Section 6.4. Configuring Automatic Updates

6.4. Configuring Automatic Updates

If you're comfortable with your repositories, you may want to automate your updates by using what you now know about the yum command. In this section, I'll show the variety of available update commands available for yum and how automated updates are configured for various distributions, such as CentOS-4 and Fedora Core 4.

6.4.1. Finding the Right Update Command

As described earlier, the following command looks for packages that can be updated in all configured repositories. You can do so with the following command:

yum update 

Unfortunately, this command requires confirmation, which is not something you want to leave to ordinary users. If you're comfortable with the way updates are maintained, you can run the command to automatically confirm downloads:

yum -y update 

However, many administrators will want to avoid updates of several different types of packages. Most common on this list is related to the Linux kernel; for example, updates of the Linux kernel can require updates of other software that you may have compiled. So to avoid kernel updates (until you're ready), you can add the --exclude switch described earlier. Such an update might look like this:

yum --exclude=kernel* -y update 

Naturally, this might not be enough. As suggested earlier, updates of the Firefox Web browser can be troublesome. Therefore, if you want to avoid updating Firefox packages, you can expand this command a bit further:

yum --exclude=*firefox* --exclude=kernel* -y update 

If you've connected to a specialty repository, you may not want to take updates from that server. You can avoid updates from a repository with the --disablerepo switch. For example, if you've configured the Dag Wieers repositories described earlier in the /etc/yum.repos.d, you can avoid any updates from that repository with the following command:

yum --disablerepo=dag --exclude=*firefox* --exclude=kernel* -y update 

6.4.2. Automating the Process

There are two ways to automate the update process. If you have confidence in the way your distribution keeps packages up to date, you could configure the previous command in a cron job. For example, you could set up a nightly cron job with an appropriate file in the /etc/cron.daily directory. You might even include a weekly cron job in the /etc/cron.weekly directory.

In fact, the yum RPM often includes a cron job in these directories. The script is straightforward. It starts with the standard #!/bin/sh, which invokes the bash shell. The default versions of this script vary by distribution and release.

The Original yum cron Job

The following is what you see for the /etc/cron.daily/yum.cron update script if you're running Fedora Core 3 or the Red Hat Enterprise Linux 4 rebuilds that use yum for updates, such as CentOS-4.

#!/bin/sh if [ -f /var/lock/subsys/yum ]; then         /usr/bin/yum -R 10 -e 0 -d 0 -y update yum         /usr/bin/yum -R 120 -e 0 -d 0 -y update fi 

This job is active if there's a /var/lock/subsys/yum file, which is created if the yum daemon is active in your runlevel. If this file exists, this cron job runs two commands, within 10 and then 120 minutes after the scheduled start of this job. The first yum command makes sure that your system has the most up to date version of yum, and then the second command runs the yum update command to update all the RPMs to the latest versions as defined in the updates repositories.

The Newer yum cron Jobs

Red Hat has revised the cron jobs for Fedora Core 4. There are now two jobs: a daily job for updates and a weekly job to clean packages which accumulate in the caches. As you can see, the following is the new default /etc/cron.daily/yum.cron script:

#!/bin/sh if [ -f /var/lock/subsys/yum ]; then         /usr/bin/yum -R 120 -e 0 -d 0 -y update yum         /usr/bin/yum -R 10 -e 0 -d 0 -y shell /etc/yum/yum-daily.yum fi 

The first yum command makes sure that your system has the most up-to-date version of yum, and then the second command drops into the yum shell, which has its own commands. The yum shell works only in Fedora Core 4 or later. It calls the /etc/yum/yum-daily.yum file, which contributes three commands to the script:

update runs the yum update command, which, in this case, downloads the updated RPMs from the repositories as configured.

ts run executes the transaction, which uses the downloaded RPMs to upgrade your system.

exit leaves the yum shell.

Then there is the weekly cron job, also named yum.cron, available in the /etc/cron.weekly directory. The script is straightforward:

#!/bin/sh if [ -f /var/lock/subsys/yum ]; then         /usr/bin/yum -e 0 -d 0 clean packages fi 

Based on the same conditions as previous yum scripts, where the if command makes sure that yum isn't currently running, this script cleans all packages in the default yum cache directory, as defined by the cachedir directive in the /etc/yum.conf configuration file.

Activating the yum cron Jobs

The simplest way to make sure the yum cron job(s) are active is with the following command:

/etc/init.d/yum start 

This creates the yum file in the /var/lock/subsys directory. And the following command can help you make sure yum is active the next time you reboot this computer:

chkconfig yum on 

This particular command activates yum in runlevels 2 through 5.

6.4.3. Other Automated Updates

If you're working with just a few computers, you may want more detailed control over updates. You can configure updates on a different schedule. If you're familiar with cron jobs, you should already know that you can also configure regular updates on an hourly, weekly, or monthly basis. The file described earlier should be fine; all you would need to do is move it to the appropriate directory, such as /etc/cron.hourly, /etc/cron.weekly, or /etc/cron.monthly.

Alternatively, you could set up the job using the at daemon. When configured, the job runs once, at a time of your choosing. You can run the job again at any time. For example, you could move the yum.cron job to your home directory and then run it as an at job. If you no longer want that job to be run as a cron job, make sure the file no longer exists in a cron directory.

After you've created a script, such as yum.cron, in your home directory, it's easy to configure as an at job. For example, my home directory is /home/michael, and I can schedule that script to run at 2 a.m. tomorrow morning with the following sequence of commands:

at 2:00 tomorrow at> /home/michael/yum.cron at> Ctrl-D 

When you run the at command, it opens the at command line prompt. When you see the prompt, you can enter the commands of your choice, which the at daemon will run at the time specified. Naturally, there is much more that you can do with this daemon; for more information, the associated man page can guide you through how you can find pending jobs with the atq command, how you can remove pending jobs with the atrm command, and how you can run batch jobs only when the system is not busy.

Linux(r) Patch Management(c) Keeping Linux(r) Systems Up To Date
Linux Patch Management: Keeping Linux Systems Up To Date
ISBN: 0132366754
EAN: 2147483647
Year: 2006
Pages: 80
Authors: Michael Jang © 2008-2017.
If you may any questions please contact us: