On Mon, 5 Sep 2005 at 1:06pm, Bryan J. Smith wrote

...

I think the biggest gripe about YUM is the lack of a standard GUI, and YumEx has had compatibility issues in the past with newer YUM versions. SmartPM focuses on solving cross-repository issues and comes with a GUI as standard.

All-in-all, use the tool that is supported by the distro. That is YUM. No, there is no GUI for it that is supported officially, hence some of the complaints. But I'm keeping my eye on SmartPM for the future.

I have yet to see any advantage to a GUI package manager. But, then again, that's just me.

Copy that. Altough, I must say, that Linux-On-The-Desktop-Users _need_ some GUI, usually...

Best, Oliver

On Mon, 2005-09-05 at 21:38 +0200, Dag Wieers wrote:

On Mon, 5 Sep 2005, Joshua Baker-LePain wrote:

...

On Mon, 5 Sep 2005 at 1:06pm, Bryan J. Smith wrote

...

All-in-all, use the tool that is supported by the distro. That is YUM. No, there is no GUI for it that is supported officially, hence some of the complaints. But I'm keeping my eye on SmartPM for the future.

I have yet to see any advantage to a GUI package manager. But, then again, that's just me.

Smart is not a GUI per se. It is a command line tool and people are working on a curses-based front-end. A KDE panel applet exists as well.

There are benefits to having an integrated command line tool and GUI from a maintenance perspective. Most of the code can be reused.

I would love to have RHN support and finally get rid of up2date :)

The biggest disadvantage for both Yum and Smart is that both require a recent version of python. Which is a no-go for older distributions.

very true

BTW The developer previously was in charge of apt-rpm and worked on synaptic too. Smart is available for most of the popular distributions.

Smart looks nice and is moving along OK, and having a GUI is good. Smart can use repomd (Repo MetaData) used by yum and the metadata used by apt. It also has a couple features that I like ... one of them is signing a priority to a repo (ie, you can make packages in the base repo have a higher score than a add-on repo. This would only update absolute requirements from the add-on repo.)

yum is also making progress with a sqlite backend. This speeds up yum. A new createrepo (creates the repomd data for yum) also now caches the md5sums for packages, so it runs faster too.

I personally use yum ... though I have one test machine that is using smart. Even when I use smart, I use the CLI and not the GUI.

CentOS-4.2 will have an upgrade to yum 2.4.x and createrepo-0.4.3, which requires a couple packages to be added to the distribution. The new pacakges will be:

createrepo-0.4.3-1.noarch.rpm (upgrade from 0.4.2) python-elementtree-1.2.6-4.i386.rpm python-sqlite-1.1.6-1.i386.rpm python-urlgrabber-2.9.6-2.noarch.rpm sqlite-3.2.2-1.i386.rpm sqlite-devel-3.2.2-1.i386.rpm yum-2.4.0-1.centos4.noarch.rpm (upgrade from 2.2.1)

One very good thing for CentOS is that Seth Vidal is one of the CentOS Developers, so we will have extended yum support for the duration :)

On Mon, 2005-09-05 at 14:11 -0400, Joshua Baker-LePain wrote:

...

I think the biggest gripe about YUM is the lack of a standard GUI, and YumEx has had compatibility issues in the past with newer YUM versions. SmartPM focuses on solving cross-repository issues and comes with a GUI as standard.

All-in-all, use the tool that is supported by the distro. That is YUM. No, there is no GUI for it that is supported officially, hence some of the complaints. But I'm keeping my eye on SmartPM for the future.

I have yet to see any advantage to a GUI package manager. But, then again, that's just me.

I was reading this thread and the same thing kept coming to my mind. For the task it does, yum doesn't need a GUI interface. There's a time and place and task when GUI is right. But the world seems to be forgetting that there is also a time and place and task for the command line.

John Newbigin wrote:

I also think yum is too slow.

I'm glad I'm not the only one who thinks that. After using urpmi at home on Mandrake with more than 11000 packages in the configured repos I can say that yum is definately far slower with only ~4000 packages in configured repos. The whole "Setting up Repos" and "Reading repository metadata in from local files" is a real drag.

On 9/6/05, Dag Wieers dag@wieers.com wrote:

On Tue, 6 Sep 2005, Tim Edwards wrote:

...

John Newbigin wrote:

...

I also think yum is too slow.

