On Tue, Feb 14, 2017 at 7:39 AM, Aaron Weitekamp <aweiteka redhat com> wrote:
> On Mon, Feb 13, 2017 at 6:32 PM, Ken Dreyer <kdreyer redhat com> wrote:
>>
>> When I have an Atomic Registry running in production, what is the best
>> way to keep the whole thing up-to-date for security fixes?
>>
>> For example, I can use yum-cron to automatically download and install
>> RPM updates on a traditional system.
>>
>> Should I do the following:
>>
>> docker pull openshift/origin-docker-registry Cool, thanks Aaron!
>> docker pull openshift/origin
>> docker pull cockpit/kubernetes
>>
>> ... and then restart the systemd services if any of those has an update?
>>
> Yes, that's fine for minor updates. For major upgrades you'll need to run
> some migration commands[1]. Note: This isn't well-documented or tested
> outside of OpenShift. A better supported upstream deployment is found
> here[2].
>
> [1]
> https://docs.openshift.org/latest/install_config/ upgrading/manual_upgrades. html#updating-policy- definitions
> [2]
> https://docs.openshift.org/latest/install_config/install/ stand_alone_registry.html
I've written a script to do the pulls+restarts.
https://github.com/ktdreyer/watch-systemd-containers
Can you help me understand more about what you mean by "better supported"?
- Ken