1. Главная
  2. Книги
  3. Tyler Chris
  4. Fedora Linux
  5. Страница 90
Выбрать главу

However, I prefer to use a symbolic link (see Lab 4.3, "Managing Files "), so that when I look in the default location I'll know where the files have been moved:

# mv /var/spool/repackage /bigdisk/repackage

# ln -s /bigdisk/repackage /var/spool/repackage

# ls -la /var/spool/repackage

lrwxrwxrwx 1 root root 18 Oct 31 14:47 /var/spool/repackage -> /bigdisk/repackage

5.4.4. Where Can I Learn More?

 The manpage for rpm (which covers the --repackage option but not --rollback )

 The Linux Journal article "Transactions and Rollback with RPM": http://www.linuxjournal.com/article/7034

 The manpage for cvs ; see the date format for -D for information on the date/time formats accepted by rpm 's --rollback option

5.5. Automating Updates

One of the main reasons that packages are updated is to correct newly discovered security vulnerabilities. It's important to keep a system up-to-date so that these security vulnerabilities are eliminated as soon as fixes are made available.

Automating system updates makes this easy. Fedora is configured to perform updates automatically; all you need to do is turn this feature on.

5.5.1. How Do I Do That?

Before turning on automatic updates, it's important to verify that yum is configured with the right options:

1. Repackaging should be enabled (see Lab 5.4, "Rolling Back a Package Installation, Upgrade, or Removal ") so that you can recover from a bad update. Make sure you have plenty of disk space for the repackage repository!

2. Ensure that yum is enabled only for the repositories that you wish to automatically update (see Lab 5.3, "Using Repositories ").

3. Exclude any packages that you do not wish to update automatically. In particular, think carefully about whether you want the kernel to be updated without your knowledge; such a change won't take effect until the next time the system boots, but changing the kernel can cause some software or services to fail until kernel modules are updated to match the new kernel.

Once you have yum configured the way you want, configure yum-updatesd to automatically apply updates. The configuration file /etc/yum-updatesd.conf initially looks like this:

[main]

# how often to check for new updates (in seconds)

run_interval = 3600

# how often to allow checking on request (in seconds)

updaterefresh = 600

# how to send notifications (valid: dbus, email, syslog)

emit_via = dbus

# automatically install updates

do_update = no

# automatically download updates

do_download = no

# automatically download deps of updates

do_download_deps = no

Change the do_update line to enable the automatic installation of updates:

do_update = yes

Reload the yum-updatesd configuration to activate your changes, either though the services GUI tool or by entering this command:

# service yum-updatesd reload

Stopping yum-updatesd: [ OK ]

Starting yum-updatesd: [ OK ]

Don't change the emit_via option, or puplet will not work.

5.5.2. How Does It Work?

The yum-updatesd service polls your configured repositories at regular intervals to determine if updates are available for any of your installed packages. By altering the configuration file, you instruct yum-updatesd to install the updated packages that it finds (effectively performing a yum -y update at regular intervals).

5.5.3. What About...

5.5.3.1. ...downloading but not installing updates?

By enabling the do_download and do_download_deps options, you can configure yum-updatesd to download available updates and related dependencies without installing them. This enables you to review the list of updates using Pup and then install selected updates without further download delay.

To set this up, configure /etc/yum/yum-updatesd.conf with these options:

# automatically install updates

do_update = no

# automatically download updates

do_download = yes

# automatically download deps of updates

do_download_deps = yes

5.5.3.2. ...updating a machine when it's booted?

The yum-updateonboot package can be used to update a machine whenever it is turned on. This ensures that security patches are automatically applied before the system is used. yum-updateonboot can be activated in addition to the automatic 4 a.m. update.

You can install and configure yum-updateonboot with these commands:

# yum install yum-updateonboot

Setting up Install Process

...(Lines snipped)...

=====================================================================

Package Arch Version Repository Size

=====================================================================

Installing:

yum-updateonboot noarch 0.3.1-1.fc4 extras 5.1 k

Transaction Summary

=====================================================================

Install 1 Package(s)

Update 0 Package(s)

Remove 0 Package(s)

Total download size: 5.1 k

Is this ok [y/N]: y

...(Lines snipped)...

Installed: yum-updateonboot.noarch 0:0.3.1-1.fc4

Complete!

# chkconfig --add yum-updateonboot

# chkconfig --level 2345 yum-updateonboot on

You can configure yum-updateonboot to reboot the system if any of the updates involve the kernel. Edit /etc/sysconfig/yum-updateonboot and activate the line highlighted here by removing the pound sign ( # ) at the start of the line:

# IF any of these rpms are updated, the yum-updateonboot init script will

# reboot immediately after the yum update. To keep yum-updateonboot from

# rebooting the system, comment this line out.

~ 90 ~