I'm glad I'm not the only one who thinks that. After using urpmi at home on Mandrake with more than 11000 packages in the configured repos I can say that yum is definately far slower with only ~4000 packages in configured repos. The whole "Setting up Repos" and "Reading repository metadata in from local files" is a real drag.

Check if you have enough memory in the system. I experienced that Yum needs more than 192MB of RAM.

Yeah, but that depends on the number of packages you are updating/installing. If your package list and dependency tree has fewer than 2 or 3 packages, it needs very little RAM. I've used yum 2.2.x on systems with 64MB of RAM without problem by simply listing out all of the packages that need to be updated with "yum list updates" and then installing them in groups of 2 or 3.

Greg

On 9/6/05, Dave Gutteridge dave@tokyocomedy.com wrote:

I'd like to comment on this list to say that despite earlier reports saying that I had fixed my YUM problems, it still freezes my computer every now and again. I've been told this might be because I have too little free space on my hard drive, so I cleared over 9 gigs, and it still freezes sometimes.

Dave,

Whomever told you that it might be an overfilled hard drive either has a bad mental map of how computers work or thought that your problem was caused by a unlikely corner case. Run from his advice.

I was told my RPM database was screwed, so I rebuilt the database and it still freezes.

Perhaps, but that typically gives more specific errors that you can search on and find that an rpm remove/rebuild/repeat will solve your problem and not just the evil no error that you seem to be experiencing.

I'm not sure what the problem is now, but I do know that on the one hand YUM seems like a great idea, and when it does work, I think it's really cool. But something is not right with it, and I don't even have error messages which let me know what went wrong, so I can't say that I would recommend YUM.

This is really a pretty harsh criticism without much indication of what your exact hardware/software specs are and what your problem is. Can you please post RAM/CPU, specific version of operating system, and the result of "yum list updates" if it does complete?

I feel certain that given those bits of information we will be far down the path of fixing whatever your problem is or at least being able to point at antiquated/failing hardware as the problem. And note my message that yum can work fine with a Pentium133/64MBRAM system, so "antiquated" really needs to be old for it to not work with yum.

Regards, Greg

This is really a pretty harsh criticism without much indication of what your exact hardware/software specs are and what your problem is.

Oh, sorry. I didn't mean to totally complain about YUM. I just haven't had an easy time of it, and the original poster was looking for reasons why maybe some people didn't like yum.

Can you please post RAM/CPU, specific version of operating system, and the result of "yum list updates" if it does complete?

512MB Ram, Pentium3, 500Mhz.

[root@localhost ~]# yum list updates Setting up Repos addons 100% |=========================| 951 B 00:00 kbs-CentOS-Extras 100% |=========================| 951 B 00:00 kbs-CentOS-Misc 100% |=========================| 951 B 00:00 update 100% |=========================| 951 B 00:00 dag 100% |=========================| 1.1 kB 00:00 base 100% |=========================| 1.1 kB 00:00 freshrpms 100% |=========================| 951 B 00:00 extras 100% |=========================| 1.1 kB 00:00 Reading repository metadata in from local files kbs-CentOS: ################################################## 1572/1572 kbs-CentOS: ################################################## 61/61 primary.xml.gz 100% |=========================| 49 kB 00:00 MD Read : ################################################## 124/124 update : ################################################## 124/124 dag : ################################################## 2458/2458 base : ################################################## 1406/1406 primary.xml.gz 100% |=========================| 98 kB 00:01 MD Read : ################################################## 326/326 freshrpms : ################################################## 326/326 extras : ################################################## 32/32 Excluding Packages in global exclude list Finished

"antiquated" really needs to be old for it to not work with yum.

That's good to know. I don't think my computer is "antiquated", although it is getting long in the tooth. It would be nice to clear this detail up. Two more details: Yum usually works fine for the first little while after I start the computer. When it freezes, it usually occurs after the computer has been on for a while, or if I've run YUM a couple of time, say, searching for a particular package. I also keep getting this annoying error message: /sbin/ldconfig: File /usr/lib/libk3bdevice.so.2.0.0.#prelink#.X8kEMh is empty, not checked. I tried turning "prelinking" off by editing a file... though I can't remember off hand which file that was right now. It was weeks ago, and it didn't help anyway. The error still happens now and again.

Dave

On 9/7/05, Dave Gutteridge dave@tokyocomedy.com wrote:

...

Can you please post RAM/CPU, specific version of operating system, and the result of "yum list updates" if it does complete?

512MB Ram, Pentium3, 500Mhz.

