mirror of
https://pagure.io/fedora-docs/quick-docs.git
synced 2024-12-01 07:39:48 +00:00
Merge branch 'pr388'
This commit is contained in:
commit
3f52d2fc67
1 changed files with 29 additions and 20 deletions
|
@ -37,31 +37,32 @@ started automatically.
|
||||||
[[install-and-settings-of-dnf-automatic]]
|
[[install-and-settings-of-dnf-automatic]]
|
||||||
=== Install and settings of dnf-automatic
|
=== Install and settings of dnf-automatic
|
||||||
|
|
||||||
On a fresh Fedora 22 installation with default options the dnf-automatic RPM is not installed, the first command below installs this RPM.
|
On a fresh install of Fedora 22 with default options, the dnf-automatic
|
||||||
|
RPM is not installed. The first command below installs this RPM:
|
||||||
|
|
||||||
[source,bash]
|
[source,bash]
|
||||||
----
|
----
|
||||||
sudo dnf install dnf-automatic
|
sudo dnf install dnf-automatic
|
||||||
----
|
----
|
||||||
|
|
||||||
By default, the dnf-automation runs from the configurations in `/etc/dnf/automation.conf` file. These configurations only download, but do not apply any of the packages. In order to change or add any configurations, open the `.conf` file as the root user (or using `sudo`) from a terminal window.
|
By default, dnf-automatic runs from the configurations in the `/etc/dnf/automatic.conf` file. These configurations only download, but do not apply any of the packages. In order to change or add any configurations, open the `.conf` file as the root user (or using `sudo`) from a terminal window.
|
||||||
|
|
||||||
[source,bash]
|
[source,bash]
|
||||||
----
|
----
|
||||||
env EDITOR='gedit -w' sudoedit /etc/dnf/automatic.conf
|
env EDITOR='gedit -w' sudoedit /etc/dnf/automatic.conf
|
||||||
----
|
----
|
||||||
|
|
||||||
Detailed description of dnf-automatic settings is provided on
|
Detailed description of dnf-automatic settings is provided on the
|
||||||
https://dnf.readthedocs.org/en/latest/automatic.html[dnf-automatic] page.
|
https://dnf.readthedocs.org/en/latest/automatic.html[dnf-automatic] page.
|
||||||
|
|
||||||
[[run-dnf-automatic]]
|
[[run-dnf-automatic]]
|
||||||
=== Run dnf-automatic
|
=== Run dnf-automatic
|
||||||
|
|
||||||
Once you are finished with configuration, execute:
|
Once you are finished with the configuration, execute:
|
||||||
|
|
||||||
[source,bash]
|
[source,bash]
|
||||||
----
|
----
|
||||||
systemctl enable dnf-automatic.timer && systemctl start dnf-automatic.timer
|
systemctl enable --now dnf-automatic.timer
|
||||||
----
|
----
|
||||||
|
|
||||||
to enable and start the `systemd` timer.
|
to enable and start the `systemd` timer.
|
||||||
|
@ -109,8 +110,8 @@ problems during or after installation.
|
||||||
== Why use automatic updates?
|
== Why use automatic updates?
|
||||||
|
|
||||||
The main advantage of automating the updates is that machines are likely
|
The main advantage of automating the updates is that machines are likely
|
||||||
to get updated more quickly, more often, and more uniformly than if they
|
to get updated more quickly, more often, and more uniformly than if the
|
||||||
update are done manually. We see too many compromised machines on the
|
updates are done manually. We see too many compromised machines on the
|
||||||
internet which would have been safe if the latest updates where
|
internet which would have been safe if the latest updates where
|
||||||
installed in a timely way.
|
installed in a timely way.
|
||||||
|
|
||||||
|
@ -155,9 +156,17 @@ automatic updates are:
|
||||||
unscheduled downtime.
|
unscheduled downtime.
|
||||||
* You installed custom software, compiled software from source, or use
|
* You installed custom software, compiled software from source, or use
|
||||||
third party software that has strict package version requirements.
|
third party software that has strict package version requirements.
|
||||||
* You installed a custom kernel, custom kernel modules, third party kernel modules, or have a third party application that depends on kernel versions (this may not be a problem if you exclude kernel updates, which is the default in Fedora `dnf.conf` files). (But see also https://bugzilla.redhat.com/show_bug.cgi?id=870790[bug #870790] - you may need to modify in Fedora 22 or later versions in base section to add `exclude=kernel*`.)
|
* You installed a custom kernel, custom kernel modules, third party
|
||||||
|
kernel modules, or have a third party application that depends on kernel
|
||||||
|
versions (this may not be a problem if you exclude kernel updates, which
|
||||||
|
is the default in Fedora `dnf.conf` files). (See also
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=870790[bug #870790] - you
|
||||||
|
may need to modify in Fedora 22 or later versions in base section to add
|
||||||
|
`exclude=kernel*`.)
|
||||||
* Your environment requires meticulous change-control procedures.
|
* Your environment requires meticulous change-control procedures.
|
||||||
* You update from other third party DNF repositories besides Fedora (core, extras, legacy ) repositories which may conflict in versioning schemes for the same packages.
|
* You update from other third party DNF repositories besides Fedora
|
||||||
|
(core, extras, legacy), repositories which may conflict in versioning
|
||||||
|
schemes for the same packages.
