Automatic Updates

From MyWiki

Jump to: navigation, search

Contents

Fedora, CentOS, RHEL5

Use the yum utility.

  • Do not use yum-updatesd. This recommendation is applicable to all operating systems. 
service yum-updatesd stop
rpm -e yum-updatesd
  • On Fedora and CentOS, use yum-cron instead. 
yum install yum-cron
chkconfig --level 35 yum-cron on
service yum-cron start
  • On RHEL5, use the following:
    (WARNING WARNING WARNING yet to be tested -- probably needs to be modified) 
cat << "EOF" > /etc/cron.daily/yumupdate
#!/bin/sh
# install any yum updates
/usr/bin/yum -R 10 -e 0 -d 1 -y update yum > /var/log/yum.cron.log 2>&1
/usr/bin/yum -R 120 -e 0 -d 1 -y update  >> /var/log/yum.cron.log 2>&1
if [ -s /var/log/yum.cron.log ]; then
        /bin/cat /var/log/yum.cron.log | mail root -s "Yum update information" 2>&1
fi
EOF
  • Prevent kernel updates. Add this line to /etc/yum.conf 
 exclude = kernel*
  • Edit these files 
 /etc/yum.repos.d/fedora-core.repo
 /etc/yum.repos.d/fedora-updates.repo
 /etc/yum.repos.d/fedora-extras.repo

and set baseurl to point to mirror.anl.gov

 baseurl=http://mirror.anl.gov/pub/fedora/linux/core/$releasever/$basearch/os/
  • Apply all available updates 
 #yum update
  • You may receive the following: 
 warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
 Public key for gtk2-2.8.20-1.i386.rpm is not installed
 Retrieving GPG key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
 Importing GPG key 0x4F2A6FD2 "Fedora Project <fedora@redhat.com>"
 Is this ok [y/N]:

If the "from file" is file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora, then reply yes and continue. If not, consult your local health care professional before proceeding.

  • If the kernel was updated, check /etc/grub.conf
  • If the kernel was updated, reboot

Xen Servers

  • Configure yum to set the xen kernel to be the default kernel in /etc/grub.conf anytime that yum installs a new kernel package. The default behavior is that yum will set the non-xen kernel to be the default, which will cause problems the next time the physical machine is rebooted.

     To change the default behavior, edit /etc/sysconfig/kernel and change the DEFAULTKERNEL to match the RPM package name of the kernel you want to be the default. For example, for a Dom0 on Fedora Core 5, this line might look like this: 

   DEFAULTKERNEL=kernel-xen0
     For a DomU on FC5, the line is:
 DEFAULTKERNEL=kernel-xenU

     On Fedora Core 6, this is only a single kernel package, so the correct value is: 

 DEFAULTKERNEL=kernel-xen

RHEL4

Use the up2date utility.

  • Verify the following lines in /etc/sysconfig/rhn/up2date 
 pkgSkipList=kernel*;
 ...
 pkgsToInstallNotUpdate=kernel;kernel-modules;kernel-devel;
 ...
 removeSkipList=kernel*;
  • Configure a daily cronjob to run the update by creating a /etc/cron.daily/up2date file with the following contents: 
#!/bin/bash
up2date -u
  • (Optional) Run the up2date -u command to download and install the latest versions of RHEL packages. You will have to enter the username and password of your paid Red Hat Network registration the first time you use 'up2date'.

Debian

Use the cron-apt utility.

Automating Patching in debian can be done with cron-apt. (apt-get install cron-apt) There may be other ways but this is how I've done it.

  • Edit /etc/apt/cron-apt/config

Change these options: 

MAILTO=”someonethatwillreadit@ncsa.uiuc.edu”
MAILON=”upgrade”
OPTIONS=”-q -o Dir::Etc::SourceList=/etc/apt/security.sources.list”
cp /etc/apt/sources.list /etc/apt/security.sources.list
  • Edit /etc/apt/security.sources.list

Take out everything but: 

deb http://security.debian.org/ etch/updates main
deb-src http://security.debian.org/ etch/updates main
  • Edit /etc/cron-apt/action.d/3-download

change 

dist-upgrade -d -y

to 

upgrade -u -y

Make sure it works, it should download and upgrade only security related patches and send out a mail.

Retrieved from "http://mywiki.ncsa.uiuc.edu/wiki/Automatic_Updates"
Personal tools