From 5e66fba414bc74a14865aecaf8061a7ef45dfacf Mon Sep 17 00:00:00 2001 From: Konrad Bucheli Date: Wed, 31 Aug 2022 11:05:20 +0200 Subject: [PATCH] document automated package update on RHEL8 --- admin-guide/puppet/roles/base.rst | 29 ++++++++++++++++++++++++++--- rhel8/packages.md | 12 ++++++++++++ 2 files changed, 38 insertions(+), 3 deletions(-) diff --git a/admin-guide/puppet/roles/base.rst b/admin-guide/puppet/roles/base.rst index 2d182257..786af0a2 100644 --- a/admin-guide/puppet/roles/base.rst +++ b/admin-guide/puppet/roles/base.rst @@ -41,10 +41,14 @@ include_aaa bool true include_log_client bool true include_rpm_repos bool true package_groups array hiera_array('base::package_groups', []) -package_excludes array hierra_array('base::package_exclude', []) -pkg_group::* array hierra_array('base::pkg_group::...', []) +package_excludes array hiera_array('base::package_exclude', []) +pkg_group::* array hiera_array('base::pkg_group::...', []) selinux_mode string hiera('base::selinux_mode', 'enforcing') -========================= ======== ================================================ +update_interval enum hiera('base::automatic_updates::interval', 'weekly') +update_type enum hiera('base::automatic_updates::type', 'security') +update_exclude array hiera_array('base::automatic_updates::exclude', []) +update_kernel bool hiera('base::automatic_updates::kernel', false) +========================= ======== ==================================================== ``default_target`` @@ -287,6 +291,25 @@ Disabled Enforcing Disabled ========== ========== =========== +``update_interval`` +~~~~~~~~~~~~~~~~~~~ +How often should the automatic updates be installed. Valid options are ``never``, ``daily`` and ``weekly``. + + +``update_type`` +~~~~~~~~~~~~~~~ +What type of package updates should be installed automatically, either ``security`` for only security updates or ``all`` for all updates. + + +``update_exclude`` +~~~~~~~~~~~~~~~~~~ +List of packages which shall not be updated automatically. Wildcards like * are allowed. The kernel is excluded by default. + +``update_kernel`` +~~~~~~~~~~~~~~~~~ +Marks if also the kernel package should be automatically updated. Note that the necessary reboot to run the new kernel needs to be done manually. + + Examples -------- diff --git a/rhel8/packages.md b/rhel8/packages.md index 16860e90..d78e5c0c 100644 --- a/rhel8/packages.md +++ b/rhel8/packages.md @@ -218,3 +218,15 @@ A small list of packages managed by the Linux Team. - `nxserver` for NoMachine NX +## Automated Package Updates + +The automatic updates are controlled in Hiera: + +| Hiera key | default | comments | +|-----------------------------------|----------|-------------------------------------------------------------------------------| +| base::automatic_updates::interval | weekly | valid are `daily`, `weekly` and `never` which disables the automatic updates | +| base::automatic_updates::type | security | `security` installs only security updates whereas `all` installs all updates | +| base::automatic_updates::exclude | [] | list of packages not to update, wildcards like "*" are allowed | +| base::automatic_updates::kernel | false | define if new kernel packages also should be installed automatically | + +Note that the updates run on midnight, for `weekly` from Sunday to Monday. There is no automatic reboot, e.g. for kernel updates.