Ok, this should be fine.

[root@localhost ~]# yum list updates Setting up Repos addons 100% |=========================| 951 B 00:00 kbs-CentOS-Extras 100% |=========================| 951 B 00:00 kbs-CentOS-Misc 100% |=========================| 951 B 00:00 update 100% |=========================| 951 B 00:00 dag 100% |=========================| 1.1 kB 00:00 base 100% |=========================| 1.1 kB 00:00 freshrpms 100% |=========================| 951 B 00:00 extras 100% |=========================| 1.1 kB 00:00 Reading repository metadata in from local files kbs-CentOS: ################################################## 1572/1572 kbs-CentOS: ################################################## 61/61 primary.xml.gz 100% |=========================| 49 kB 00:00 MD Read : ################################################## 124/124 update : ################################################## 124/124 dag : ################################################## 2458/2458 base : ################################################## 1406/1406 primary.xml.gz 100% |=========================| 98 kB 00:01 MD Read : ################################################## 326/326 freshrpms : ################################################## 326/326 extras : ################################################## 32/32 Excluding Packages in global exclude list Finished

So, looks like you have nothing to update, right? So yum must work well enough that you can update your system :)

...

"antiquated" really needs to be old for it to not work with yum.

That's good to know. I don't think my computer is "antiquated", although it is getting long in the tooth. It would be nice to clear this detail up.

Your machine seems like it should be fine - I agree it's only a little old, but should be fine in terms of speed if none of the hardware is just flat failing.

Two more details: Yum usually works fine for the first little while after I start the computer. When it freezes, it usually occurs after the computer has been on for a while, or if I've run YUM a couple of time, say, searching for a particular package. I also keep getting this annoying error message: /sbin/ldconfig: File /usr/lib/libk3bdevice.so.2.0.0.#prelink#.X8kEMh is empty, not checked. I tried turning "prelinking" off by editing a file... though I can't remember off hand which file that was right now. It was weeks ago, and it didn't help anyway. The error still happens now and again.

Generally speaking, running yum several times a day shouldn't just cause problems on it's own. However, if you frequently are searching, it can be handy to do a "yum list installed > YumInstalled.txt" and "yum list available > YumAvailable.txt" and then do a grep on the resulting text files rather than starting/re-running yum each time. Also, if you feel like upgrading to yum2.4 then yum should be faster and you can use the yum shell to do your searching in a more efficient manner.

Maciej says to delete your prelink file - I don't know enough to know if that will help, but as far as I can see you don't have a specific problem per se, just that yum is slow which has been addressed in 2.4 and can also be worked around.

Greg

On Thu, 2005-09-08 at 02:36 +0900, Dave Gutteridge wrote:

...

but as far as I can see you don't have a specific problem per se, just that yum is slow which has been addressed

Um... I guess I didn't convey the problem. Yum isn't just slow, it freezes my machine. It halts the system to the point where the mouse and keyboard are unresponsive, and the only way I can regain control of my system is to do a hard reset. Yum is the only program on my system which causes this to happen.

If I run Yum immediately after a reboot, it's usually safe. This is how I've managed to keep up to date.

But, if I have been using my computer for a while, and then I run Yum, it is just as likely as not to freeze my computer. Or, if I run Yum more than once, it may freeze my computer on the second, or third time.

If Yum was just slow, I wouldn't mind so much. But having to hard reset is a pretty big issue.

---- perhaps there is a problem with your /var partition...

try running 'shutdown now -Fr' # reboot and run fsck on /var

you could try 'yum clean all' to clear out all the downloaded rpms, headers & cache after that.

Craig

--- Dave Gutteridge dave@tokyocomedy.com wrote:

...

perhaps there is a problem with your /var

partition...

...

What do you mean by var "partition"? I have a /var directory. Is it supposed to be on a separate partition?

Dave

---

CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos

Dave,

That is what he is talking about. Some people have /var setup as a different partition or they call it a partition instead of a directory.

Steven

"On the side of the software box, in the 'System Requirements' section, it said 'Requires Windows or better'. So I installed Linux."

Craig White craigwhite@azapple.com wrote:

on server systems I find it to be a good idea. If you set up as one LVM volume, it's not going to be on it's own partition.

Aw now, don't get anal. ;-> Besides, that's all subjective.

E.g., even a "Logical Partition" isn't a partition. It's a "partition in a partition" since the legacy PC BIOS/DOS disk label can only have 4 partitions.

