對這文章發表回應
發表限制: 非會員 可以發表
Scheduling updates in Linux using yum-cron
Posted: August 27, 2020 by Ken Hess (Red Hat)
Every time I set up a new script for the automation of some task, I have to look at a cron example, or I have to Google for one. I can't seem to remember crontab's syntax. And it's been that way for me for the past 20 years. I have some pathological cron block. That's why when I discovered the yum-cron
package, I was pretty happy. The yum-cron
package takes care of the scheduling for me. I only have to make one change to the config file and then everything just works. Here's a short tutorial to get those automatic updates rolling in today without creating your own script or wrestling with cron
.
yum-cron - an interface to conveniently call yum from cron
Installation
There's nothing special you have to do to install yum-cron
because it's part of the base repository, so just grab it via dnf
.
$ sudo dnf -y yum-cron
The yum-cron
command is actually a Python script that you can examine. It installs to /sbin
, if you want to check it out.
Configuration and first run
Once installed, you need to edit the default configuration file, which is /etc/yum/yum-cron.conf
. This file sets up the daily cron run, but I'm going to show you how to run it immediately too. Open /etc/yum/yum-cron.conf
with your favorite editor and change the following two lines from:
apply_updates = no
...
random_sleep = 360
To:
apply_updates = yes
...
random_sleep = 0
Changing the random_sleep parameter causes yum-cron
to run immediately. The reason the random_sleep
parameter exists is so that you don't chew up a lot of bandwidth for updates occurring all at the same time.
[ Free online course: Red Hat Enterprise Linux technical overview. ]
Set yum-cron to run now and at system start
Next, enable yum-cron
to automatically run at system boot and then start it.
$ sudo systemctl start yum-cron
$ sudo systemctl enable yum-cron
After a few minutes, check the yum.log to see if any updates have been downloaded and applied to your system. The appearance of updates might take a bit longer depending on how many updates your system requires.
$ sudo tail -10 /var/log/yum.log
Aug 04 10:59:54 Installed: libmodman-2.0.1-8.el7.x86_64
Aug 04 10:59:54 Installed: libproxy-0.4.11-11.el7.x86_64
Aug 04 10:59:54 Installed: glib-networking-2.56.1-1.el7.x86_64
Aug 04 10:59:54 Installed: cockpit-bridge-195.6-1.el7.centos.x86_64
Aug 04 10:59:55 Installed: cockpit-system-195.6-1.el7.centos.noarch
Aug 04 10:59:55 Installed: cockpit-ws-195.6-1.el7.centos.x86_64
Aug 04 10:59:55 Installed: cockpit-195.6-1.el7.centos.x86_64
Aug 04 16:47:55 Installed: python-chardet-2.2.1-3.el7.noarch
Aug 04 16:47:55 Installed: python-kitchen-1.1.1-5.el7.noarch
Aug 04 16:47:55 Installed: yum-utils-1.1.31-54.el7_8.noarch
In the above screenshot, you can see that I had several updates. I only looked at the last ten to see if it had happened at all. It did.
Reconfiguration
After the initial run, you should edit the /etc/yum/yum-cron.conf
file again and restore the random_sleep
parameter to its original value of 360
if you have more than a handful of servers.
Random stuff you might want to know
Although you installed and set up yum-cron
as root, the schedule doesn't affect root's crontab. In other words, it's not listed there. You will find the schedule cleverly hidden under /etc/cron.daily
in a file named 0yum-daily.cron
. You can also configure the /etc/yum/yum-cron-hourly.conf
to run hourly. Similar to the daily run, the hourly schedule file resides under /etc/cron.hourly
as 0yum-hourly.cron
.
If you only want to install security updates via yum-cron
, change theupdate_cmd
parameter in /etc/yum/yum-cron.conf
to "security" or other values as follows:
[commands]
# What kind of update to use:
# default = yum upgrade
# security = yum --security upgrade
# security-severity:Critical = yum --sec-severity=Critical upgrade
# minimal = yum --bugfix update-minimal
# minimal-security = yum --security update-minimal
# minimal-security-severity:Critical = --sec-severity=Critical update-minimal
update_cmd = default
The yum-cron
man page is almost useless except to tell you that you can create and use different configuration files that must be specified in the /sbin/yum-cron
Python script as default_config_file
. Adding a new repository, such as EPEL, doesn't require any extra configuration of yum-cron
. It will attempt to update from all repositories regardless of when you added them and without restarting the yum-cron
service.
If I were still managing hundreds, or even dozens, of Linux systems, I'd use yum-cron
. I'd also install yum-cron
and distribute yum-cron.conf
files via Ansible to avoid individually touching every single system.
Wrap up
The yum-cron
package is an easy-to-install and use utility for me. As a system administrator, I need automation and "step-saving" applications to help administer Linux systems. I also like that the program is lightweight and is essentially a Python script. It has configuration files that I can alter to meet my needs. Honestly, yum-cron
is going into my toolbox as one of the essential sysadmin utilities that I will continue to use throughout my career and on every system that I manage.
原文出處:https://www.redhat.com/sysadmin/using-yum-cron">Scheduling updates in Linux using yum-cron | Enable Sysadmin