發表者討論內容

冷日
(冷日) 發表時間：2021/7/3 1:39

Webmaster

註冊日: 2008/2/19
來自:
發表數: 15771

[轉貼]Scheduling updates in Linux using yum-cron

Scheduling updates in Linux using yum-cron

If you hate cron or just want an easy way to configure your yum updates to run automatically, yum-cron is your new best friend.

Posted: August 27, 2020 by Ken Hess (Red Hat)

Every time I set up a new script for the automation of some task, I have to look at a cron example, or I have to Google for one. I can't seem to remember crontab's syntax. And it's been that way for me for the past 20 years. I have some pathological cron block. That's why when I discovered the yum-cron package, I was pretty happy. The yum-cron package takes care of the scheduling for me. I only have to make one change to the config file and then everything just works. Here's a short tutorial to get those automatic updates rolling in today without creating your own script or wrestling with cron.

yum-cron - an interface to conveniently call yum from cron

Installation

There's nothing special you have to do to install yum-cron because it's part of the base repository, so just grab it via dnf.


$ sudo dnf -y yum-cron

The yum-cron command is actually a Python script that you can examine. It installs to /sbin, if you want to check it out.

Configuration and first run

Once installed, you need to edit the default configuration file, which is /etc/yum/yum-cron.conf. This file sets up the daily cron run, but I'm going to show you how to run it immediately too. Open /etc/yum/yum-cron.conf with your favorite editor and change the following two lines from:


apply_updates = no
...
random_sleep = 360

To:


apply_updates = yes
...
random_sleep = 0

Changing the random_sleep parameter causes yum-cron to run immediately. The reason the random_sleep parameter exists is so that you don't chew up a lot of bandwidth for updates occurring all at the same time.

[ Free online course: Red Hat Enterprise Linux technical overview. ]

Set yum-cron to run now and at system start

Next, enable yum-cron to automatically run at system boot and then start it.


$ sudo systemctl start yum-cron
$ sudo systemctl enable yum-cron

After a few minutes, check the yum.log to see if any updates have been downloaded and applied to your system. The appearance of updates might take a bit longer depending on how many updates your system requires.


$ sudo tail -10 /var/log/yum.log
Aug 04 10:59:54 Installed: libmodman-2.0.1-8.el7.x86_64
Aug 04 10:59:54 Installed: libproxy-0.4.11-11.el7.x86_64
Aug 04 10:59:54 Installed: glib-networking-2.56.1-1.el7.x86_64
Aug 04 10:59:54 Installed: cockpit-bridge-195.6-1.el7.centos.x86_64
Aug 04 10:59:55 Installed: cockpit-system-195.6-1.el7.centos.noarch
Aug 04 10:59:55 Installed: cockpit-ws-195.6-1.el7.centos.x86_64
Aug 04 10:59:55 Installed: cockpit-195.6-1.el7.centos.x86_64
Aug 04 16:47:55 Installed: python-chardet-2.2.1-3.el7.noarch
Aug 04 16:47:55 Installed: python-kitchen-1.1.1-5.el7.noarch
Aug 04 16:47:55 Installed: yum-utils-1.1.31-54.el7_8.noarch

In the above screenshot, you can see that I had several updates. I only looked at the last ten to see if it had happened at all. It did.

Reconfiguration

After the initial run, you should edit the /etc/yum/yum-cron.conf file again and restore the random_sleep parameter to its original value of 360 if you have more than a handful of servers.

Random stuff you might want to know

Although you installed and set up yum-cron as root, the schedule doesn't affect root's crontab. In other words, it's not listed there. You will find the schedule cleverly hidden under /etc/cron.daily in a file named 0yum-daily.cron. You can also configure the /etc/yum/yum-cron-hourly.conf to run hourly. Similar to the daily run, the hourly schedule file resides under /etc/cron.hourly as 0yum-hourly.cron.

If you only want to install security updates via yum-cron, change the
update_cmd parameter in /etc/yum/yum-cron.conf to "security" or other values as follows:


[commands]
#  What kind of update to use:
# default                            = yum upgrade
# security                           = yum --security upgrade
# security-severity:Critical         = yum --sec-severity=Critical upgrade
# minimal                            = yum --bugfix update-minimal
# minimal-security                   = yum --security update-minimal
# minimal-security-severity:Critical =  --sec-severity=Critical update-minimal
update_cmd = default

The yum-cron man page is almost useless except to tell you that you can create and use different configuration files that must be specified in the /sbin/yum-cron Python script as default_config_file. Adding a new repository, such as EPEL, doesn't require any extra configuration of yum-cron. It will attempt to update from all repositories regardless of when you added them and without restarting the yum-cron service.

If I were still managing hundreds, or even dozens, of Linux systems, I'd use yum-cron. I'd also install yum-cron and distribute yum-cron.conf files via Ansible to avoid individually touching every single system.

Wrap up

The yum-cron package is an easy-to-install and use utility for me. As a system administrator, I need automation and "step-saving" applications to help administer Linux systems. I also like that the program is lightweight and is essentially a Python script. It has configuration files that I can alter to meet my needs. Honestly, yum-cron is going into my toolbox as one of the essential sysadmin utilities that I will continue to use throughout my career and on every system that I manage.

原文出處：https://www.redhat.com/sysadmin/using-yum-cron">Scheduling updates in Linux using yum-cron | Enable Sysadmin

回覆

冷日
(冷日) 發表時間：2021/7/3 1:48

Webmaster

註冊日: 2008/2/19
來自:
發表數: 15771

[轉貼]How to use yum-cron to automatically update RHEL/CentOS Linux

How to use yum-cron to automatically update RHEL/CentOS Linux

Author: Vivek Gite Last updated: March 26, 2021 16 comments

The yum command line tool is used to install and update software packages under RHEL / CentOS Linux server. I know how to apply updates using yum update command line, but I would like to use cron to update packages where appropriate manually. How do I configure yum to install software patches/updates automatically with cron?

