Hi - we both think I should have added an intro here. :))

Disk space:

You should, as a policy, keep 20% of your vg00 capacity dedicated to snapshots.

 

1. 

yum plugins:

  • post transaction actions - used to create a flagfile if a reboot is needed, this can be used for a later automatic reboot
  • lvm snapshots - used to create a backup of core OS files, see below

misc other plugins

  • yum-utils
  • yum-downloadonly
  • yum-plugin-security (only effective on rhel / oracle el, centos doesn't tag security updates)
  • centos-release-cr (only for centos to get patches faster if centos team is overloaded)
  • yum-plugin-keys
  • yum-plugin-rpm-warm-cache
  • yum-plugin-fs-snapshot
  • yum-plugin-post-transaction-actions

 

I'm no longer using yum-plugin-priorities since it has shown a lot of problems. made me go crazy.

 

 

Tell yum to not keep limitless accounts of old kernels around.

/etc/yum.conf
installonly_limit=3

 

 

2. etckeeper

Such a good thing to have around

 

3. cron

Cronjobs handle (birds eye view)

  • updates
  • deletion of old LVM snapshots
  • reboots

 

The following cron jobs are in place. They are, for making the demo quicker, spread over a day only. Adjust to week/month as needed.

Cron jobs
### lvm-remove-yum-snapshots ###
0 20 * * * root /sbin/lvm lvremove -f /dev/vg*/*_yum_2* 2>/dev/null
### yum-full-update ###
0 6 * * * root sed -i 's/enabled = 0/enabled = 1/' /etc/yum/pluginconf.d/fs-snapshot.conf && ionice -c3 nice -n19 /usr/bin/yum -y -R 10 -e 0 -d 0 update
### yum-sec-update ###
0 4 * * * root sed -i 's/enabled = 0/enabled = 1/' /etc/yum/pluginconf.d/fs-snapshot.conf && ionice -c3 nice -n19 /usr/bin/yum -y -R 10 -e 0 -d 0 update-minimal --security
### yum-self-update ###
0 1 * * * root /usr/bin/yum -y -d 0 -e 0 update yum

Rudder will automatically turn the snapshots back off, so they're not enabled for normal package installs.

 

4. configuration

  • prepare a script to update the list of non-OS filesystems (to not snapshot them)
  • set up automatic snapshots config 
  • set up etckeeper config w/ git or hg
  • set up etckeeper git remotes if needed (Don't use your public github)

 

This small script produces the list of filesystem expections for the yum snapshot plugin

#!/bin/sh
df -PTlk -x smbfs -x tmpfs -x cifs -x iso9660 -x udf -x nfsv4 -x nfs -x mvfs | tail -n +2 | awk '{print $7}' | egrep -vw  '(/$|/var$|/usr$)'  | tr '\n' ' '

 

That list is used in the exclude bit below. And as you can see: by default, the plugin is disabled.

[~]# cat /etc/yum/pluginconf.d/fs-snapshot.conf 
[main]
enabled = 0
exclude = /boot /home /opt /usr/local /var/cache /var/lib/mysql /var/log
[lvm]
enabled = 1
# 'lvcreate_size_args' option must specify the snapshot LV size using -L or -l
lvcreate_size_args = -L 400M

 

Set up a config for the post transaction plugin so it'll touch aflagfile when you still need to reboot.

 

[ ~]# cat /etc/yum/pluginconf.d/post-transaction-actions.conf
[main]
enabled = 1
actiondir = /etc/yum/post-actions/

 

On reboot, it should be deleted. Didn't get to testing this - yet

 

cron jobs

  • fetch patches
  • self-upgrade yum
  • update security fixes (works on RHEL w/ subscription, Oracle w/free, does NOT work on CentOS)
  • update minimal
  • update full
  • toggle snapshot module on / off
  • monitor reboot hook
  • reboot
  • deletion of snapshots