[lug] best practices yum updates centos server

D. Stimits stimits at comcast.net
Thu Feb 22 18:41:20 MST 2007


...

>My concern is that if I let yum automate this for me,
>it will install a package that's going to break my
>system.  Since the yum update will be automated, I
>might not know about a break until / if I manually
>check it to make sure everything is ok.
>
>  
>
I use automated yum on a centos server running 24x7. The only package 
which I fear would break it is the kernel itself. In the /etc/yum.conf, 
I have a line:
exclude=kernel*

...this does the job and I don't worry about updates. It works well.

>I'm wondering how others handle this.
>
>RELIABILITY EXPERIENCE 
>
>Based upon first hand experience with yum/centos:
>
>a) how rock-solid are the package updates? are the
>repo pkgs guaranteed to install cleanly assuming you
>haven't manually installed conflicting packages
>outside of the repository suite?  
>
>  
>
Don't know about guarantees, but so far no problems. There seems to be a 
lot of attention to properly testing the packages.

>b) how often have you experienced a bad package update
>and when it happens, was it very easy to determine
>that there was a problem and fix it?  what I mean is
>that some pkgs just won't install if there's a problem
>and notify you of it.  on the otherhand, other pkgs
>either don't notify you of an install problem or
>install cleanly but then you have a problem with a
>config file or some other dependency which is harder
>to track down?
>
>  
>
Yum will leave a note about all updates in /var/log/messages. Never had 
one fail though.

>I know question 1 is somewhat open-ended.  I'm just
>wanting to know how good auto updates work and how
>nebulous it is to track down a problem related to an
>installed pkg that doesn't flag an error but produces
>side-effects (intermittent or otherwise hard to track
>down) after the install.
>
>BEST PRACTICES
>
>1) do you automate the yum updates or do you do them
>manually so you can see what it's doing when you run
>the update?
>
>  
>
I'd only do a manual update of a kernel.

>2) how often do you do them (weekly, monthly, etc)?
>
>  
>
Not sure, I think it runs daily.

>3) where do you monitor (sites/email lists) for
>special show stopper security updates or other fixes
>that you might want to manually install as one-offs in
>between your normal update cycle
>
>  
>
The redhat security lists apply, since centos is basically a clone of 
RHEL. The package updates for security seem to be quite fast though.

>4) any config options that you think are really useful
>to making this work well?
>
>  
>
Just the exclude= line for kernels.

>5) any benefits to creating a local yum repo first and
>then updating from that versus pulling directly from
>web?
>
>  
>
If you have multiple servers yes...if it is only one, then the only 
reason for this would be for inspection or if you expect to back it up 
and do restores of only particular data...then you could do the yum 
updates quite fast and restore smaller parts of the server, e.g., /home.

D. Stimits, stimits AT comcast DOT net



More information about the LUG mailing list