mirror of
https://pagure.io/fedora-docs/quick-docs.git
synced 2024-10-19 01:35:42 +00:00
Merge branch 'pr388'
This commit is contained in:
Petr Bokoc
commit
3f52d2fc67
1 changed files with 29 additions and 20 deletions
|
|
@ -37,31 +37,32 @@ started automatically.
|
|||
[[install-and-settings-of-dnf-automatic]]
|
||||
=== Install and settings of dnf-automatic
|
||||
|
||||
On a fresh Fedora 22 installation with default options the dnf-automatic RPM is not installed, the first command below installs this RPM.
|
||||
On a fresh install of Fedora 22 with default options, the dnf-automatic
|
||||
RPM is not installed. The first command below installs this RPM:
|
||||
|
||||
[source,bash]
|
||||
----
|
||||
sudo dnf install dnf-automatic
|
||||
----
|
||||
|
||||
By default, the dnf-automation runs from the configurations in `/etc/dnf/automation.conf` file. These configurations only download, but do not apply any of the packages. In order to change or add any configurations, open the `.conf` file as the root user (or using `sudo`) from a terminal window.
|
||||
By default, dnf-automatic runs from the configurations in the `/etc/dnf/automatic.conf` file. These configurations only download, but do not apply any of the packages. In order to change or add any configurations, open the `.conf` file as the root user (or using `sudo`) from a terminal window.
|
||||
|
||||
[source,bash]
|
||||
----
|
||||
env EDITOR='gedit -w' sudoedit /etc/dnf/automatic.conf
|
||||
----
|
||||
|
||||
Detailed description of dnf-automatic settings is provided on
|
||||
Detailed description of dnf-automatic settings is provided on the
|
||||
https://dnf.readthedocs.org/en/latest/automatic.html[dnf-automatic] page.
|
||||
|
||||
[[run-dnf-automatic]]
|
||||
=== Run dnf-automatic
|
||||
|
||||
Once you are finished with configuration, execute:
|
||||
Once you are finished with the configuration, execute:
|
||||
|
||||
[source,bash]
|
||||
----
|
||||
systemctl enable dnf-automatic.timer && systemctl start dnf-automatic.timer
|
||||
systemctl enable --now dnf-automatic.timer
|
||||
----
|
||||
|
||||
to enable and start the `systemd` timer.
|
||||
|
|
@ -109,8 +110,8 @@ problems during or after installation.
|
|||
== Why use automatic updates?
|
||||
|
||||
The main advantage of automating the updates is that machines are likely
|
||||
to get updated more quickly, more often, and more uniformly than if they
|
||||
update are done manually. We see too many compromised machines on the
|
||||
to get updated more quickly, more often, and more uniformly than if the
|
||||
updates are done manually. We see too many compromised machines on the
|
||||
internet which would have been safe if the latest updates where
|
||||
installed in a timely way.
|
||||
|
||||
|
|
@ -155,9 +156,17 @@ automatic updates are:
|
|||
unscheduled downtime.
|
||||
* You installed custom software, compiled software from source, or use
|
||||
third party software that has strict package version requirements.
|
||||
* You installed a custom kernel, custom kernel modules, third party kernel modules, or have a third party application that depends on kernel versions (this may not be a problem if you exclude kernel updates, which is the default in Fedora `dnf.conf` files). (But see also https://bugzilla.redhat.com/show_bug.cgi?id=870790[bug #870790] - you may need to modify in Fedora 22 or later versions in base section to add `exclude=kernel*`.)
|
||||
* You installed a custom kernel, custom kernel modules, third party
|
||||
kernel modules, or have a third party application that depends on kernel
|
||||
versions (this may not be a problem if you exclude kernel updates, which
|
||||
is the default in Fedora `dnf.conf` files). (See also
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=870790[bug #870790] - you
|
||||
may need to modify in Fedora 22 or later versions in base section to add
|
||||
`exclude=kernel*`.)
|
||||
* Your environment requires meticulous change-control procedures.
