Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of William Hooper Sent: den 17 januari 2012 22:41 To: CentOS mailing list Subject: Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers? I would like to expand on this a little. Once you get a certain number of machine it probably makes sense to have your own internal mirror. Is there any particular approximate number of machines you'd say this would apply to? Thanks. -- /Sorin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On 01/18/2012 01:01 AM, Bennett Haselton wrote: That's what I meant hen I said I thought it would be better for CentOS to have auto-updates enabled by default out of the box. Power users can That would change things too much and make everything into a moving target : not the best situation to be in. Also, its worth noting that while its easy to slip into a mindset where one imagines all machines everywhere being in vulnerable positions like on the internet etc, thats never the case. Lots and lots of machines will run well disconnected from the 'net', even these days. Would it make sense to have a middle ground where the option to turn on/off all system updates, by default, from the base repo's is put up install time for the user to decide howto handle things ? It would need to be limited to whats coming from the base distro repo's though. Since we cant assume all repos on every machine are always in a state where they are usable and upgradeable all the time. And yes, this does mean that if the base repo's are moving automatically, third party packagers and app vendors can no longer ask for and expect any sort of state. Otoh, it might be argued that the whole point of a stable distro is to not need that level of endorsement, the reality is that plenty of vendors do. -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh ICQ: 2522219| Yahoo IM: z00dax | Gtalk: z00dax GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On 01/18/2012 08:05 AM, Sorin Srbu wrote: I would like to expand on this a little. Once you get a certain number of machine it probably makes sense to have your own internal mirror. Is there any particular approximate number of machines you'd say this would apply to? based on personal experience, I'd say that number was at the '9' mark. Once you go double digit, and you have those many machines in one location, a local repo is the way to go. Perhaps then with one of them ( either a machine or a VM instance ) doing auto nightly updates, and running a test to make sure all is still well and sending out a small email to the admin with a OK or 'Trouble found in updates' -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh ICQ: 2522219| Yahoo IM: z00dax | Gtalk: z00dax GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Karanbir Singh Sent: den 18 januari 2012 11:15 To: CentOS mailing list Subject: Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers? On 01/18/2012 08:05 AM, Sorin Srbu wrote: I would like to expand on this a little. Once you get a certain number of machine it probably makes sense to have your own internal mirror. Is there any particular approximate number of machines you'd say this would apply to? based on personal experience, I'd say that number was at the '9' mark. Once you go double digit, and you have those many machines in one location, a local repo is the way to go. Perhaps then with one of them ( either a machine or a VM instance ) doing auto nightly updates, and running a test to make sure all is still well and sending out a small email to the admin with a OK or 'Trouble found in updates' Thanks. Will be looking into local repos it seems. We've expanded our local calculation farm to now include mid-teen numbers, and manual updates is becoming a PITA... -- /Sorin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Karanbir Singh Sent: den 18 januari 2012 11:14 To: CentOS mailing list Subject: Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers? On 01/18/2012 01:01 AM, Bennett Haselton wrote: Would it make sense to have a middle ground where the option to turn on/off all system updates, by default, from the base repo's is put up install time for the user to decide howto handle things ? I think it would, at least for us. -- /Sorin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On 01/18/2012 10:54 AM, Sorin Srbu wrote: We've expanded our local calculation farm to now include mid-teen numbers, and manual updates is becoming a PITA... I'm looking for a site / person to help testing a mirror proxy setup, interested ? -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh ICQ: 2522219| Yahoo IM: z00dax | Gtalk: z00dax GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
Dne 18.1.2012 11:57, Karanbir Singh napsal(a): I'm looking for a site / person to help testing a mirror proxy setup, interested ? What are the requirements? Storage, fast connection? DH ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
Dne 18.1.2012 11:54, Sorin Srbu napsal(a): We've expanded our local calculation farm to now include mid-teen numbers, and manual updates is becoming a PITA... I think you want Spacewalk... DH ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On Tue, 2012-01-17 at 14:42 -0200, Aslan Carlos wrote: Good practices is don't update any package on server directly without test before. It's because some update may not full compatible with your configuration. I do the update first on test server to ensure that update will not break my system. I didn't update directly without test this new package before, so I never get troubles on updates to my servers. I would say that to some extent it depends on what is being updated. If there is an update to the 'date' command then that could be applied automatically. But updates, for example, to postfix/sendmail/exim etc on a mail server, would not be applied by using 'exclude' in the yum.conf file. These can then be checked and applied manually. John. -- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK Fax: +44 (0)1752 587001 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On 01/18/2012 11:00 AM, David Hrbáč wrote: I'm looking for a site / person to help testing a mirror proxy setup, interested ? What are the requirements? Storage, fast connection? ideally a large number of machines, and a reasonable local connection with the ability to schedule and manage updates being applied on the machines ( so, rules out hosting setups ) -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh ICQ: 2522219| Yahoo IM: z00dax | Gtalk: z00dax GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
