[CentOS] Spacewalk? Local repo? Cache?

Mon Sep 29 20:53:57 UTC 2014
Peter Brady <subscriptions at simonplace.net>

On 30/09/2014 3:59 am, Chris Beattie wrote:
> I have a mix of CentOS 5, 6, and now 7 servers at work.  There are enough of them now that it is starting to make sense for them to get updates from an internal source.
> 
> I've seen RHN Satellite in years past.  It looks like it may be a way to allow Windows admins here (familiar with WSUS) to update Linux boxes.  A local repo might be easier to set up, but (as with Spacewalk) it seems like we'd end up with a lot of packages we don't need.  A proxy and a sufficiently-large cache might do the trick if the first Linux box to get updates populates the cache which the files the others will need, but I haven't looked into this enough to see if there's even a way that works.
> 
> How do you all keep a dozen or more Linux boxes updated?

Hi Chris,

Either a local mirror or spacewalk will do what you want.  I find at my
site with relatively little but expensive bandwidth, the cost of disks
is much less compared to download time.  Hence, I initially just
mirrored over rsync and now rsync the changes every day or more
frequently as required.  At that stage my local machines pointed to the
local mirror over my LAN.

FWIW my current disk usage is about 0.7TB and I'm mirroring:

-) centos
-) cygwin
-) dell
-) epel
-) rpmforge
-) spacewalk

After that, I then moved to spacewalk to manage the 30 or so CentOS
machines currently in production.  The effort to set up and maintain was
not that great and the GUI front end is great for snapshots of the
current state of my machines.  Nice reporting tool for management.

Currently I'm also moving into the OpenSCAP interface of SpaceWalk to
provide the compliance reports that my company is starting to require.
We do non-military civil engineering type work for government and its
surprising the trickle down security and audit requirements being pushed
down.  I know that this can all be scripted but with a little set up its
surprisingly easy via the GUI.

Another big plus for me is that I love the local mirror that also makes
spacewalk simpler.  We do a bit of R&D so find when testing new servers
a kickstart off the local http mirror is really quick.  Initial
application deployment on the kickstarts come directly off http - as
previously mentioned if you run a local squid instance here this can be
even faster.  Next, the first step in my %POST of the kickstart is a
couple of lines to disable the native repos and connect to SpaceWalk.
From there all packages are deployed off SpaceWalk but still its over
http so squid may still speed things up.

The big move to make SpaceWalk viable for me though, was a few years ago
when it fully supported PostgreSQL over Oracle.  I didn't have an Oracle
license and the free version maxed out with three centos channels
covering both x86_64 and i386 architectures.

Finally, as a number of my developers are and want to continue to use
Ubuntu/Debian, now that SpaceWalk supports debian packages, I'm looking
at starting to mirror those channels and publish via SpaceWalk as well
for auditing purposes.  My devs have a lot of freedom on their own
platforms, so if I can at least have an overview of their status that
helps me.

I also mirror EPEL.  And publish it via SpaceWalk for all the same reasons.

Hope that helps,
-pete

-- 
Peter Brady
Email: pdbrady at ans.com.au
Skype: pbrady77

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20140930/9d7c628b/attachment-0005.sig>