That's why I like to use the UNIX terminology of disk labels and disk slices. Removes the whole legacy PC BIOS/DOS non-sense, even making it easier to explain NT5+ (2000+) Logical Disk Manager (LDM) as well.

at any rate - sometimes journal'd filesystems are damaged and the only sure way to know is to fsck it - which the previous message would do.

Exactomundo. Journaling filesystems are not the savior of disk corruption, only the reducer of boot times -- unless you have something like full data journaling with a NVRAM.

Craig White craigwhite@azapple.com wrote:

Thankfully, I have a sense of humor but not everyone enjoys having their posts picked apart for what appears to only be petty corrections to their imprecision...you should keep that in mind.

Dude?! Didn't you realize ...

1. My smiley-wink?!?!?!

2. You were "correcting" someone else, with far less "humor" than I.

If you're going to be "anal" on things, be sure to be correct. And even then, show some humility -- I do all-the-time.

On Wed, 2005-09-07 at 14:53, Bryan J. Smith wrote:

...

at any rate - sometimes journal'd filesystems are damaged and the only sure way to know is to fsck it - which the previous message would do.

Exactomundo. Journaling filesystems are not the savior of disk corruption, only the reducer of boot times -- unless you have something like full data journaling with a NVRAM.

I've had a couple of boxes with Reiserfs crash recently from UPS problems and multiple times they have refused to mount without a fsck with --rebuild-tree, which takes a full day or so. I thought the point of journaling was to avoid needing that... Is there any reason to expect better from xfs? These are running backuppc and need better-than-ext3 performance at creating/removing files.

On Wed, 2005-09-07 at 18:14, Bryan J. Smith wrote:

...

These are running backuppc and need better-than-ext3 performance at creating/removing files.

If performance is your bag, then ReiserFS pleases in many areas -- including deletion. XFS absolutely stinks when your filesystem is lot of small, constantly changing files -- and excels better when there are large files as well as small (including extents and delayed writes for fighting fragmentation).

The reiserfsck runs seemed to work OK so my only complaint about that part is the oddball syntax needed to actually make it fix anything. I'm just wondering why it is so likely to need the fsck at all (maybe 50% of my crashes when busy) and if xfs would be better about that. I thought it was supposed to know what was committed to disk and never leave it in an inconsistent state.

On Thu, 2005-09-08 at 07:32, Bryan J. Smith wrote:

...

The reiserfsck runs seemed to work OK so my only complaint about that part is the oddball syntax needed to actually make it fix anything.

Well, you've had good luck then.

Except that it's a full day of downtime for the service using the drive...

...

I'm just wondering why it is so likely to need the fsck at all (maybe 50% of my crashes when busy)

On all filesystems? Or just 50% chance that one filesystem will need a fsck?

All the busy ones. I don't think it is a problem with idle filesystems.

[ SIDE NOTE from a previous thread: Another reason to segment your filesystems is not only to "localize" any fsck, but segmentation actually _reduces_ the risk of needed a fsck because commits are more localized/contained (especially to /tmp, /var, etc...). ]

Backuppc conserves space dramatically by hard-linking all duplicates it finds (with a fairly fast hashing scheme to find them). Thus the whole archive has to be on one filesytem. I currently use a 250 gig drive and have a little over 100 gigs used (holding what would be around 900 gigs of raw data before compression and linking).

...

I thought it was supposed to know what was committed to disk and never leave it in an inconsistent state.

Nope. You through incorrectly.

The _only_ purpose of journaling is to _reduce_ the time it takes to make the filesystem consistent. That assumes the journaling is good and/or the journal replay/unplay works.

There is absolutely _no_ way to guarantee a commit, although full data journaling with a NVRAM board comes close.

I expect to lose data in a crash - I don't expect the system to lose track of the free/used portion of the disk with a journaling filesystem. I suppose the best solution is a better UPS, although I also try to run the backuppc filesystem in software RAID1 between an internal IDE drive and an external firewire drive and the 2.6 kernel crashes consistently in a day or less running like that. It does work well enough that I can usually add the external drive to the raid, let it sync up, then fail and remove it. It is next to impossible to copy the huge number of hardlinks any other way in a reasonable of time.

