hank-test/quick-docs
1
0
Fork 0
mirror of https://pagure.io/fedora-docs/quick-docs.git synced 2024-10-19 01:35:42 +00:00
Code Issues 1 Projects Releases Packages Wiki Activity Actions

Merge branch 'pr388'

Browse source
This commit is contained in:
Petr Bokoc 2021-08-27 06:00:16 +02:00
commit 3f52d2fc67
1 changed files with 29 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
modules/ROOT/pages/autoupdates.adoc
View file

@ -37,31 +37,32 @@ started automatically.
[[install-and-settings-of-dnf-automatic]] [[install-and-settings-of-dnf-automatic]]
=== Install and settings of dnf-automatic === Install and settings of dnf-automatic
On a fresh Fedora 22 installation with default options the dnf-automatic RPM is not installed, the first command below installs this RPM. On a fresh install of Fedora 22 with default options, the dnf-automatic
RPM is not installed. The first command below installs this RPM:
[source,bash] [source,bash]
---- ----
sudo dnf install dnf-automatic sudo dnf install dnf-automatic
---- ----
By default, the dnf-automation runs from the configurations in `/etc/dnf/automation.conf` file. These configurations only download, but do not apply any of the packages. In order to change or add any configurations, open the `.conf` file as the root user (or using `sudo`) from a terminal window. By default, dnf-automatic runs from the configurations in the `/etc/dnf/automatic.conf` file. These configurations only download, but do not apply any of the packages. In order to change or add any configurations, open the `.conf` file as the root user (or using `sudo`) from a terminal window.
[source,bash] [source,bash]
---- ----
env EDITOR='gedit -w' sudoedit /etc/dnf/automatic.conf env EDITOR='gedit -w' sudoedit /etc/dnf/automatic.conf
---- ----
Detailed description of dnf-automatic settings is provided on Detailed description of dnf-automatic settings is provided on the
https://dnf.readthedocs.org/en/latest/automatic.html[dnf-automatic] page. https://dnf.readthedocs.org/en/latest/automatic.html[dnf-automatic] page.
[[run-dnf-automatic]] [[run-dnf-automatic]]
=== Run dnf-automatic === Run dnf-automatic
Once you are finished with configuration, execute: Once you are finished with the configuration, execute:
[source,bash] [source,bash]
---- ----
systemctl enable dnf-automatic.timer && systemctl start dnf-automatic.timer systemctl enable --now dnf-automatic.timer 
---- ----
to enable and start the `systemd` timer. to enable and start the `systemd` timer.
@ -109,8 +110,8 @@ problems during or after installation.
== Why use automatic updates? == Why use automatic updates?
The main advantage of automating the updates is that machines are likely The main advantage of automating the updates is that machines are likely
to get updated more quickly, more often, and more uniformly than if they to get updated more quickly, more often, and more uniformly than if the
update are done manually. We see too many compromised machines on the updates are done manually. We see too many compromised machines on the
internet which would have been safe if the latest updates where internet which would have been safe if the latest updates where
installed in a timely way. installed in a timely way.
@ -155,9 +156,17 @@ automatic updates are:
unscheduled downtime. unscheduled downtime.
* You installed custom software, compiled software from source, or use * You installed custom software, compiled software from source, or use
third party software that has strict package version requirements. third party software that has strict package version requirements.
* You installed a custom kernel, custom kernel modules, third party kernel modules, or have a third party application that depends on kernel versions (this may not be a problem if you exclude kernel updates, which is the default in Fedora `dnf.conf` files). (But see also https://bugzilla.redhat.com/show_bug.cgi?id=870790[bug #870790] - you may need to modify in Fedora 22 or later versions in base section to add `exclude=kernel*`.) * You installed a custom kernel, custom kernel modules, third party
kernel modules, or have a third party application that depends on kernel
versions (this may not be a problem if you exclude kernel updates, which
is the default in Fedora `dnf.conf` files). (See also
https://bugzilla.redhat.com/show_bug.cgi?id=870790[bug #870790] - you
may need to modify in Fedora 22 or later versions in base section to add
`exclude=kernel*`.)
* Your environment requires meticulous change-control procedures. * Your environment requires meticulous change-control procedures.
* You update from other third party DNF repositories besides Fedora (core, extras, legacy ) repositories which may conflict in versioning schemes for the same packages. * You update from other third party DNF repositories besides Fedora
