Re: [atomic] keeping Atomic Registry up-to-date for security?

[Aaron Weitekamp <aweiteka redhat com>]

On Mon, Feb 13, 2017 at 6:32 PM, Ken Dreyer <kdreyer redhat com> wrote:

When I have an Atomic Registry running in production, what is the best
way to keep the whole thing up-to-date for security fixes?

For example, I can use yum-cron to automatically download and install
RPM updates on a traditional system.

Should I do the following:

  docker pull openshift/origin-docker-registry
  docker pull openshift/origin
  docker pull cockpit/kubernetes

... and then restart the systemd services if any of those has an update?

​Yes, that's fine for minor updates. For major upgrades you'll need to run some migration commands[1]. Note: This isn't well-documented or tested outside of OpenShift. A better supported upstream deployment is found here[2].

[1] https://docs.openshift.org/latest/install_config/upgrading/manual_upgrades.html#updating-policy-definitions
[2] https://docs.openshift.org/latest/install_config/install/stand_alone_registry.html

​

 

- Ken