On Mon, September 29, 2014 1:19 pm, Les Mikesell wrote:
On Mon, Sep 29, 2014 at 12:59 PM, Chris Beattie cbeattie@geninfo.com wrote:
I have a mix of CentOS 5, 6, and now 7 servers at work. There are enough of them now that it is starting to make sense for them to get updates from an internal source.
I've seen RHN Satellite in years past. It looks like it may be a way to allow Windows admins here (familiar with WSUS) to update Linux boxes. A local repo might be easier to set up, but (as with Spacewalk) it seems like we'd end up with a lot of packages we don't need. A proxy and a sufficiently-large cache might do the trick if the first Linux box to get updates populates the cache which the files the others will need, but I haven't looked into this enough to see if there's even a way that works.
How do you all keep a dozen or more Linux boxes updated?
I don't think there is a way to do it that doesn't take more human effort than it is worth unless you have limited internet access. It is basically designed not to work. A simple squid proxy with the file size bumped up will work with no extra attention (and be useful for all your internet accesses), but the first dozen or so runs are probably going to pick different mirror URLs instead of reusing the copy you have already cached. You can change the repo mirrorlist entry to a fixed system - but then your updates will break if it is down. Or you can mirror a bunch of stuff you'll never need into your own repo. Or set up some special-case thing that only works for Centos - or maybe even just one version of Centos.
I guess my feeling will not hurt if I add my reply *here* ;-)
We keep local mirror, which I'm pointing my CentOS boxes to. When I know some update is critical I kick the script that walks through all boxes and installs all updates accumulated by that time (yum clean all; yum -y update). In the past when I had awfully important servers under CentOS (they are FreeBSD now), I was testing updates on a separate box first to see if they will or will not break anything, and find the way to not have production stuff broken before actually install updates. I kick my script into action to the contrary to having daily, hourly or weekly cron job as I have system integrity verification system which will give me a kick every time anything changes without a reason. This makes cron job prohibitive for me (and requires me to incorporate that integrity stuff into update script, - which is beyond the scope here).
Valeri
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++