[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [atomic] keeping Atomic Registry up-to-date for security?
- From: Ken Dreyer <kdreyer redhat com>
- To: Aaron Weitekamp <aweiteka redhat com>
- Cc: atomic projectatomic io
- Subject: Re: [atomic] keeping Atomic Registry up-to-date for security?
- Date: Thu, 16 Feb 2017 14:22:09 -0700
On Tue, Feb 14, 2017 at 7:39 AM, Aaron Weitekamp <aweiteka redhat com> wrote:
> On Mon, Feb 13, 2017 at 6:32 PM, Ken Dreyer <kdreyer redhat com> wrote:
>>
>> When I have an Atomic Registry running in production, what is the best
>> way to keep the whole thing up-to-date for security fixes?
>>
>> For example, I can use yum-cron to automatically download and install
>> RPM updates on a traditional system.
>>
>> Should I do the following:
>>
>> docker pull openshift/origin-docker-registry
>> docker pull openshift/origin
>> docker pull cockpit/kubernetes
>>
>> ... and then restart the systemd services if any of those has an update?
>>
> Yes, that's fine for minor updates. For major upgrades you'll need to run
> some migration commands[1]. Note: This isn't well-documented or tested
> outside of OpenShift. A better supported upstream deployment is found
> here[2].
>
> [1]
> https://docs.openshift.org/latest/install_config/upgrading/manual_upgrades.html#updating-policy-definitions
> [2]
> https://docs.openshift.org/latest/install_config/install/stand_alone_registry.html
Cool, thanks Aaron!
I've written a script to do the pulls+restarts.
https://github.com/ktdreyer/watch-systemd-containers
Can you help me understand more about what you mean by "better supported"?
- Ken
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]