以前、スクリプトを仕込んで毎日パッケージの更新があるかチェックして、あればメールで通知しています。
参考にしたスクリプト
YUM UPDATE CHECK SCRIPT – RUNS VIA CRONTAB AND EMAILS WHEN NEW UPDATES ARE AVAILABLE
http://www.thern.org/linux-and-freebsd/yum-update-check-script-runs-via-crontab-and-emails-when-new-updates-are-available/
ところがCentOS 7にはyum-cronと言うパッケージが提供されていたので、これに移行しました。
環境
・CentOS Linux release 7.5.1804 (Core)
・Kernel: 3.10.0-862.3.3.el7.x86_64
- yum-cronのインストール
- 設定ファイル
- yum-cronサービスの起動
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# yum info yum-cron Available Packages Name : yum-cron Arch : noarch Version : 3.4.3 Release : 158.el7.centos Size : 63 k Repo : base/7/x86_64 Summary : Files needed to run yum updates as a cron job URL : http://yum.baseurl.org/ License : GPLv2+ Description : These are the files needed to run yum updates as a cron job. : Install this package if you want auto yum updates nightly via cron. # yum install yum-cron # repoquery --list yum-cron /etc/cron.daily/0yum-daily.cron /etc/cron.hourly/0yum-hourly.cron /etc/yum/yum-cron-hourly.conf /etc/yum/yum-cron.conf /usr/lib/systemd/system/yum-cron.service /usr/sbin/yum-cron /usr/share/doc/yum-cron-3.4.3 /usr/share/doc/yum-cron-3.4.3/COPYING /usr/share/man/man8/yum-cron.8 |
毎時、毎日、cronで実行されるようです。
yum-cron-hourly.confではデフォルトで何もしない設定になっています。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
# cat /etc/yum/yum-cron-hourly.conf [commands] # What kind of update to use: # default = yum upgrade # security = yum --security upgrade # security-severity:Critical = yum --sec-severity=Critical upgrade # minimal = yum --bugfix update-minimal # minimal-security = yum --security update-minimal # minimal-security-severity:Critical = --sec-severity=Critical update-minimal update_cmd = default # Whether a message should emitted when updates are available. update_messages = no # Whether updates should be downloaded when they are available. Note # that updates_messages must also be yes for updates to be downloaded. download_updates = no # Whether updates should be applied when they are available. Note # that both update_messages and download_updates must also be yes for # the update to be applied apply_updates = no # Maximum amout of time to randomly sleep, in minutes. The program # will sleep for a random amount of time between 0 and random_sleep # minutes before running. This is useful for e.g. staggering the # times that multiple systems will access update servers. If # random_sleep is 0 or negative, the program will run immediately. random_sleep = 15 [emitters] # Name to use for this system in messages that are emitted. If # system_name is None, the hostname will be used. system_name = None # How to send messages. Valid options are stdio and email. If # emit_via includes stdio, messages will be sent to stdout; this is useful # to have cron send the messages. If emit_via includes email, this # program will send email itself according to the configured options. # If emit_via is None or left blank, no messages will be sent. emit_via = stdio # The width, in characters, that messages that are emitted should be # formatted to. output_width = 80 [email] # The address to send email messages from. # NOTE: 'localhost' will be replaced with the value of system_name. email_from = root # List of addresses to send messages to. email_to = root # Name of the host to connect to to send email messages. email_host = localhost [groups] # List of groups to update group_list = None # The types of group packages to install group_package_types = mandatory, default [base] # This section overrides yum.conf # Use this to filter Yum core messages # -4: critical # -3: critical+errors # -2: critical+errors+warnings (default) debuglevel = -2 # skip_broken = True mdpolicy = group:main # Uncomment to auto-import new gpg keys (dangerous) # assumeyes = True |
yum-cron.confでは更新があればコンソールにメッセージを通知してダウンロードしますが、自動アップデートは実施しません。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
# cat /etc/yum/yum-cron.conf [commands] # What kind of update to use: # default = yum upgrade # security = yum --security upgrade # security-severity:Critical = yum --sec-severity=Critical upgrade # minimal = yum --bugfix update-minimal # minimal-security = yum --security update-minimal # minimal-security-severity:Critical = --sec-severity=Critical update-minimal update_cmd = default # Whether a message should be emitted when updates are available, # were downloaded, or applied. update_messages = yes # Whether updates should be downloaded when they are available. download_updates = yes # Whether updates should be applied when they are available. Note # that download_updates must also be yes for the update to be applied. apply_updates = no # Maximum amout of time to randomly sleep, in minutes. The program # will sleep for a random amount of time between 0 and random_sleep # minutes before running. This is useful for e.g. staggering the # times that multiple systems will access update servers. If # random_sleep is 0 or negative, the program will run immediately. # 6*60 = 360 random_sleep = 360 [emitters] # Name to use for this system in messages that are emitted. If # system_name is None, the hostname will be used. system_name = None # How to send messages. Valid options are stdio and email. If # emit_via includes stdio, messages will be sent to stdout; this is useful # to have cron send the messages. If emit_via includes email, this # program will send email itself according to the configured options. # If emit_via is None or left blank, no messages will be sent. emit_via = stdio # The width, in characters, that messages that are emitted should be # formatted to. output_width = 80 [email] # The address to send email messages from. # NOTE: 'localhost' will be replaced with the value of system_name. email_from = root@localhost # List of addresses to send messages to. email_to = root # Name of the host to connect to to send email messages. email_host = localhost [groups] # NOTE: This only works when group_command != objects, which is now the default # List of groups to update group_list = None # The types of group packages to install group_package_types = mandatory, default [base] # This section overrides yum.conf # Use this to filter Yum core messages # -4: critical # -3: critical+errors # -2: critical+errors+warnings (default) debuglevel = -2 # skip_broken = True mdpolicy = group:main # Uncomment to auto-import new gpg keys (dangerous) # assumeyes = True |
更新があればメール通知だけするように変更しました。
|
1 2 3 4 5 6 |
update_messages = yes download_updates = no apply_updates = no emit_via = email email_from = yum-cron@rootlinks.net email_to = sysadmin@rootlinks.net |
|
1 2 3 4 |
# systemctl list-unit-files | grep yum-cron yum-cron.service enabled # systemctl start yum-cron |
先日、アップデート通知がありました。
ただこの通知は更新が適用されるまで毎日通知されるので、少し煩わしいかも。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
The following updates are available on host.rootlinks.net: ================================================================================ Package アーキテクチャー バージョン リポジトリー 容量 ================================================================================ 更新します: python2-acme noarch 0.25.1-1.el7 epel 139 k python2-certbot noarch 0.25.1-1.el7 epel 503 k 依存性関連でのインストールをします: python-requests-toolbelt noarch 0.8.0-1.el7 epel 77 k トランザクションの要約 ================================================================================ インストール ( 1 個の依存関係のパッケージ) 更新 2 パッケージ |
あとこんな情報も
[Software] CentOS7 では yum-cron に夢を見ないで…
https://moriya.xrea.jp/tdiary/20170710.html
さて。RHEL7 のクローンである CentOS7 で yum-cron を入れても同じファイルがインストールされる。
なんだけど、これね、CentOS では default しか反応しないの 。他のを記述しても、動作しない(何も起きない)の。 security とか選びたいのに!そういうところ気にする人たちはRHEL7にお金払ってね、ということでしょう。
※上記サイトから引用させていただきました。