[lug] best practices yum updates centos server

karl horlen horlenkarl at yahoo.com
Thu Feb 22 12:44:32 MST 2007 

I just installed a centos web server that I'd like to
be a production 24x7 live server.

I like the idea of using yum to keep the system up to
date with the latest security packages and generally
latest packages period.

My concern is that if I let yum automate this for me,
it will install a package that's going to break my
system.  Since the yum update will be automated, I
might not know about a break until / if I manually
check it to make sure everything is ok.

I'm wondering how others handle this.

RELIABILITY EXPERIENCE 

Based upon first hand experience with yum/centos:

a) how rock-solid are the package updates? are the
repo pkgs guaranteed to install cleanly assuming you
haven't manually installed conflicting packages
outside of the repository suite?  

b) how often have you experienced a bad package update
and when it happens, was it very easy to determine
that there was a problem and fix it?  what I mean is
that some pkgs just won't install if there's a problem
and notify you of it.  on the otherhand, other pkgs
either don't notify you of an install problem or
install cleanly but then you have a problem with a
config file or some other dependency which is harder
to track down?

I know question 1 is somewhat open-ended.  I'm just
wanting to know how good auto updates work and how
nebulous it is to track down a problem related to an
installed pkg that doesn't flag an error but produces
side-effects (intermittent or otherwise hard to track
down) after the install.

BEST PRACTICES

1) do you automate the yum updates or do you do them
manually so you can see what it's doing when you run
the update?

2) how often do you do them (weekly, monthly, etc)?

3) where do you monitor (sites/email lists) for
special show stopper security updates or other fixes
that you might want to manually install as one-offs in
between your normal update cycle

4) any config options that you think are really useful
to making this work well?

5) any benefits to creating a local yum repo first and
then updating from that versus pulling directly from
web?

I know that's a lot but look forward to hearing from
anyone with first hand experience.

thanks


 
____________________________________________________________________________________
Yahoo! Music Unlimited
Access over 1 million songs.
http://music.yahoo.com/unlimited

More information about the LUG mailing list