|
||||||
|
|
||||||
There are also some other reasons why installing automatic updates
|
There are also some other reasons why installing automatic updates
|
||||||
without testing may be a bad idea. A few such reasons are:
|
without testing may be a bad idea. A few such reasons are:
|
||||||
|
@ -187,10 +196,10 @@ things to make sure you are up-to-date.
|
||||||
|
|
||||||
Check for package updates which have been automatically performed, and
|
Check for package updates which have been automatically performed, and
|
||||||
note if they need further (manual) intervention. You can monitor what
|
note if they need further (manual) intervention. You can monitor what
|
||||||
DNF or updated via its log file (usually `/var/log/dnf.log`).
|
DNF has updated via its log file (usually `/var/log/dnf.log`).
|
||||||
|
|
||||||
You can monitor updates availability automatically by email after
|
You can monitor updates availability automatically by email after
|
||||||
modifying dnf-automatic configuration file (usually `/etc/dnf/automatic.conf`).
|
modifying the dnf-automatic configuration file (usually `/etc/dnf/automatic.conf`).
|
||||||
|
|
||||||
[source,bash]
|
[source,bash]
|
||||||
----
|
----
|
||||||
|
@ -208,14 +217,14 @@ email_to = root
|
||||||
email_host = localhost
|
email_host = localhost
|
||||||
----
|
----
|
||||||
|
|
||||||
You would replace root with an actual email address to which you want to
|
You would replace root with an actual email address to which you want the
|
||||||
report sent, and localhost with an actual address of SMTP server. This
|
report sent, and localhost with an actual address of a SMTP server. This
|
||||||
change will mean that after dnf-automatic runs, it will email you
|
change will mean that after dnf-automatic runs, it will email you
|
||||||
information you about available updates, or log about downloaded
|
information about available updates, a log about downloaded
|
||||||
packages, or installed updates according to settings in `automatic.conf`.
|
packages, or installed updates according to settings in `automatic.conf`.
|
||||||
|
|
||||||
[[alternative-methods]]
|
[[alternative-methods]]
|
||||||
==Alternative methods
|
== Alternative methods
|
||||||
|
|
||||||
As an alternative to dnf-automatic,
|
As an alternative to dnf-automatic,
|
||||||
https://github.com/rackerlabs/auter[auter] can be used. This operates in
|
https://github.com/rackerlabs/auter[auter] can be used. This operates in
|
||||||
|
@ -229,12 +238,12 @@ more complexity to configure.
|
||||||
sudo dnf install auter
|
sudo dnf install auter
|
||||||
----
|
----
|
||||||
|
|
||||||
Edit the configuration. Descriptions of the options are contained in the
|
You should then edit the configuration. Descriptions of the options are contained in the
|
||||||
conf file `/etc/auter/auter.conf`.
|
conf file `/etc/auter/auter.conf`.
|
||||||
|
|
||||||
Auter is not scheduled by default. Add a schedule for `--prep` (if you
|
Auter is not scheduled by default. Add a schedule for `--prep` (if you
|
||||||
want to pre-download updates) and `--apply` (install updates). The
|
want to pre-download updates) and `--apply` (install updates). The
|
||||||
installed cron job which you can see in `/etc/cron.d/auter` contains lots of examples:
|
installed cron job which you can see in `/etc/cron.d/auter` contains lots of examples.
|
||||||
|
|
||||||
To make auter run immediately without waiting for the cron job to run,
|
To make auter run immediately without waiting for the cron job to run,
|
||||||
for example for testing or debugging, you can simply run it from the
|
for example for testing or debugging, you can simply run it from the
|
||||||
|
@ -259,8 +268,8 @@ auter --disable
|
||||||
=== Notifications
|
=== Notifications
|
||||||
|
|
||||||
Instead of automatic updates, dnf-automatic can only download new
|
Instead of automatic updates, dnf-automatic can only download new
|
||||||
updates and can alert your via email of available updates which you
|
updates and can alert you via email of available updates which you
|
||||||
could then install manually. It can be set by editing of `/etc/dnf/automatic.conf` file.
|
could then install manually. This can be set by editing of `/etc/dnf/automatic.conf` file.
|
||||||
|
|
||||||
[[scheduling-updates]]
|
[[scheduling-updates]]
|
||||||
=== Scheduling updates
|
=== Scheduling updates
|
||||||
|
@ -279,7 +288,7 @@ page.
|
||||||
=== Other methods of protection
|
=== Other methods of protection
|
||||||
|
|
||||||
Yet another thing to consider if not using automatic updates is to
|
Yet another thing to consider if not using automatic updates is to
|
||||||
provide your machine with some other forms of protection to help defend
|
provide your machine with some other forms of protection to help defend it of
|
||||||
any attacks that might occur before updates are in place. This might
|
any attacks that might occur before updates are in place. This might
|
||||||
include an external firewall, a host-based firewall (like iptables,
|
include an external firewall, a host-based firewall (like iptables,
|
||||||
ipchains, and/or tcp wrappers), not performing dangerous tasks on the
|
ipchains, and/or tcp wrappers), not performing dangerous tasks on the
|
||||||
|
|
Loading…
Reference in a new issue