-- Les Mikesell lesmikesell@gmail.com

On Wed, 2005-09-07 at 21:43 +0200, Maciej Żenczykowski wrote:

Ok, that _CANNOT_ be yum's problem, some other part of your system is flaky. Either Hard Disk, or HDD drivers, or RAM, or CPU, or kernel drivers for one of the above. But it is _NOT_ yum. It can't be. Yum may be the most likely to trigger it, but that doesn't make it it's problem.

Yum does some very CPU and disk intensive operations ... which can make things like bad memory, overloaded power supplies, bad cooling fans, etc. have an effect.

I agree with Maciej .. I don't see how yum could, by itself, cause a hard freeze.

It just isn't possible (no program can freeze the machine under linux, if a program does freeze the machine, then either there's a bug in the kernel, a hardware error or the program is running with ioport priveledges (which yum doesn't use)). Again, try running memtest86 and mprime on it - verify that the systems CPU and RAM are stable, then try running some disk intensive tasks, then try running them concurrent to mprime. But it's 99.99% guaranteed that you either have flaky hardware or flaky kernel drivers.

Dave Gutteridge wrote:

[root@localhost ~]# yum list updates Setting up Repos addons 100% |=========================| 951 B 00:00 kbs-CentOS-Extras 100% |=========================| 951 B 00:00 kbs-CentOS-Misc 100% |=========================| 951 B 00:00 update 100% |=========================| 951 B 00:00 dag 100% |=========================| 1.1 kB 00:00 base 100% |=========================| 1.1 kB 00:00 freshrpms 100% |=========================| 951 B 00:00 extras 100% |=========================| 1.1 kB 00:00 Reading repository metadata in from local files

As a matter of interest, what baseurl are you using for freshrpms?

- K

On Thu, 2005-09-08 at 09:44 +0900, Dave Gutteridge wrote:

...

As a matter of interest, what baseurl are you using for freshrpms?

I don't know how to answer this. What do you mean by "baseurl"?

---- # grep http /etc/yum.repos.d/fedora.repo #baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/$releasever/$basearc... mirrorlist=http://fedora.redhat.com/download/mirrors/fedora-core- $releasever

Craig

On Thu, 2005-09-08 at 11:03 +0900, Dave Gutteridge wrote:

As for finding out what my "baseurl" is, I'm not sure I'm doing the right thing. I tried the command suggested, and I got the following result: [root@localhost ~]# grep http /etc/yum.repos.d/fedora.repo grep: /etc/yum.repos.d/fedora.repo: No such file or directory

So I thought I'd look in my repos directory, but none of the files there are for fedora or freshrpms. [root@localhost ~]# cd /etc/yum.repos.d [root@localhost yum.repos.d]# ls CentOS-Base.repo kbsingh-CentOS-Extras.repo output.txt dag.repo kbsingh-CentOS-Misc.repo

---- sorry - I should have been more explicit - I guess I thought you would figure it out from my hint since I don't have freshrpm's in my repos (remember, I don't use yum but use smartpm instead)...

# grep http /etc/yum.repos.d/* /etc/yum.repos.d/dag.repo:baseurl=http://apt.sw.be/fedora/$releasever/en/$basearch/dag /etc/yum.repos.d/fedora- devel.repo:#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/development/$basearc... /etc/yum.repos.d/fedora- devel.repo:mirrorlist=http://fedora.redhat.com/download/mirrors/fedora- core-rawhide /etc/yum.repos.d/fedora.repo:#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/$releasever/$basearc... /etc/yum.repos.d/fedora.repo:mirrorlist=http://fedora.redhat.com/download/mirrors/fedora-core-$releasever /etc/yum.repos.d/fedora- updates.repo:#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/updates/$releasever/... /etc/yum.repos.d/fedora- updates.repo:mirrorlist=http://fedora.redhat.com/download/mirrors/updates-released-fc$releasever /etc/yum.repos.d/fedora-updates- testing.repo:#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/$rel... /etc/yum.repos.d/fedora-updates- testing.repo:mirrorlist=http://fedora.redhat.com/download/mirrors/updates-testing-fc$releasever

which spits them all out - or a more specific grep for freshrpms out of this list... # grep http /etc/yum.repos.d/* |grep freshrpms

which of course means that I don't have freshrpms configured.

and somewhere I missed the part of the thread that caused whomever to ask you which base url you are using for freshrpms. ----

Also, based on what was suggested to me in this thread, I tried running 'shutdown now -Fr', and on reboot, the system did some kind of check, but returned no errors or anything. It kind of flickered to my GUI log in screen before I could see anything come of it.