Dne 18.1.2012 12:15, Karanbir Singh napsal(a): ideally a large number of machines, and a reasonable local connection with the ability to schedule and manage updates being applied on the machines ( so, rules out hosting setups ) I've got everything in Spacewalk. So someone else must step in. DH ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Karanbir Singh Sent: den 18 januari 2012 12:16 To: CentOS mailing list Subject: Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers? On 01/18/2012 11:00 AM, David Hrbáč wrote: I'm looking for a site / person to help testing a mirror proxy setup, interested ? What are the requirements? Storage, fast connection? ideally a large number of machines, and a reasonable local connection with the ability to schedule and manage updates being applied on the machines ( so, rules out hosting setups ) I might be interested, it depends a bit on how complex it is to set up. 8-) We have around fifteen machines (including my CentOS test machine) on a 100 Mbps LAN, currently running a mix of 64b CentOS 5.7 and 6.2. Would there be any automatic reboots involved? If yes, I'll have to pass on this. -- /Sorin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On 01/18/2012 11:45 AM, Sorin Srbu wrote: ideally a large number of machines, and a reasonable local connection with the ability to schedule and manage updates being applied on the machines ( so, rules out hosting setups ) I might be interested, it depends a bit on how complex it is to set up. 8-) We have around fifteen machines (including my CentOS test machine) on a 100 Mbps LAN, currently running a mix of 64b CentOS 5.7 and 6.2. Would there be any automatic reboots involved? If yes, I'll have to pass on this. I will post a new thread with details, its not nearly as involved as that and far simpler more practical than spacewalk. -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh ICQ: 2522219| Yahoo IM: z00dax | Gtalk: z00dax GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Karanbir Singh Sent: den 18 januari 2012 12:58 To: CentOS mailing list Subject: Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers? On 01/18/2012 11:45 AM, Sorin Srbu wrote: ideally a large number of machines, and a reasonable local connection with the ability to schedule and manage updates being applied on the machines ( so, rules out hosting setups ) I might be interested, it depends a bit on how complex it is to set up. 8-) We have around fifteen machines (including my CentOS test machine) on a 100 Mbps LAN, currently running a mix of 64b CentOS 5.7 and 6.2. Would there be any automatic reboots involved? If yes, I'll have to pass on this. I will post a new thread with details, its not nearly as involved as that and far simpler more practical than spacewalk. Nice. Looking forward to it then! 8-) Thanks. -- /Sorin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On Wed, Jan 18, 2012 at 4:15 AM, Karanbir Singh mail-li...@karan.org wrote: On 01/18/2012 08:05 AM, Sorin Srbu wrote: I would like to expand on this a little. Once you get a certain number of machine it probably makes sense to have your own internal mirror. Is there any particular approximate number of machines you'd say this would apply to? based on personal experience, I'd say that number was at the '9' mark. Once you go double digit, and you have those many machines in one location, a local repo is the way to go. Perhaps then with one of them ( either a machine or a VM instance ) doing auto nightly updates, and running a test to make sure all is still well and sending out a small email to the admin with a OK or 'Trouble found in updates' I've always thought yum should have its own 'reproducible updates' concept so you could update a test machine, then tell all the others to update to exactly that state even if some new things had been added to the repositories - without having to make complete snapshots of repositories containing stuff you don't even have installed just to hold the state. That is, that should have been a design goal for yum since that is the way people should manage multiple machines - and yum does sort-of know how to do that if you specify every package version number. But it really should just need a timestamp of the latest thing in the repo at the time of the test/master update and ignore anything newer when you want it repeated. --- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On Wed, Jan 18, 2012 at 8:51 AM, Les Mikesell lesmikes...@gmail.com wrote: I've always thought yum should have its own 'reproducible updates' concept so you could update a test machine, then tell all the others to update to exactly that state even if some new things had been added to the repositories - Kind of hard to do if the older versions have been removed from the mirrors. without having to make complete snapshots of repositories containing stuff you don't even have installed just to hold the state. Your local mirror doesn't have to be a full copy. Granted, it is easier to manage if it is, and drive space is cheap. That is, that should have been a design goal for yum since that is the way people should manage multiple machines Yum's design goal was/is to be a dep-solver, not a management system. -- William Hooper ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On Wed, Jan 18, 2012 at 8:33 AM, William Hooper whooper...