Scheduling with yum-cron
I'm trying to configure patch management with Spacewalk of all GNU/Linux machines in my organization, but I'm struggling a bit with the scheduling. Change Management has decided, that the dev/test environments should be patched every Tuesday at 5-7 in the morning, and production environments should be patched Thursday morning in the same time frame. Besides checking for, downloading and applying patches, I've added a script to reboot the server on kernel update, and a script to clean yum. I've placed those scripts in /etc/cron.weekly/ and configured anacrontab as such:
1 5 cron.daily nice run-parts /etc/cron.daily
7 5 cron.weekly nice run-parts /etc/cron.weekly
My problem is that everything gets executed every day, and I think the problem is caused by the configuration file for yum-cron /etc/yum-cron.conf. I've tried to find information about how to configure this file, and the setting DAYS_OF_WEEK / days_of_week is obviously where the magic happens. The man page isn't really of any help either. My question is, how the F*** do I set the day of week to tuesday (2) or thursday (4)??? I've tried different variations like:
DAYS_OF_WEEK=2
DAYS_OF_WEKK="2"
days_of_week = 2
days_of_week = "2"
And yet nothing seems to work the way I want it to. I have hunch that for CentOS 7 I have to use the lowercase days_of_week, and the uppercase for CentOS 6, but I'm not sure.
Any inputs or ideas will be appreciated, and thanks in advance!
Solution 1:
Apparently yum-cron 3.4 in EL 7 removed /etc/sysconfig/yum-cron including the DAYS_OF_WEEK feature. I do not see something equivalent in /usr/sbin/yum-cron.
Customize the config file (/etc/yum/yum-cron.conf
) to your liking. At minimum, the default random_sleep
is longer than your 2 hour window.
Write and schedule your own script.
#!/bin/sh
# /usr/local/bin/updateandreboot
# Wrapper for update and reboot
# TODO does not respect /var/lock/subsys/yum-cron
/usr/sbin/yum-cron /etc/yum/yum-cron.conf && \
/usr/bin/needs-restarting -r || \
/usr/sbin/shutdown -r now "Restarting for scheduled software update"
As I am not aware of a day of the week schedule in anacron, schedule it in cron.
# /etc/cron.d/autoupdate
# 05:01 on Tuesday
1 5 * * 2 root /usr/local/bin/updateandreboot
Also schedule a yum clean packages
when desired.
Remove yum-cron's default daily and weekly schedules. rm /etc/cron*/*yum*cron
will do it, but these will come back when yum-cron package is updated.
Solution 2:
This may be distribution dependant but in RedHat the daily and hourly cronjobs for yum-conf only run if the yum-conf service is running.
in /etc/cron.dail/0yum-daily.cron
#!/bin/bash
# Only run if this flag is set. The flag is created by the yum-cron init
# script when the service is started -- this allows one to use chkconfig and
# the standard "service stop|start" commands to enable or disable yum-cron.
if [[ ! -f /var/lock/subsys/yum-cron ]]; then
exit 0
fi
# Action!
exec /usr/sbin/yum-cron
So just disable the service abd configure a standard cronjob as you require.