Hi - we both think I should have added an intro here. :))
You should, as a policy, keep 20% of your vg00 capacity dedicated to snapshots.
- post transaction actions - used to create a flagfile if a reboot is needed, this can be used for a later automatic reboot
- lvm snapshots - used to create a backup of core OS files, see below
misc other plugins
- yum-plugin-security (only effective on rhel / oracle el, centos doesn't tag security updates)
- centos-release-cr (only for centos to get patches faster if centos team is overloaded)
I'm no longer using yum-plugin-priorities since it has shown a lot of problems. made me go crazy.
Tell yum to not keep limitless accounts of old kernels around.
Such a good thing to have around
Cronjobs handle (birds eye view)
- deletion of old LVM snapshots
The following cron jobs are in place. They are, for making the demo quicker, spread over a day only. Adjust to week/month as needed.
Rudder will automatically turn the snapshots back off, so they're not enabled for normal package installs.
- prepare a script to update the list of non-OS filesystems (to not snapshot them)
- set up automatic snapshots config
- set up etckeeper config w/ git or hg
- set up etckeeper git remotes if needed (Don't use your public github)
This small script produces the list of filesystem expections for the yum snapshot plugin
That list is used in the exclude bit below. And as you can see: by default, the plugin is disabled.
Set up a config for the post transaction plugin so it'll touch aflagfile when you still need to reboot.
On reboot, it should be deleted. Didn't get to testing this - yet
- fetch patches
- self-upgrade yum
- update security fixes (works on RHEL w/ subscription, Oracle w/free, does NOT work on CentOS)
- update minimal
- update full
- toggle snapshot module on / off
- monitor reboot hook
- deletion of snapshots