Archive for April, 2012

Configure Automatic Update Retrieval and Installation with Cron

The yum-updatesd service is not mature enough for an enterprise environment, and the service may introduce unnecessary overhead. When possible, replace this service with a cron job that calls yum directly.

Disable the yum-updatesd service:

# chkconfig yum-updatesd off

Create the file yum.cron, make it executable, and place it in /etc/cron.daily:

#!/bin/sh
/usr/bin/yum -R 120 -e 0 -d 0 -y update yum
/usr/bin/yum -R 10 -e 0 -d 0 -y update

This particular script instructs yum to update any packages it finds. Placing the script in
/etc/cron.daily ensures its daily execution.
To only apply updates once a week, place the script in /etc/cron.weekly instead.

How to ensure Package Signature Checking is Globally Activated

The gpgcheck option should be used to ensure that checking of an RPM package’s signature always occurs prior to its installation.

To force yum to check package signatures before installing them, ensure that the following line appears in /etc/yum.conf in the [main] section:

gpgcheck=1

How to manually Check for Package Updates

The following command prints a list of packages that need to be updated:

# yum check-update

To actually install these updates, run:

# yum update
SBDavid

Disable the rhnsd Daemon

Disable the rhnsd Daemon

The rhnsd daemon polls the Red Hat Network web site for scheduled actions. Unless it is actually
necessary to schedule updates remotely through the RHN website, it is recommended that the service
be disabled.

# chkconfig rhnsd off

The rhnsd daemon is enabled by default, but until the system has been registered with the Red Hat
Network, it will not run. However, once the registration process is complete, the rhnsd daemon
will run in the background and periodically call the rhn check utility. It is the rhn check
utility that communicates with the Red Hat Network web site.

Configure Connection to the RHN RPM Repositories

The first step in configuring a system for updates is to register with the Red Hat Network (RHN). For most systems, this is done during the initial installation. Successfully registered systems will appear on the RHN web site. If the system is not listed, run the Red Hat Network Registration tool, which can be found in the Applications menu under System Tools or on the command line:

# rhn register

Follow the prompts on the screen. If successful, the system will appear on the RHN web site and be subscribed to one or more software update channels. Additionally, a new daemon, rhnsd, will be enabled. If the system will not have access to the Internet, it will not be able to directly subscribe to the RHN update repository. Updates will have to be downloaded from the RHN web site manually. The command line tool yum and the graphical front-ends pirut and pup can be configured to handle this situation.

« Prev - Next »