I'm still trying to get an idea about how best to handle patches on CentOS.
Say I want to apply security patches automatically on a nightly basis. But when the push from 4.2 to 4.3 comes around, I want to defer that for when I can do it manually.
Is that possible? (Preferably with yum, but I would use up2date if that were necessary.)
Also, I'm used to doing 'yum update'. I understand that 'yum upgrade' enables the obsoletion logic in yum, but practically speaking, when is it appropriate to use one or the other?
Thanks, Steve
All of the 4.x line will update seamlessly with yum. There really is no effective difference between 4.1 or 4.2 except that an ISO image was made at the point where "4.2" was released. So, any/all of the 4.x line can be updated seamlessly to the latest release with yum without any special options.
I don't know about `yum upgrade`, I've never done that.
-Ben
On Sunday 29 January 2006 21:13, Steve Bergman wrote:
I'm still trying to get an idea about how best to handle patches on CentOS.
Say I want to apply security patches automatically on a nightly basis. But when the push from 4.2 to 4.3 comes around, I want to defer that for when I can do it manually.
Is that possible? (Preferably with yum, but I would use up2date if that were necessary.)
Also, I'm used to doing 'yum update'. I understand that 'yum upgrade' enables the obsoletion logic in yum, but practically speaking, when is it appropriate to use one or the other?
Thanks, Steve
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Steve Bergman wrote:
I'm still trying to get an idea about how best to handle patches on CentOS.
Say I want to apply security patches automatically on a nightly basis. But when the push from 4.2 to 4.3 comes around, I want to defer that for when I can do it manually.
you might want to take a look at this : http://www.centos.org/modules/smartfaq/faq.php?faqid=34
it explains what the 4.x ( and 3.x and 2.x ) Versions are.
Essentially you are running CentOS-4, the Point release number only indicates how updated your machine is.
Also, I'm used to doing 'yum update'. I understand that 'yum upgrade' enables the obsoletion logic in yum, but practically speaking, when is it appropriate to use one or the other?
you should not ever need to run 'yum upgrade' on centos. Migration via yum from CentOS2 to CentOS3 to CentOS4 are not supported and actively discouraged.
On Sun, 29 Jan 2006, Steve Bergman wrote:
Say I want to apply security patches automatically on a nightly basis. But when the push from 4.2 to 4.3 comes around, I want to defer that for when I can do it manually.
Is that possible? (Preferably with yum, but I would use up2date if that were necessary.)
It is if you maintain an internal repository (which if you have a lot of machines is a good idea anyway). You mirror the centos update tree into one repository and copy them into your internal 'production ready' tree when you are ready. This allows you to set your boxes for automatic updates, but manage the volume of updates applied. With a little thought on the repo setups, you could even have separate repos for different machines or types of machines (yum follows symlinks just fine).
------------------------------------------------------------------------ Jim Wildman, CISSP, RHCE jim@rossberry.com http://www.rossberry.com "Society in every state is a blessing, but Government, even in its best state, is a necessary evil; in its worst state, an intolerable one." Thomas Paine
On Mon, 2006-01-30 at 05:33 -0500, Jim Wildman wrote:
On Sun, 29 Jan 2006, Steve Bergman wrote:
Say I want to apply security patches automatically on a nightly basis. But when the push from 4.2 to 4.3 comes around, I want to defer that for when I can do it manually.
Is that possible? (Preferably with yum, but I would use up2date if that were necessary.)
It is if you maintain an internal repository (which if you have a lot of machines is a good idea anyway).
Exactly :)
You mirror the centos update tree into one repository and copy them into your internal 'production ready' tree when you are ready. This allows you to set your boxes for automatic updates, but manage the volume of updates applied. With a little thought on the repo setups, you could even have separate repos for different machines or types of machines (yum follows symlinks just fine).
If you want to control what updates get applied and do it automatically, create a local yum repo for your machines and only put stuff you have tested in there.
