Forcing updates install on shutdown

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Forcing updates install on shutdown

Louis Garcia
Is there a way to have fedora workstation to update on shutdown? When a user logs off or shutdown there box I would like fedora to pkcon update -y or dnf upgrade -y. I thought about creating a systemd unit file to do this but would that conflict with offline update?

--Thanks

_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: Forcing updates install on shutdown

Rick Stevens-3
On 9/19/18 10:24 AM, Louis Garcia wrote:
> Is there a way to have fedora workstation to update on shutdown? When a
> user logs off or shutdown there box I would like fedora to pkcon update
> -y or dnf upgrade -y. I thought about creating a systemd unit file to do
> this but would that conflict with offline update?

I'm sure you could do something like that, but I'm absolutely not in
favor of unsupervised updates. There are times where updates can result
in an unbootable system or various other issues. Error messages would
not be visible during the upgrade, conflicts with packages from other
sources might be missed, many other things might end up with a system
that, even if it works, might behave rather differently than the system
you shut down before.

You only have to look at the number of "bricked" Winblows system
upgrades that have occurred in the past using this scheme. No,
unsupervised or unobserved updates are a bad idea IMHO. I never use "-y"
with dnf or pkcon or yum. I look at the proposed upgrades before I ever
approve them--and there are MANY times I've rerun the command with an
"--exclude=" so specific packages do NOT get upgraded.

You might disagree with much he did, but as Reagan said, "Trust, but
verify!"
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    [hidden email] -
- AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
-                                                                    -
-          When all else fails, try reading the instructions.        -
----------------------------------------------------------------------
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: Forcing updates install on shutdown

Fred Roller
I whole hardheartedly agree with Rick on this point.  That being said, yes, put the script in the shutdown sequence.  Inject it either first or where ever makes the most since. It has been awhile since I messed with this but I think you need to research manipulation of the rc.local directory files.  Hope it helps, just a pointer for you to look into.

regards,
-- Fred

On Wed, Sep 19, 2018 at 10:39 AM Rick Stevens <[hidden email]> wrote:
On 9/19/18 10:24 AM, Louis Garcia wrote:
> Is there a way to have fedora workstation to update on shutdown? When a
> user logs off or shutdown there box I would like fedora to pkcon update
> -y or dnf upgrade -y. I thought about creating a systemd unit file to do
> this but would that conflict with offline update?

I'm sure you could do something like that, but I'm absolutely not in
favor of unsupervised updates. There are times where updates can result
in an unbootable system or various other issues. Error messages would
not be visible during the upgrade, conflicts with packages from other
sources might be missed, many other things might end up with a system
that, even if it works, might behave rather differently than the system
you shut down before.

You only have to look at the number of "bricked" Winblows system
upgrades that have occurred in the past using this scheme. No,
unsupervised or unobserved updates are a bad idea IMHO. I never use "-y"
with dnf or pkcon or yum. I look at the proposed upgrades before I ever
approve them--and there are MANY times I've rerun the command with an
"--exclude=" so specific packages do NOT get upgraded.

You might disagree with much he did, but as Reagan said, "Trust, but
verify!"
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    [hidden email] -
- AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
-                                                                    -
-          When all else fails, try reading the instructions.        -
----------------------------------------------------------------------
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...

_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: Forcing updates install on shutdown

Louis Garcia
How well does dnf-automatic work? I often rebuild workstations through pxe and kickstart so a bad update is not an issue.

On Wed, Sep 19, 2018 at 2:36 PM fred roller <[hidden email]> wrote:
I whole hardheartedly agree with Rick on this point.  That being said, yes, put the script in the shutdown sequence.  Inject it either first or where ever makes the most since. It has been awhile since I messed with this but I think you need to research manipulation of the rc.local directory files.  Hope it helps, just a pointer for you to look into.

regards,
-- Fred

On Wed, Sep 19, 2018 at 10:39 AM Rick Stevens <[hidden email]> wrote:
On 9/19/18 10:24 AM, Louis Garcia wrote:
> Is there a way to have fedora workstation to update on shutdown? When a
> user logs off or shutdown there box I would like fedora to pkcon update
> -y or dnf upgrade -y. I thought about creating a systemd unit file to do
> this but would that conflict with offline update?