---- well - it hurt nothing to check ----

Then I tried running fsck on var as was also suggested. But that produced some kind of error: [root@localhost ~]# fsck /var fsck 1.35 (28-Feb-2004) e2fsck 1.35 (28-Feb-2004) fsck.ext2: Is a directory while trying to open /var

The superblock could not be read or does not describe a correct ext2 filesystem. If the device is valid and it really contains an ext2 filesystem (and not swap or ufs or something else), then the superblock is corrupt, and you might try running e2fsck with an alternate superblock: e2fsck -b 8193 <device>

---- fsck should only check NON-MOUNTED partitions anyway - since you said /var isn't on it's own partition, you really have no opportunity to fsck /var except to 'shutdown now -Fr' ----

And all this reminded me, I have a little extra space on my disk which is not partitioned: Disk /dev/hdb: 30.7 GB, 30738677760 bytes 255 heads, 63 sectors/track, 3737 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/hdb1 * 1 3644 29270398+ 83 Linux /dev/hdb2 3645 3737 747022+ f W95 Ext'd (LBA)

Should I turn that into a Linux swap, and might that help with this YUM issue? A guy on this list gave me some instructions for doing that, but I got this error from fdisk: [root@localhost yum.repos.d]# fdisk /dev/hdb The number of cylinders for this disk is set to 3737. There is nothing wrong with that, but this is larger than 1024, and could in certain setups cause problems with:

1. software that runs at boot time (e.g., old versions of LILO)
2. booting and partitioning software from other OSs (e.g., DOS FDISK, OS/2 FDISK)

Command (m for help): t Partition number (1-5): 2 Hex code (type L to list codes): 82 You cannot change a partition into an extended one or vice versa

---- if you are sure that hdb2 has nothing of value on it, all you need to do is to delete it and then create the new swap partition. fdisk is complaining that it can't convert an extended dos partition. Delete it and it's gone. How much ram do you have in that computer? I would have created a separate /boot (approx 100 megabytes) and a separate swap partition (probably 2 * the amount of ram depending upon how much ram). You might simply be running out of memory - swap is sort of needed for systems with less than 512 Mb of real ram - especially one running desktop apps.

Craig

Reason why I ask is that freshrpms dont host packages that are usable on any CentOS version. If you are pulling in packages from there....

I thought CentOS 4 was equal to Red Hat Enterprise 4, and freshrpms seems to have RPMS for Enterprise 4.

Actually, this leads me to a question I wanted to ask anyway. I've been advised here before that I should always try to install things through Yum or RPMs. I've been told that installing from tar files and building from source is a bad idea.

But what does one do when there is software that is readily available for other Linux distros, and is theoretically buildable for CentOS, but not available from the standard Yum repositories like Dag and CentOS's own? Is one supposed to contact the repository owner and request the software be included?

Dave

On Thu, 2005-09-08 at 22:46 +0900, Dave Gutteridge wrote:

Actually, this leads me to a question I wanted to ask anyway. I've been advised here before that I should always try to install things through Yum or RPMs. I've been told that installing from tar files and building from source is a bad idea.

But what does one do when there is software that is readily available for other Linux distros, and is theoretically buildable for CentOS, but not available from the standard Yum repositories like Dag and CentOS's own? Is one supposed to contact the repository owner and request the software be included?

I use the checkinstall utility. Make your own rpms out of the tar source and then keep them updated and managed through yum or whatever.

Dag Wieers wrote:

On Tue, 6 Sep 2005, Tim Edwards wrote:

...

John Newbigin wrote:

...

I also think yum is too slow.

I'm glad I'm not the only one who thinks that. After using urpmi at home on Mandrake with more than 11000 packages in the configured repos I can say that yum is definately far slower with only ~4000 packages in configured repos. The whole "Setting up Repos" and "Reading repository metadata in from local files" is a real drag.

Check if you have enough memory in the system. I experienced that Yum needs more than 192MB of RAM.

1GB of RAM. Its not a major problem its just a delay that other package management systems don't seem to have.

On Wed, 2005-09-07 at 11:53, Greg Knaddison wrote:

That is true, but in yum2.4 (soon to be available for CentOS4, or you can build/install it yourself) this is greatly improved. Also, yum 2.4 includes the "shell" where yum reads in the information, gets itself ready, and then you can ask it to do a whole bunch of stuff without having to ask for it all in advance on the command line. It's pretty neat.

