[BlueOnyx:21763] Re: Yum update?

[Michael Stauber]

Hi Colin,

> I then have to go into Third Party Software on each VPS and 
> install the update manually, even though autoupdate is
> selected as per Greg's instruction.

You could turn on debugging in the Swatch component that handles this:
/usr/sausalito/swatch/bin/am_updates.pl

It'll then log to /var/log/messages and make it quite visible what
happens when and which decisions the component made at which points.

All in all it's a somewhat complex task. It operates on the list of
"Available Updates". The AM component doesn't refresh the list of
"Available Updates" on its own every Swatch run. Instead it relies on
the "Query Schedule" configured under "Software Updates" / "Settings",
which defaults to daily. If that is set to another query schedule or
turned off entirely, then this component will never fire on its own.

Next the AM component "Software Updates" needs to be enabled under
"Active Monitor" / "Settings".

So say everything is enabled. In that case during the next "Swatch" run
(they happen every 15 minutes) this component might notice: "NewLinQ has
updates to PKGs that are already installed on your server." It will now
send an email about it to you that tells you so.

It will also grab one item off the list of PKGs that have auto-updates
enabled and will install it. We only do one install per Swatch run,
because we don't want Swatch to be too single-mindedly handle installs
while it also should handle it's primary task of making sure all
services run. As multiple installs one after the other could take longer
than 15 minutes it would also interfere with the next scheduled Swatch
run, so we better do one at a time only.

Additionally: Swatch will only perform updates of PKGs if YUM isn't
running at the same time or some manual install of RPMs is happening.
For that we monitor the lock state of the RPM database. If the RPM
database is busy, then we skip the install and give it another look
during the next Swatch run.

Say there are multiple PKGs that have auto-updates enabled *and* have
actual updates available. In that case it will take several Swatch runs
until they are all updated on by one.

Can this break? Yes, it can. Say there is a PKG that errors out during
install. Like the PKG file has a dependency problem or is corrupt. In
that case the AM component will then be stuck trying to reinstall this
same component during every subsequent Swatch run until it eventually
completes. If the NewLinQ PKG is queued behind this broken PKG, then it
won't get installed until the "stuck" item either gets auto-updates
disabled or eventually gets replaced with a PKG on NL that doesn't error
out during installs.

My recommendation: Don't go overboard with auto-updates for PKGs. The
PKGs that can easily handle auto-updates are NewLinQ, "WebApp
Installer", WebApps such as "roundcube" and on 5209R (and only there)
also the PHP updates. I wouldn't turn on auto-update of PKGs for every
item for two reasons: Some things are best updated with supervision
(think AV-SPAM, APF, MySQL/MariaDB or PHP on anything but 5209R),
because there is the chance of a service interruption. And additionally:
As the update is performed sequentially in 15 minute steps it can take
quite some time until all updates are in and during that time Swatch
will be somewhat neglectful about its primary task of monitoring services.

-- 
With best regards

Michael Stauber