You can have a desktop and server repo, or any number of other things :) ----------------------------------------- Everyone else's comments concerning the point releases (or update sets) is true as well ... and the FAQ in Karanbir's post explains what that is about, as does this slide by IBM:
http://avi.alkalay.net/linux/docs/distributions/img16.html
(CentOS-4.3 is EL4 update 3 ... CentOS-3.6 is EL3 update 6)
If one has the upstream EL3 update 2 installed and then runs up2date ... RHN updates them to all the latest updates. This would be exactly the same thing that happens for CentOS when running yum.
My original understanding was that only security patches get issued between quarterly releases. But that then the distro gets updated with bug fixes 2 to 4 times per year.
I may be getting this all wrong, but I get the impression that there are 3-4 month periods of quiescence punctuated by short periods (or a day?) of significantly more intensive patching.
Is that correct?
Thanks, Steve
On Mon, 2006-01-30 at 20:56 -0600, Steve Bergman wrote:
My original understanding was that only security patches get issued between quarterly releases. But that then the distro gets updated with bug fixes 2 to 4 times per year.
I may be getting this all wrong, but I get the impression that there are 3-4 month periods of quiescence punctuated by short periods (or a day?) of significantly more intensive patching.
Is that correct?
That is generally correct ... the upstream provider generally releases security patches between the update set releases. They generally release bugfix and enhancement updates during an update set (or as we call it a point release).
They also generally release an update set at 3-4 month intervals.
The update sets contain both security, bufix, and enchantment updates though ... and normally many of the new enhancement and bugfix updates are required as dependencies for the security updates.
All of these things are general though ... to see exactly what updates were released and when, look here (for the upstream EL4 product):
You can see every update and the date it was released ... you can also see the update set dates of:
Release = 2005-02-14
update1 = 2005-06-09
update2 = 2005-10-05
(this is about 4 months between release sets)
You can also see that there were:
27 day zero updates on 02-15-2005, 3 bugfix updates between release update1, 3 security updates as part of update1, 0 bugfix updates between update1 and update2, 11 security updates as part of update2, 5 bugfix/enhancement updates between update2 and now.
We at CentOS release the updates that are released upstream ... when they are released upstream ... we do so regardless of whether they are bugfix or security or enhancement updates ... because, they were released when they were for a reason :)
Some other rebuild distros ONLY release security updates between update sets ... others release hardly any updates at all. We personally think the the upstream provider is the absolute best enterprise distro in the world, and that they are smart enough to release the updates that they want when they want them released, therefore, we release the same packages too.
On Mon, 2006-01-30 at 21:22 -0600, Johnny Hughes wrote:
On Mon, 2006-01-30 at 20:56 -0600, Steve Bergman wrote:
My original understanding was that only security patches get issued between quarterly releases. But that then the distro gets updated with bug fixes 2 to 4 times per year.
I may be getting this all wrong, but I get the impression that there are 3-4 month periods of quiescence punctuated by short periods (or a day?) of significantly more intensive patching.
Is that correct?
That is generally correct ... the upstream provider generally releases security patches between the update set releases. They generally release bugfix and enhancement updates during an update set (or as we call it a point release).
They also generally release an update set at 3-4 month intervals.
The update sets contain both security, bufix, and enchantment updates though ... and normally many of the new enhancement and bugfix updates are required as dependencies for the security updates.
All of these things are general though ... to see exactly what updates were released and when, look here (for the upstream EL4 product):
OK ... I don't know what happened as I pasted a link in here .. here it is again:
https://rhn.redhat.com/errata/rhel4as-errata.html
You can see every update and the date it was released ... you can also see the update set dates of:
Release = 2005-02-14
update1 = 2005-06-09
update2 = 2005-10-05
(this is about 4 months between release sets)
You can also see that there were:
27 day zero updates on 02-15-2005, 3 bugfix updates between release update1, 3 security updates as part of update1, 0 bugfix updates between update1 and update2, 11 security updates as part of update2, 5 bugfix/enhancement updates between update2 and now.
We at CentOS release the updates that are released upstream ... when they are released upstream ... we do so regardless of whether they are bugfix or security or enhancement updates ... because, they were released when they were for a reason :)
Some other rebuild distros ONLY release security updates between update sets ... others release hardly any updates at all. We personally think the the upstream provider is the absolute best enterprise distro in the world, and that they are smart enough to release the updates that they want when they want them released, therefore, we release the same packages too. _______________________________________________