It's always painful when utilities add the 'pretty neat' stuff _after_ the scripts that use them have been written. Is there a way to tell yum that you don't care about anything that changed since the last time you ran it (a few seconds ago) and it doesn't have to do all that work again? Or better yet, a way to tell it that you don't _want_ it to consider anything that changed since you did an update on a different machine and you want it now to apply exactly the same changes on an important machine that you tested elsewhere (preferably pulling from exactly the same repository mirror or using some transaction checkpoint to ensure an identical operation).

On Wed, 2005-09-07 at 22:39, Greg Knaddison wrote:

...

Or better yet, a way to tell it that you don't _want_ it to consider anything that changed since you did an update on a different machine and you want it now to apply exactly the same changes on an important machine that you tested elsewhere (preferably pulling from exactly the same repository mirror or using some transaction checkpoint to ensure an identical operation).

As long as you use specific instructions to yum like "yum install foo.1-3.386" and you have a clean and simple set of conf/repos files, then yum will do a very specific thing. If you have multiple repositories in your configuration and you just say "yum update" then it might not behave exactly as you desire.

If you managed a set of servers running homegrown code that may or may not be sensitive to library and utility program versions, what steps would you use to keep a test server up to date, then after performing any needed application testing, to roll out the same changes to the production servers in various different locations? The object is to install exactly the updates you just tested in spite of any subsequent repository changes or out-of-sync mirrors.

On Wed, 2005-09-07 at 23:56, David Johnston wrote:

...

If you managed a set of servers running homegrown code that may or may not be sensitive to library and utility program versions, what steps would you use to keep a test server up to date, then after performing any needed application testing, to roll out the same changes to the production servers in various different locations?

I would use yum to keep the testing system up to date, and use rsync to copy specific RPM packages to the production server.

That's pretty painful when the production servers have better connectivity to the internet than to the test location.

I would not install yum on the production server at all if you need to control things tightly.

Hmmm... that's not very complimentary of yum's capability. I'd really rather not need to know every single version number myself - just that they are all the same as had been tested.

On Thu, 2005-09-08 at 07:11, Johnny Hughes wrote:

...

If you managed a set of servers running homegrown code that may or may not be sensitive to library and utility program versions, what steps would you use to keep a test server up to date, then after performing any needed application testing, to roll out the same changes to the production servers in various different locations? The object is to install exactly the updates you just tested in spite of any subsequent repository changes or out-of-sync mirrors.

You would run a local mirror that only had the updates you tested on it :)

Local to what? The production boxes are distributed but have good internet connectivity. The test box only has so-so internet connectivity. Isn't having to do that an admission that yum doesn't really do a good job of managing the packages you want on a box?

Actually I think some invocation of rpm -q will give a list of installed packages that you can feed to yum to install on another machine, but it is not at all intuitive. Don't the people writing package management tools actually manage any machines or understand that keeping them identical is desirable?

-- Les Mikesell lesmikesell@gmail.com

On Thu, 2005-09-08 at 08:17, Jesse wrote:

No, this is clearly an admission on your part that you don't know how yum works, or how to setup your own repo.

It is more of a mental block regarding the inefficiency of having to store a snapshot of a massive repository just to be able to copy a few of the individual files correctly.

How do I tell if my snapshot copy is consistent or if incomplete changes were being made as I copied it?

On Thu, 2005-09-08 at 09:05, Karanbir Singh wrote:

...

Local to what? The production boxes are distributed but have good internet connectivity. The test box only has so-so internet

local to your organisation. If you do have good connectivity, forking out for an extra role machine should not be an issue. I fail to see how bandwidth has anything to do with yum. no matter what package manager you use, you are going to need to pull down the same packages....

Any system admin who needs such solid control on the package tree's will host his/her own repository of packages, sometimes even a bunch ( eg. based on intended system role ) and run an automated delivery mechanism.

But you wouldn't need that if the package manager could actually manage packages.

Also, are you saying that you admin a large number of machines, and dont actually test the packages before they are rolled out ?

I provide the QA people with a machine with the latest updates and when they say everything works I try to duplicate those updates into the production boxes. As you imply, this is something nearly everyone has to do, so I find it surprising that the package management tools don't give you a simple way to do it. Also note that there are as many risks in waiting for testing and QA approval as not and you have to balance them. For example, I'd probably roll out any available update to openssh to internet exposed boxes as fast as possible since that is extremely unlikely to affect our services and not doing it invites a compromise. Besides, as the steady stream of security and bugfix updates to a supposedly stable OS distribution demonstrates, there will always be issues that you don't find until you have something in real-world production. So, I consider the 'real' test to be the first small set of of production boxes that are updated after QA's blessing and watch for problems before rolling out to the rest.

