[Bug 592073] New: Automatic updates for extra repositories

From: sysadmin (bugzilla.gnome.org) <bugzilla gnome org>
To: gnome-infrastructure gnome org
Subject: [Bug 592073] New: Automatic updates for extra repositories
Date: Mon, 17 Aug 2009 12:55:46 +0000 (UTC)

http://bugzilla.gnome.org/show_bug.cgi?id=592073

           Summary: Automatic updates for extra repositories
    Classification: Infrastructure
           Product: sysadmin
           Version: unspecified
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: Normal
         Component: Packages
        AssignedTo: sysadmin-maint gnome bugs
        ReportedBy: otaylor redhat com
         QAContact: sysadmin-maint gnome bugs
      GNOME target: ---
     GNOME version: ---


--- Comment #0 from Owen Taylor <otaylor redhat com> 2009-08-17 12:55:41 UTC ---
We have automatic application of updates turned on in our RHN configuration,
but this only takes care of automatically scheduling the installation of
official Red Hat errata. It doesn't apply updates coming from our other
repositories:

 EPEL
 RPMForge (Perl packages only)
 GNOME (local custom built packages)

To get that to happen, we'd have to enable automatic updates by some other
mechanism. The simplest way to do this is to just turn yum-updatesd on in our
puppet configuration, including turning do_updates on in
/etc/yum/yum-updatesd.conf

This will "compete" with RHN for installation of packages that are updated in
the official RHEL repositories, so a package might be installed either by rhnsd
or yum-updatesd depending on the timing (usually rhnsd, it runs more
frequently.) That shouldn't be a problem.

Note:

There's certainly a good argument that automatic application of errata is not
best practice for servers. But considering:

 - The limited amount of sysadmin time and sometimes poor coordination
 - The wide variety of software across our ~14 systems and VMs
 - The large percentage of our software which is internet-facing

I think it's better to reliably have updates installed and have to occasionally
scramble to fix a broken service, then to get exploited by some hole in a
package that had been fixed 6 months earlier upstream, but we forgot to apply
the update.

-- 
Configure bugmail: http://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the QA contact of the bug.
You are watching the assignee of the bug.

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]