With so many of these changes it would be great to schedule things in the future to just happen.
Especially commits to firewall rules, restart of VPN links, or firmware upgrades. These don’t need to be cronjobs because they don’t re-occur, they just need that “run once” type of setup, and they need to occur when the humans using the links don’t need them at that exact moment.
More frequently I am seeing an auto-update feature in some routers which upgrades the routers to the next revision, this is also a good use of the “at” jobs. The enterprise routers which do this alert your web interface that they’re scheduling the job as you login - so there are no surprises, you won’t get a scheduled new update unless you logged into the web interface to check something.
Rollbacks are of course something to handle too, but it’s par for this course.
So, you're requesting that you configure major changes - but schedule them to be applied arbitrarily sometime in the future?
Can you provide an example?
Enterprises I've experienced handling such changes to routers or firewalls generally schedule to manually perform them at known days/times, announced to anyone who may possibly be affected (which the hardware doesn't know - maybe with AI ).
Hard to understand - do you want cron to become anacron or you really want to type in every at job needed? I like typing at 2am reboot butt that somehow does not scale to more than 2-3 tasks. In anacron it would be last weekend of each month check update and then update next nighr
I do really want to schedule one job to run at a specific time in the future. The admin needs to know about it, so it doesn’t get scheduled until the admin is “alerted” that it could be scheduled (for right now or for sometime in the future). This is decidedly not a cronjob because of this check. However, performing the “Is there an update to be deployed?” could be a check, that I see as an implementation detail though.
Yes, I am assuming that the admin knows what they’re doing and has properly tested the update in some other system for these major kind of changes. OR because of the alert is on-hand to manage things if there are problems.
The point is getting systems to be more pro-active about security updates, because updates and upgrades should be something regularly done - the farther apart someone waits to do updates / upgrades then the harder they become.
My focus is on the scheduled one-time task that applies to firewalls, NAT, reboots, and more. The at job is just a workflow tool, and using it appropriately to schedule things automatically for the admin makes life a bit easier. There are certainly other tasks which could be scheduled which are lower impact I’ve just picked a few here for discussion that I see implemented in other prosumer level solutions.
).