I'm sure you could do something like that, but I'm absolutely not in
favor of unsupervised updates. There are times where updates can result
in an unbootable system or various other issues. Error messages would
not be visible during the upgrade, conflicts with packages from other
sources might be missed, many other things might end up with a system
that, even if it works, might behave rather differently than the system
you shut down before.

You only have to look at the number of "bricked" Winblows system
upgrades that have occurred in the past using this scheme. No,
unsupervised or unobserved updates are a bad idea IMHO. I never use "-y"
with dnf or pkcon or yum. I look at the proposed upgrades before I ever
approve them--and there are MANY times I've rerun the command with an
"--exclude=" so specific packages do NOT get upgraded.

You might disagree with much he did, but as Reagan said, "Trust, but
verify!"
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    [hidden email] -
- AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
-                                                                    -
-          When all else fails, try reading the instructions.        -
----------------------------------------------------------------------
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...

_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: Forcing updates install on shutdown

Rick Stevens-3
On 9/19/18 3:42 PM, Louis Garcia wrote:
> How well does dnf-automatic work? I often rebuild workstations through
> pxe and kickstart so a bad update is not an issue.

As far as I know, dnf-automatic is a replacement for "dnf upgrade" that
is more suitable for use in a script.

95% of the time "dnf --refresh -y upgrade" won't cause issues, but it's
that 5% of the time where it DOES screw up that will drive you barking
mad. Microsoft has had some absolutely horrific problems doing this
"upgrade on shutdown" behind the scenes crud and THEY have utter control
of ALL the software being upgraded during the process. That's not
necessarily the case with any community-supported system with multiple
repositories such as Fedora.

I'm just saying that "here be dragons." Thou hast been warned and may
proceed at thy own risk! :-)

> On Wed, Sep 19, 2018 at 2:36 PM fred roller <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     I whole hardheartedly agree with Rick on this point.  That being
>     said, yes, put the script in the shutdown sequence.  Inject it
>     either first or where ever makes the most since. It has been awhile
>     since I messed with this but I think you need to research
>     manipulation of the rc.local directory files.  Hope it helps, just a
>     pointer for you to look into.
>
>     regards,
>     -- Fred
>
>     On Wed, Sep 19, 2018 at 10:39 AM Rick Stevens <[hidden email]
>     <mailto:[hidden email]>> wrote:
>
>         On 9/19/18 10:24 AM, Louis Garcia wrote:
>         > Is there a way to have fedora workstation to update on
>         shutdown? When a
>         > user logs off or shutdown there box I would like fedora to
>         pkcon update
>         > -y or dnf upgrade -y. I thought about creating a systemd unit
>         file to do
>         > this but would that conflict with offline update?
>
>         I'm sure you could do something like that, but I'm absolutely not in
>         favor of unsupervised updates. There are times where updates can
>         result
>         in an unbootable system or various other issues. Error messages
>         would
>         not be visible during the upgrade, conflicts with packages from
>         other
>         sources might be missed, many other things might end up with a
>         system
>         that, even if it works, might behave rather differently than the
>         system
>         you shut down before.
>
>         You only have to look at the number of "bricked" Winblows system
>         upgrades that have occurred in the past using this scheme. No,
>         unsupervised or unobserved updates are a bad idea IMHO. I never
>         use "-y"
>         with dnf or pkcon or yum. I look at the proposed upgrades before
>         I ever
>         approve them--and there are MANY times I've rerun the command
>         with an
>         "--exclude=" so specific packages do NOT get upgraded.
>
>         You might disagree with much he did, but as Reagan said, "Trust, but
>         verify!"
>        
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    [hidden email] -
- AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
-                                                                    -
-    If Windows isn't a virus, then it sure as hell is a carrier!    -
----------------------------------------------------------------------
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: Forcing updates install on shutdown

Louis Garcia
I handle hundreds of workstations, I am not about to manually update everyone. dnf-automatic the best choice right now.