@gmail.com wrote: On Wed, Jan 18, 2012 at 8:51 AM, Les Mikesell lesmikes...@gmail.com wrote: I've always thought yum should have its own 'reproducible updates' concept so you could update a test machine, then tell all the others to update to exactly that state even if some new things had been added to the repositories - Kind of hard to do if the older versions have been removed from the mirrors. Failing is OK. There are all kinds of reasons an update might fail and you have to be able to handle that. Even if you had your own mirror it might be down or unreachable. What you shouldn't have to handle is installing some unexpected thing when you are just repeating a command. Besides, if something has been removed from the mirrors, it is a pretty good hint that there is a better use of your time today than pushing that package into production. That is, that should have been a design goal for yum since that is the way people should manage multiple machines Yum's design goal was/is to be a dep-solver, not a management system. Yes, that's what I mean. It is too bad the distribution doesn't have a reasonable management system when it shouldn't be hard at all to get the same versions of the same packages on two different machines - and that is something almost everyone using an 'enterprise' distribution needs. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
I've read that it's not recommended to automatically apply updates via yum-updated on production servers, but I keep encountering servers that have this enabled. Are any of you doing automatic yum updates on production servers in CentOS 5 via yum-updatesd? Have you experienced any negative side effects? The only thing I can think of is if say a client had a custom version of PHP installed that was not properly excluded in yum and then it was over written. Unless I'm missing something else that could go horribly wrong. Any feedback is appreciated. (if this question has already been asked my apologies, searching the archive didn't find what I was looking for) Thanks, -PJ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On 01/17/2012 02:30 PM, P J wrote: I've read that it's not recommended to automatically apply updates via yum-updated on production servers, but I keep encountering servers that have this enabled. Are any of you doing automatic yum updates on production servers in CentOS 5 via yum-updatesd? Have you experienced any negative side effects? The only thing I can think of is if say a client had a custom version of PHP installed that was not properly excluded in yum and then it was over written. Unless I'm missing something else that could go horribly wrong. Any feedback is appreciated. (if this question has already been asked my apologies, searching the archive didn't find what I was looking for) Thanks, -PJ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hi PJ, Good practices is don't update any package on server directly without test before. It's because some update may not full compatible with your configuration. I do the update first on test server to ensure that update will not break my system. I didn't update directly without test this new package before, so I never get troubles on updates to my servers. If you have many server with same package to update, first try one in Testing (of Dev) Environment, if no have problems, send your servers update the packages. best regrads --aslan best regards. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
Best reason I can think of is application feature deprecation. If an update contains changes to the default configuration file then the file will normally be installed with the '.rpmnew' extension. If an application decides to deprecate and phase out options which you actually use in the current configuration then the automatic update will invalidate your configuration and the service will not start. This would cause downtime for your servers. In the case of some services e.g. ssh, it could be catastrophic, requiring you to physically visit the servers, would could incur a cost to you. If you're OK with that, then you're not really in a high-availability production environment and you can use the automatic update daemon if you wish. On Tue, January 17, 2012 17:30, P J wrote: I've read that it's not recommended to automatically apply updates via yum-updated on production servers, but I keep encountering servers that have this enabled. Are any of you doing automatic yum updates on production servers in CentOS 5 via yum-updatesd? Have you experienced any negative side effects? The only thing I can think of is if say a client had a custom version of PHP installed that was not properly excluded in yum and then it was over written. Unless I'm missing something else that could go horribly wrong. Any feedback is appreciated. (if this question has already been asked my apologies, searching the archive didn't find what I was looking for) Thanks, -PJ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
