied you can update the internal
mirror.  This would give you consistency on what is installed on your
Production machines without having to worry about the whole "crap, I
just updated the wrong server".  Also this would give you a level of
protection if you do choose to automatically update your Production
machines because it takes the extra step of updating the local mirror
to really push any changes.

-- 
William Hooper