On Thu, Feb 16, 2017 at 4:22 PM, Ken Dreyer <[email protected]> wrote:
> On Tue, Feb 14, 2017 at 7:39 AM, Aaron Weitekamp <[email protected]> > wrote: > > On Mon, Feb 13, 2017 at 6:32 PM, Ken Dreyer <[email protected]> wrote: > >> > >> When I have an Atomic Registry running in production, what is the best > >> way to keep the whole thing up-to-date for security fixes? > >> > >> For example, I can use yum-cron to automatically download and install > >> RPM updates on a traditional system. > >> > >> Should I do the following: > >> > >> docker pull openshift/origin-docker-registry > >> docker pull openshift/origin > >> docker pull cockpit/kubernetes > >> > >> ... and then restart the systemd services if any of those has an update? > >> > > Yes, that's fine for minor updates. For major upgrades you'll need to run > > some migration commands[1]. Note: This isn't well-documented or tested > > outside of OpenShift. A better supported upstream deployment is found > > here[2]. > > > > [1] > > https://docs.openshift.org/latest/install_config/ > upgrading/manual_upgrades.html#updating-policy-definitions > > [2] > > https://docs.openshift.org/latest/install_config/install/ > stand_alone_registry.html > > Cool, thanks Aaron! > > I've written a script to do the pulls+restarts. > https://github.com/ktdreyer/watch-systemd-containers > > Can you help me understand more about what you mean by "better supported"? > By "better supported" I mean there are *a lot* more developers and users and test automation around the openshift deployment. It's all the same core tech but install/upgrade matters long term. > - Ken >
