document automated package update on RHEL8

2022-08-31 11:05:20 +02:00
parent f122618db4
commit 5e66fba414
2 changed files with 38 additions and 3 deletions
--- a/admin-guide/puppet/roles/base.rst
+++ b/admin-guide/puppet/roles/base.rst
@@ -41,10 +41,14 @@ include_aaa                bool      true
 include_log_client         bool      true
 include_rpm_repos          bool      true
 package_groups             array     hiera_array('base::package_groups', [])
-package_excludes           array     hierra_array('base::package_exclude', [])
-pkg_group::*               array     hierra_array('base::pkg_group::...', [])
+package_excludes           array     hiera_array('base::package_exclude', [])
+pkg_group::*               array     hiera_array('base::pkg_group::...', [])
 selinux_mode               string    hiera('base::selinux_mode', 'enforcing')
-=========================  ========  ================================================
+update_interval            enum      hiera('base::automatic_updates::interval', 'weekly')
+update_type                enum      hiera('base::automatic_updates::type', 'security')
+update_exclude             array     hiera_array('base::automatic_updates::exclude', [])
+update_kernel              bool      hiera('base::automatic_updates::kernel', false)
+=========================  ========  ====================================================


 ``default_target``
@@ -287,6 +291,25 @@ Disabled    Enforcing   Disabled
 ==========  ==========  ===========


+``update_interval``
+~~~~~~~~~~~~~~~~~~~
+How often should the automatic updates be installed. Valid options are ``never``, ``daily`` and ``weekly``.
+
+
+``update_type``
+~~~~~~~~~~~~~~~
+What type of package updates should be installed automatically, either ``security`` for only security updates or ``all`` for all updates.
+
+
+``update_exclude``
+~~~~~~~~~~~~~~~~~~
+List of packages which shall not be updated automatically. Wildcards like * are allowed. The kernel is excluded by default.
+
+``update_kernel``
+~~~~~~~~~~~~~~~~~
+Marks if also the kernel package should be automatically updated. Note that the necessary reboot to run the new kernel needs to be done manually.
+
+
 Examples
 --------

--- a/rhel8/packages.md
+++ b/rhel8/packages.md
@@ -218,3 +218,15 @@ A small list of packages managed by the Linux Team.
 - `nxserver` for NoMachine NX 


+## Automated Package Updates
+
+The automatic updates are controlled in Hiera:
+
+| Hiera key                         | default  | comments                                                                      |
+|-----------------------------------|----------|-------------------------------------------------------------------------------|
+| base::automatic_updates::interval | weekly   |  valid are `daily`, `weekly` and `never` which disables the automatic updates |
+| base::automatic_updates::type     | security | `security` installs only security updates whereas `all` installs all updates  |
+| base::automatic_updates::exclude  | []       | list of packages not to update, wildcards like "*" are allowed                |
+| base::automatic_updates::kernel   | false    | define if new kernel packages also should be installed automatically          |
+
+Note that the updates run on midnight, for `weekly` from Sunday to Monday. There is no automatic reboot, e.g. for kernel updates.