(core, extras, legacy), repositories which may conflict in versioning
schemes for the same packages.
There are also some other reasons why installing automatic updates There are also some other reasons why installing automatic updates
without testing may be a bad idea. A few such reasons are: without testing may be a bad idea. A few such reasons are:
@ -187,10 +196,10 @@ things to make sure you are up-to-date.
Check for package updates which have been automatically performed, and Check for package updates which have been automatically performed, and
note if they need further (manual) intervention. You can monitor what note if they need further (manual) intervention. You can monitor what
DNF or updated via its log file (usually `/var/log/dnf.log`). DNF has updated via its log file (usually `/var/log/dnf.log`).
You can monitor updates availability automatically by email after You can monitor updates availability automatically by email after
modifying dnf-automatic configuration file (usually `/etc/dnf/automatic.conf`). modifying the dnf-automatic configuration file (usually `/etc/dnf/automatic.conf`).
[source,bash] [source,bash]
---- ----
@ -208,14 +217,14 @@ email_to = root
email_host = localhost email_host = localhost
---- ----
You would replace root with an actual email address to which you want to You would replace root with an actual email address to which you want the
report sent, and localhost with an actual address of SMTP server. This report sent, and localhost with an actual address of a SMTP server. This
change will mean that after dnf-automatic runs, it will email you change will mean that after dnf-automatic runs, it will email you
information you about available updates, or log about downloaded information about available updates, a log about downloaded
packages, or installed updates according to settings in `automatic.conf`. packages, or installed updates according to settings in `automatic.conf`.
[[alternative-methods]] [[alternative-methods]]
==Alternative methods == Alternative methods
As an alternative to dnf-automatic, As an alternative to dnf-automatic,
https://github.com/rackerlabs/auter[auter] can be used. This operates in https://github.com/rackerlabs/auter[auter] can be used. This operates in
@ -229,12 +238,12 @@ more complexity to configure.
sudo dnf install auter sudo dnf install auter
---- ----
Edit the configuration. Descriptions of the options are contained in the You should then edit the configuration. Descriptions of the options are contained in the
conf file `/etc/auter/auter.conf`. conf file `/etc/auter/auter.conf`.
Auter is not scheduled by default. Add a schedule for `--prep` (if you Auter is not scheduled by default. Add a schedule for `--prep` (if you
want to pre-download updates) and `--apply` (install updates). The want to pre-download updates) and `--apply` (install updates). The
installed cron job which you can see in `/etc/cron.d/auter` contains lots of examples: installed cron job which you can see in `/etc/cron.d/auter` contains lots of examples.
To make auter run immediately without waiting for the cron job to run, To make auter run immediately without waiting for the cron job to run,
for example for testing or debugging, you can simply run it from the for example for testing or debugging, you can simply run it from the
@ -259,8 +268,8 @@ auter --disable
=== Notifications === Notifications
Instead of automatic updates, dnf-automatic can only download new Instead of automatic updates, dnf-automatic can only download new
updates and can alert your via email of available updates which you updates and can alert you via email of available updates which you
could then install manually. It can be set by editing of `/etc/dnf/automatic.conf` file. could then install manually. This can be set by editing of `/etc/dnf/automatic.conf` file.
[[scheduling-updates]] [[scheduling-updates]]
=== Scheduling updates === Scheduling updates
@ -279,7 +288,7 @@ page.
=== Other methods of protection === Other methods of protection
Yet another thing to consider if not using automatic updates is to Yet another thing to consider if not using automatic updates is to
provide your machine with some other forms of protection to help defend provide your machine with some other forms of protection to help defend it of
any attacks that might occur before updates are in place. This might any attacks that might occur before updates are in place. This might
include an external firewall, a host-based firewall (like iptables, include an external firewall, a host-based firewall (like iptables,
ipchains, and/or tcp wrappers), not performing dangerous tasks on the ipchains, and/or tcp wrappers), not performing dangerous tasks on the