On Wed, Sep 19, 2018 at 7:18 PM Rick Stevens <[hidden email]> wrote:
On 9/19/18 3:42 PM, Louis Garcia wrote:
> How well does dnf-automatic work? I often rebuild workstations through
> pxe and kickstart so a bad update is not an issue.

As far as I know, dnf-automatic is a replacement for "dnf upgrade" that
is more suitable for use in a script.

95% of the time "dnf --refresh -y upgrade" won't cause issues, but it's
that 5% of the time where it DOES screw up that will drive you barking
mad. Microsoft has had some absolutely horrific problems doing this
"upgrade on shutdown" behind the scenes crud and THEY have utter control
of ALL the software being upgraded during the process. That's not
necessarily the case with any community-supported system with multiple
repositories such as Fedora.

I'm just saying that "here be dragons." Thou hast been warned and may
proceed at thy own risk! :-)

> On Wed, Sep 19, 2018 at 2:36 PM fred roller <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     I whole hardheartedly agree with Rick on this point.  That being
>     said, yes, put the script in the shutdown sequence.  Inject it
>     either first or where ever makes the most since. It has been awhile
>     since I messed with this but I think you need to research
>     manipulation of the rc.local directory files.  Hope it helps, just a
>     pointer for you to look into.
>
>     regards,
>     -- Fred
>
>     On Wed, Sep 19, 2018 at 10:39 AM Rick Stevens <[hidden email]
>     <mailto:[hidden email]>> wrote:
>
>         On 9/19/18 10:24 AM, Louis Garcia wrote:
>         > Is there a way to have fedora workstation to update on
>         shutdown? When a
>         > user logs off or shutdown there box I would like fedora to
>         pkcon update
>         > -y or dnf upgrade -y. I thought about creating a systemd unit
>         file to do
>         > this but would that conflict with offline update?
>
>         I'm sure you could do something like that, but I'm absolutely not in
>         favor of unsupervised updates. There are times where updates can
>         result
>         in an unbootable system or various other issues. Error messages
>         would
>         not be visible during the upgrade, conflicts with packages from
>         other
>         sources might be missed, many other things might end up with a
>         system
>         that, even if it works, might behave rather differently than the
>         system
>         you shut down before.
>
>         You only have to look at the number of "bricked" Winblows system
>         upgrades that have occurred in the past using this scheme. No,
>         unsupervised or unobserved updates are a bad idea IMHO. I never
>         use "-y"
>         with dnf or pkcon or yum. I look at the proposed upgrades before
>         I ever
>         approve them--and there are MANY times I've rerun the command
>         with an
>         "--exclude=" so specific packages do NOT get upgraded.
>
>         You might disagree with much he did, but as Reagan said, "Trust, but
>         verify!"
>         
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    [hidden email] -
- AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
-                                                                    -
-    If Windows isn't a virus, then it sure as hell is a carrier!    -
----------------------------------------------------------------------
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...

_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: Forcing updates install on shutdown

Rick Stevens-3
On 9/19/18 4:45 PM, Louis Garcia wrote:
> I handle hundreds of workstations, I am not about to manually update
> everyone. dnf-automatic the best choice right now.

Go right ahead. I'm just warning you.

I managed 1500-3000 systems in multiple datacenters world wide and at
least that many additional VMs. Most were under Puppet or Ansible and
they were regularly audited so I generally knew what they had installed.

I'm just saying that I wouldn't permit automatic upgrades unless I'd
vetted those upgrades manually on test machines that represented the
targets involved. I even disabled automatic updates to things like
docker and kubernetes (which do their own updates outside of dnf/yum) so
they wouldn't break (and brother, were there ever been some MASSIVE
screwups there). Even with all those precautions, I was bitten. Hard.
Multiple times. Not fun. Not in the least.