|
||||
* You update from other third party DNF repositories besides Fedora (core, extras, legacy ) repositories which may conflict in versioning schemes for the same packages.
|
||||
* You update from other third party DNF repositories besides Fedora
|
||||
(core, extras, legacy), repositories which may conflict in versioning
|
||||
schemes for the same packages.
|
||||
|
||||
There are also some other reasons why installing automatic updates
|
||||
without testing may be a bad idea. A few such reasons are:
|
||||
|
|
@ -187,10 +196,10 @@ things to make sure you are up-to-date.
|
|||
|
||||
Check for package updates which have been automatically performed, and
|
||||
note if they need further (manual) intervention. You can monitor what
|
||||
DNF or updated via its log file (usually `/var/log/dnf.log`).
|
||||
DNF has updated via its log file (usually `/var/log/dnf.log`).
|
||||
|
||||
You can monitor updates availability automatically by email after
|
||||
modifying dnf-automatic configuration file (usually `/etc/dnf/automatic.conf`).
|
||||
modifying the dnf-automatic configuration file (usually `/etc/dnf/automatic.conf`).
|
||||
|
||||
[source,bash]
|
||||
----
|
||||
|
|
@ -208,14 +217,14 @@ email_to = root
|
|||
email_host = localhost
|
||||
----
|
||||
|
||||
You would replace root with an actual email address to which you want to
|
||||
report sent, and localhost with an actual address of SMTP server. This
|
||||
You would replace root with an actual email address to which you want the
|
||||
report sent, and localhost with an actual address of a SMTP server. This
|
||||
change will mean that after dnf-automatic runs, it will email you
|
||||
information you about available updates, or log about downloaded
|
||||
information about available updates, a log about downloaded
|
||||
packages, or installed updates according to settings in `automatic.conf`.
|
||||
|
||||
[[alternative-methods]]
|
||||
==Alternative methods
|
||||
== Alternative methods
|
||||
|
||||
As an alternative to dnf-automatic,
|
||||
https://github.com/rackerlabs/auter[auter] can be used. This operates in
|
||||
|
|
@ -229,12 +238,12 @@ more complexity to configure.
|
|||
sudo dnf install auter
|
||||
----
|
||||
|
||||
Edit the configuration. Descriptions of the options are contained in the
|
||||
You should then edit the configuration. Descriptions of the options are contained in the
|
||||
conf file `/etc/auter/auter.conf`.
|
||||
|
||||
Auter is not scheduled by default. Add a schedule for `--prep` (if you
|
||||
want to pre-download updates) and `--apply` (install updates). The
|
||||
installed cron job which you can see in `/etc/cron.d/auter` contains lots of examples:
|
||||
installed cron job which you can see in `/etc/cron.d/auter` contains lots of examples.
|
||||
|
||||
To make auter run immediately without waiting for the cron job to run,
|
||||
for example for testing or debugging, you can simply run it from the
|
||||
|
|
@ -259,8 +268,8 @@ auter --disable
|
|||
=== Notifications
|
||||
|
||||
Instead of automatic updates, dnf-automatic can only download new
|
||||
updates and can alert your via email of available updates which you
|
||||
could then install manually. It can be set by editing of `/etc/dnf/automatic.conf` file.
|
||||
updates and can alert you via email of available updates which you
|
||||
could then install manually. This can be set by editing of `/etc/dnf/automatic.conf` file.
|
||||
|
||||
[[scheduling-updates]]
|
||||
=== Scheduling updates
|
||||
|
|
@ -279,7 +288,7 @@ page.
|
|||
=== Other methods of protection
|
||||
|
||||
Yet another thing to consider if not using automatic updates is to
|
||||
provide your machine with some other forms of protection to help defend
|
||||
provide your machine with some other forms of protection to help defend it of
|
||||
any attacks that might occur before updates are in place. This might
|
||||
include an external firewall, a host-based firewall (like iptables,
|
||||
ipchains, and/or tcp wrappers), not performing dangerous tasks on the
|
||||
|
|
|
|||
Loading…
Reference in a new issue