From: P J pauljfli...@gmail.com I've read that it's not recommended to automatically apply updates via yum-updated on production servers, but I keep encountering servers that have this enabled. Some parameters/configurations/functionalities might change/appear/disappear, depending on the type of development (some projects are stable and other projects just do not care about backward compatibility). If you do manual updates, you will notice that some configuration files may change in the process (see the .rpmnew and .rpmsave)... If your server is critical, you'd better test the updates on a non critical server before. JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On 01/17/2012 10:30 AM, P J wrote: I've read that it's not recommended to automatically apply updates via yum-updated on production servers, but I keep encountering servers that have this enabled. Are any of you doing automatic yum updates on production servers in CentOS 5 via yum-updatesd? Have you experienced any negative side effects? The only thing I can think of is if say a client had a custom version of PHP installed that was not properly excluded in yum and then it was over written. Unless I'm missing something else that could go horribly wrong. Any feedback is appreciated. (if this question has already been asked my apologies, searching the archive didn't find what I was looking for) I would always say it is best practice to manually install updates on at least one machine of a specific type and make sure everything is OK ... then automatically machines that are like that one after you are happy. We do automatically upgrade all the CentOS infrastructure servers all the time ... but I do not do that for my $work servers. There are hardly ever any issues ... but I always test and then push. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On Tue, Jan 17, 2012 at 9:59 AM, Johnny Hughes joh...@centos.org wrote: On 01/17/2012 10:30 AM, P J wrote: I've read that it's not recommended to automatically apply updates via yum-updated on production servers, but I keep encountering servers that have this enabled. Are any of you doing automatic yum updates on production servers in CentOS 5 via yum-updatesd? Have you experienced any negative side effects? The only thing I can think of is if say a client had a custom version of PHP installed that was not properly excluded in yum and then it was over written. Unless I'm missing something else that could go horribly wrong. Any feedback is appreciated. (if this question has already been asked my apologies, searching the archive didn't find what I was looking for) I would always say it is best practice to manually install updates on at least one machine of a specific type and make sure everything is OK ... then automatically machines that are like that one after you are happy. We do automatically upgrade all the CentOS infrastructure servers all the time ... but I do not do that for my $work servers. There are hardly ever any issues ... but I always test and then push. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Thanks for the feedback guys, I agree about best practices but it's nice to get direct feedback from your peers. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On Tue, Jan 17, 2012 at 12:59 PM, Johnny Hughes joh...@centos.org wrote: I would always say it is best practice to manually install updates on at least one machine of a specific type and make sure everything is OK ... then automatically machines that are like that one after you are happy. I would like to expand on this a little. Once you get a certain number of machine it probably makes sense to have your own internal mirror. That way you can update your test machines from upstream, do the tests, then once you are satisfied you can update the internal mirror. This would give you consistency on what is installed on your Production machines without having to worry about the whole crap, I just updated the wrong server. Also this would give you a level of protection if you do choose to automatically update your Production machines because it takes the extra step of updating the local mirror to really push any changes. -- William Hooper ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On Tue, Jan 17, 2012 at 2:14 PM, P J pauljfli...@gmail.com wrote: Thanks for the feedback guys, I agree about best practices but it's nice to get direct feedback from your peers. In general it is very, very rare for an update to break anything - after all that is the whole point of the 'enterprise' distribution and it is well tested upstream. However, it is still possible, especially if you have local apps and modifications, and it is very difficult to back out any changes the updates make so it is always best to test on a similar system before making changes on a production box where downtime would be a problem. For boxes that are internet exposed, I'd consider it more dangerous to go for long intervals with no updates than to auto-update, though. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] anyone doing automatic yum updates via yum-updatesd on production servers?
On 1/17/2012 3:41 PM, Les Mikesell wrote: On Tue, Jan 17, 2012 at 2:14 PM, P Jpauljfli...@gmail.com wrote: Thanks for the feedback guys, I agree about best practices but it's nice to get direct feedback from your peers. In general it is very, very rare for an update to break anything - after all that is the whole point of the 'enterprise' distribution and it is well tested upstream. However, it is still possible, especially if you have local apps and modifications, and it is very difficult to back out any changes the updates make so it is always best to test on a similar system before making changes on a production box where downtime would be a problem. For boxes that are internet exposed, I'd consider it more dangerous to go for long intervals with no updates than to auto-update, though. That's what I meant hen I said I thought it would be better for CentOS to have auto-updates enabled by default out of the box. Power users can always change the defaults. But for all the servers where the admin neglects the server or doesn't know enough to change it -- YES people can pontificate all they want about how those people shouldn't be server admins -- but the fact being that those servers are out there, it would seem less risky to have auto-updates turned on than to have no updates at all. Bennett ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
