[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [atomic] keeping Atomic Registry up-to-date for security?



On Thu, Feb 16, 2017 at 4:22 PM, Ken Dreyer <kdreyer redhat com> wrote:
On Tue, Feb 14, 2017 at 7:39 AM, Aaron Weitekamp <aweiteka redhat com> wrote:
> On Mon, Feb 13, 2017 at 6:32 PM, Ken Dreyer <kdreyer redhat com> wrote:
>>
>> When I have an Atomic Registry running in production, what is the best
>> way to keep the whole thing up-to-date for security fixes?
>>
>> For example, I can use yum-cron to automatically download and install
>> RPM updates on a traditional system.
>>
>> Should I do the following:
>>
>>   docker pull openshift/origin-docker-registry
>>   docker pull openshift/origin
>>   docker pull cockpit/kubernetes
>>
>> ... and then restart the systemd services if any of those has an update?
>>
> Yes, that's fine for minor updates. For major upgrades you'll need to run
> some migration commands[1]. Note: This isn't well-documented or tested
> outside of OpenShift. A better supported upstream deployment is found
> here[2].
>
> [1]
> https://docs.openshift.org/latest/install_config/upgrading/manual_upgrades.html#updating-policy-definitions
> [2]
> https://docs.openshift.org/latest/install_config/install/stand_alone_registry.html

Cool, thanks Aaron!

I've written a script to do the pulls+restarts.
https://github.com/ktdreyer/watch-systemd-containers

Can you help me understand more about what you mean by "better supported"?
​By "better supported" I mean there are *a lot* more developers and users and test automation around the openshift deployment.​
 
​It's all the same core tech but install/upgrade matters long term.​



- Ken


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]