Do what you wish, just be bloody careful about it. That's all I'm
saying.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    [hidden email] -
- AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
-                                                                    -
-      Cuteness can be overcome through sufficient bastardry         -
-                                         --Mark 'Kamikaze' Hughes   -
----------------------------------------------------------------------
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: Forcing updates install on shutdown

Louis Garcia
That is what I do. I have a local repo that I sync. Workstations only have the local repo enabled. After I'm satisfied the updates cause no pain I let the rest update. Now my users never bother to update so I end up going around when their are other issues
 and update as I go. I just wanted to know if there was an easier way. dnf-automatic looks small enough that I could modify for my purpose.

On Wed, Sep 19, 2018 at 8:10 PM Rick Stevens <[hidden email]> wrote:
On 9/19/18 4:45 PM, Louis Garcia wrote:
> I handle hundreds of workstations, I am not about to manually update
> everyone. dnf-automatic the best choice right now.

Go right ahead. I'm just warning you.

I managed 1500-3000 systems in multiple datacenters world wide and at
least that many additional VMs. Most were under Puppet or Ansible and
they were regularly audited so I generally knew what they had installed.

I'm just saying that I wouldn't permit automatic upgrades unless I'd
vetted those upgrades manually on test machines that represented the
targets involved. I even disabled automatic updates to things like
docker and kubernetes (which do their own updates outside of dnf/yum) so
they wouldn't break (and brother, were there ever been some MASSIVE
screwups there). Even with all those precautions, I was bitten. Hard.
Multiple times. Not fun. Not in the least.

Do what you wish, just be bloody careful about it. That's all I'm
saying.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    [hidden email] -
- AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
-                                                                    -
-      Cuteness can be overcome through sufficient bastardry         -
-                                         --Mark 'Kamikaze' Hughes   -
----------------------------------------------------------------------
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...

_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: Forcing updates install on shutdown

Ed Greshko
In reply to this post by Rick Stevens-3
On 9/20/18 8:09 AM, Rick Stevens wrote:
> Do what you wish, just be bloody careful about it. That's all I'm
> saying.

Just a FWIW.

It has been my experience that those responsible for 100s+ system mostly do their due
diligence when it comes to configuring automatic updates. 
And those that didn't,  don't last very long in their job.   :-)

The downside to being cautious is that after you retire you keep getting asked by
your wife: "I never see you use that (test) system.  Why  don't you just get rid
of it?".  :-)

--
Cardinal Rule of Presentations: "Tell them what you are going to tell them, tell
them, then tell them what you told them."


_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Forcing updates install on shutdown

Fedora mailing list
In reply to this post by Rick Stevens-3
On Wed, 2018-09-19 at 23:18 +0000, Rick Stevens wrote:
> 95% of the time "dnf --refresh -y upgrade" won't cause issues, but
> it's that 5% of the time where it DOES screw up that will drive you
> barking mad. Microsoft has had some absolutely horrific problems
> doing this "upgrade on shutdown" behind the scenes crud and THEY have
> utter control of ALL the software being upgraded during the process.
> That's not necessarily the case with any community-supported system
> with multiple repositories such as Fedora.

Even just the *very* basic side of things:

When I shutdown a computer, it's the end of me working on it, and I
want it to switch off and finish pronto.  Not spend the next random
number of minutes, or hours, still doing something while I'm waiting
for it.  Both Windows and Mac suffer from this update at shutdown and
bootup mess.

It also means that places that never shut down or reboot end up with
un-updated systems.  You want scheduled updates, or centrally triggered
updates, for them.  And that approach works well for systems where the
users do shutdown or reboot, as well.

_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: Forcing updates install on shutdown

Robert Moskowitz
In reply to this post by Louis Garcia


On 9/19/18 1:24 PM, Louis Garcia wrote:
> Is there a way to have fedora workstation to update on shutdown? When
> a user logs off or shutdown there box I would like fedora to pkcon
> update -y or dnf upgrade -y. I thought about creating a systemd unit
> file to do this but would that conflict with offline update?

Who ever shuts down?  :)

I only shutdown when I get a kernel or other critical update. Otherwise,
I suspend when I need to leave my system 'off'.

But each to their own usage pattern.

_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...