WARNING!
These instructions only work on RHEL or CentOS version 7.x. For RHEL/CentOS version 8.x, see “ how to enable automatic updates for RHEL/CentOS 8“.

You need to install yum-cron package. It provides files needed to run yum updates as a cron job. Install this package if you want auto yum updates nightly via cron. This page shows how to automatically update RHEL or CentOS Linux using yum-cron.

Tutorial details
Difficulty level	Easy
Root privileges	Yes
Requirements	RHEL/CentOS 7.x
Est. reading time	4 minutes

How to install yum-cron on a CentOS/RHEL 6.x/7.x

Type the following yum command on:
$ sudo yum install yum-cron

Turn on service using systemctl command on CentOS/RHEL 7.x:
$ sudo systemctl enable yum-cron.service $ sudo systemctl start yum-cron.service $ sudo systemctl status yum-cron.service

● yum-cron.service - Run automatic yum updates as a cron job
   Loaded: loaded (/usr/lib/systemd/system/yum-cron.service; enabled; vendor preset: disabled)
   Active: active (exited) since Sat 2020-06-06 22:21:12 IST; 2h 33min ago
  Process: 1185 ExecStart=/bin/touch /var/lock/subsys/yum-cron (code=exited, status=0/SUCCESS)
 Main PID: 1185 (code=exited, status=0/SUCCESS)
    Tasks: 0
   CGroup: /system.slice/yum-cron.service
Jun 06 22:21:12 centos7-box systemd[1]: Starting Run automatic yum updates as a cron job...
Jun 06 22:21:12 centos7-box systemd[1]: Started Run automatic yum updates as a cron job.

If you are using CentOS/RHEL 6.x, run:
$ sudo chkconfig yum-cron on $ sudo service yum-cron start

yum-cron is an alternate interface to yum. Very convenient way to call yum from cron. It provides methods to keep repository metadata up to date, and to check for, download, and apply updates. Rather than accepting many different command line arguments, the different functions of yum-cron can be accessed through config files.

How to configure yum-cron to automatically update RHEL/CentOS Linux

You need to edit /etc/yum/yum-cron.conf and /etc/yum/yum-cron-hourly.conf files using a text editor such as vi command:
$ sudo vi /etc/yum/yum-cron.conf
Make sure updates should be applied when they are available
apply_updates = yes
You can set the address to send email messages from. Please note that ‘localhost’ will be replaced with the value of system_name.
email_from = root@localhost
List of addresses to send messages to.
email_to = your-it-support@some-domain-name
Name of the host to connect to to send email messages.
email_host = localhost
If you do not want to update kernel package add the following on CentOS/RHEL 7.x:
exclude=kernel*
For RHEL/CentOS 6.x add
the following to exclude kernel package from updating:
YUM_PARAMETER=kernel*
Save and close the file in vi/vim. You also need to update /etc/yum/yum-cron-hourly.conf file if you want to apply update hourly. Otherwise /etc/yum/yum-cron.conf will run on daily using the following cron job (use cat command to see the file):
$ cat /etc/cron.daily/0yum-daily.cron
Sample outputs:

#!/bin/bash
# Only run if this flag is set. The flag is created by the yum-cron init
# script when the service is started -- this allows one to use chkconfig and

then
  0
fi
# Action!
/yum-cron-hourly.conf

Here is an updated version from CentOS 7.x:
[root@centos7-box yum]# cat /etc/cron.daily/0yum-daily.cron

#!/bin/bash
# Only run if this flag is set. The flag is created by the yum-cron init
# script when the service is started -- this allows one to use chkconfig and

then
  0
fi
# Action!
/yum-cron

That is all. Now your system will update automatically everyday using yum-cron. See man page of yum-cron for more details:
$ man yum-cron

Method 2 – Use shell scripts

Warning: The following method is outdated. Do not use it on RHEL/CentOS 6.x/7.x. I kept it below for historical reasons only when I used it on CentOS/RHEL version 4.x/5.x.

Let us see how to configure CentOS/RHEL for yum automatic update retrieval and installation of security packages. You can use yum-updatesd service provided with CentOS / RHEL servers. However, this service provides a few overheads. You can create daily or weekly updates with the following shell script. Create

/etc/cron.daily/yumupdate.sh to apply updates one a day.
/etc/cron.weekly/yumupdate.sh to apply updates once a week.

Sample shell script to update system

A shell script that instructs yum to update any packages it finds via cron:

#!/bin/bash
yum
yum
0 update

(Code listing -01: /etc/cron.daily/yumupdate.sh)

Where,

First command will update yum itself and next will apply system updates.
-R 120 : Sets the maximum amount of time yum will wait before performing a command
-e 0 : Sets the error level to 0 (range 0 – 10). 0 means print only critical errors about which you must be told.
-d 0 : Sets the debugging level to 0 – turns up or down the amount of things that are printed. (range: 0 – 10).
-y : Assume yes; assume that the answer to any question which would be asked is yes.

Make sure you setup executable permission:
# chmod +x /etc/cron.daily/yumupdate.sh

Conclusion

This page explained how to install yum-cron package to update and apply security updates automatically.

原文出處：How to use yum-cron to automatically update RHEL/CentOS Linux - nixCraft

回覆

主題一覽的下方

討論串

前一個主題 | 下一個主題 | 頁首 |

| |

發表新主題