On Tue, Feb 14, 2017 at 7:39 AM, Aaron Weitekamp <[email protected]> wrote: > On Mon, Feb 13, 2017 at 6:32 PM, Ken Dreyer <[email protected]> wrote: >> >> When I have an Atomic Registry running in production, what is the best >> way to keep the whole thing up-to-date for security fixes? >> >> For example, I can use yum-cron to automatically download and install >> RPM updates on a traditional system. >> >> Should I do the following: >> >> docker pull openshift/origin-docker-registry >> docker pull openshift/origin >> docker pull cockpit/kubernetes >> >> ... and then restart the systemd services if any of those has an update? >> > Yes, that's fine for minor updates. For major upgrades you'll need to run > some migration commands[1]. Note: This isn't well-documented or tested > outside of OpenShift. A better supported upstream deployment is found > here[2]. > > [1] > https://docs.openshift.org/latest/install_config/upgrading/manual_upgrades.html#updating-policy-definitions > [2] > https://docs.openshift.org/latest/install_config/install/stand_alone_registry.html
Cool, thanks Aaron! I've written a script to do the pulls+restarts. https://github.com/ktdreyer/watch-systemd-containers Can you help me understand more about what you mean by "better supported"? - Ken
