1

I'm trying to configure patch management with Spacewalk of all GNU/Linux machines in my organization, but I'm struggling a bit with the scheduling. Change Management has decided, that the dev/test environments should be patched every Tuesday at 5-7 in the morning, and production environments should be patched Thursday morning in the same time frame. Besides checking for, downloading and applying patches, I've added a script to reboot the server on kernel update, and a script to clean yum. I've placed those scripts in /etc/cron.weekly/ and configured anacrontab as such:

1       5       cron.daily              nice run-parts /etc/cron.daily
7       5       cron.weekly             nice run-parts /etc/cron.weekly

My problem is that everything gets executed every day, and I think the problem is caused by the configuration file for yum-cron /etc/yum-cron.conf. I've tried to find information about how to configure this file, and the setting DAYS_OF_WEEK / days_of_week is obviously where the magic happens. The man page isn't really of any help either. My question is, how the F*** do I set the day of week to tuesday (2) or thursday (4)??? I've tried different variations like:

DAYS_OF_WEEK=2
DAYS_OF_WEKK="2"
days_of_week = 2
days_of_week = "2"

And yet nothing seems to work the way I want it to. I have hunch that for CentOS 7 I have to use the lowercase days_of_week, and the uppercase for CentOS 6, but I'm not sure.

Any inputs or ideas will be appreciated, and thanks in advance!

Frisbee57
  • 27
  • 1
  • 3

2 Answers2

2

This may be distribution dependant but in RedHat the daily and hourly cronjobs for yum-conf only run if the yum-conf service is running.

in /etc/cron.dail/0yum-daily.cron

#!/bin/bash

# Only run if this flag is set. The flag is created by the yum-cron init
# script when the service is started -- this allows one to use chkconfig and
# the standard "service stop|start" commands to enable or disable yum-cron.
if [[ ! -f /var/lock/subsys/yum-cron ]]; then
  exit 0
fi

# Action!
exec /usr/sbin/yum-cron

So just disable the service abd configure a standard cronjob as you require.

JamesP
  • 121
  • 3
2

Apparently yum-cron 3.4 in EL 7 removed /etc/sysconfig/yum-cron including the DAYS_OF_WEEK feature. I do not see something equivalent in /usr/sbin/yum-cron.

Customize the config file (/etc/yum/yum-cron.conf) to your liking. At minimum, the default random_sleep is longer than your 2 hour window.

Write and schedule your own script.

#!/bin/sh
# /usr/local/bin/updateandreboot
# Wrapper for update and reboot
# TODO does not respect /var/lock/subsys/yum-cron
/usr/sbin/yum-cron /etc/yum/yum-cron.conf && \
  /usr/bin/needs-restarting -r || \
  /usr/sbin/shutdown -r now "Restarting for scheduled software update"

As I am not aware of a day of the week schedule in anacron, schedule it in cron.

# /etc/cron.d/autoupdate
# 05:01 on Tuesday
1 5 * * 2 root /usr/local/bin/updateandreboot

Also schedule a yum clean packages when desired.

Remove yum-cron's default daily and weekly schedules. rm /etc/cron*/*yum*cron will do it, but these will come back when yum-cron package is updated.

John Mahowald
  • 30,009
  • 1
  • 17
  • 32
  • Would adding the `if [[ ! -f /var/lock/subsys/yum-cron ]]` in @JamesP 's answer resolve the TODO? – duct_tape_coder Mar 14 '22 at 19:56
  • Also, any particular reason not to just modify `/etc/cron.hourly/0yum-hourly.cron` with `&& \ /usr/bin/needs-restarting -r || \ /usr/sbin/shutdown -r 04:00 "Restarting for scheduled software update"` ? (assuming I want daily restart at 0400) – duct_tape_coder Mar 14 '22 at 20:27
  • 1
    This question was about running on a specific day of the week, keeping it in hourly is not that. Also, I don't like partially editing files when I can drop in other files, easier to automate. Feel free to customize if desired. – John Mahowald Mar 15 '22 at 13:26