...

connectivity. Isn't having to do that an admission that yum doesn't really do a good job of managing the packages you want on a box?

there is yumlib, now available. Feel free to hack away.... A lot of the 'home grown' scripts that I have seen out there are screen-scrapers.... which by default, are locked into the specific version/setup of yum anyway. Its stupid to think that those sort of scripts are ever going to maintain functionality across versions.

There is a basic concept missing to provide what you get by making a snapshot of the repository. Consider the repository as a database and then consider whether making a snapshot of an entire database at every operation is the best way to get repeatable operations. What it needs is for the repository index (only) to have the snapshot operation after changes are complete so that no additions are considered until the set is complete and you know all dependencies are available and by keeping prior indexes and being able to specify something to identify them in the update command you could precisely repeat the set of changes that happened on a previous date. This presents a small problem with mirror operations since you have to ensure that all other files are present before the index is updated.

...

Actually I think some invocation of rpm -q will give a list of installed packages that you can feed to yum to install on

you mean something like

rpm -qp *.rpm --qf "%{name}.%{arch} "

which should give you a list of packages... easy to feed that to a yum install process...

I think that might be a reasonable starting point. But it doesn't solve the problem of attempting updates as a repository is being modified. You have to work around that even if you do your own snapshot copies.

...

another machine, but it is not at all intuitive. Don't the people writing package management tools actually manage any machines or understand that keeping them identical is desirable?

If a couple of hundred machines counts as 'machines', then yes - the people I know - working on these package management tools do indeed manage machines.

Do they do it by working around the package management tool's problems with huge repository snapshots?

perhaps, this conversation needs to move to the yum-devel list, where you can then recommend ways to make yum more user-friendly.

I've mentioned it on the RPM list and a yum developer responded, but I don't think I got across how desirable it would be to have yum operations be repeatable and reliable in spite of the inconsistencies during repository updates. I think I need a better way to explain the similarity to a CVS repository and the equivalent need to be able to extract any consistent set of revisions.

On Thu, 2005-09-08 at 11:09, William Hooper wrote:

[snip]

...

I think that might be a reasonable starting point. But it doesn't solve the problem of attempting updates as a repository is being modified. You have to work around that even if you do your own snapshot copies.

If you run the repo, you can control it so machines aren't trying to update during the (very short time) that you are running createrepo.

If you don't run your own repo, then all bets are off. Of course, if you don't run your own repo, how are you going to be sure the older version of any give package is there when you want to install it?

Does anyone delete released packages from repositories? Regardless, they have to come from somewhere. How do you know that the 'somewhere' that you use isn't inconsistent at the time you take your copy of the contents? Is there a test to make sure that all possible dependencies can be resolved within a repository - and is that enough to know that the snapshot you took is actually what the OS developers intended to be used together? I'm looking for something like a tag that can be applied to a CVS repository that would be applied by someone who knows the state is consistent and can be used by anyone else to retrieve exactly that state regardless of ongoing changes.

On Thu, 2005-09-08 at 11:53, William Hooper wrote:

...

Does anyone delete released packages from repositories?

I know there have been more than two errata versions of httpd for RHEL 3, but I only see two in the CentOS updates repo.

I think Centos is a special case where the repositories shift for the point releases and only contain the updates past the versions on the rebuilt isos. I've had a few surprises from this, but they would not have been reduced by having local snapshots.

...

I'm looking for something like a tag that can be applied to a CVS repository that would be applied by someone who knows the state is consistent and can be used by anyone else to retrieve exactly that state regardless of ongoing changes.

Again, if you run the repository, you get to decide on the changes.

But you would have to install all of your own spec files and build all the rpms so you control the dependencies for that to help. The point of using a distribution that has official updates is to let someone else do that. I just want my update tool to be able to know when they have completed a consistent set of those changes - or that the mirror I'm pulling from has the consistent set available.

One approach would be to create multiple repos at different stages (using hardlinks as needed to reduce disk space). OTOH, I personally can't see a need for more than "testing" and "stable" repos. If a machine falls out of these two categories for any reason, it probably needs to be handled more hands on anyway, and would get the needed exclusions in the config files.

Personally, I think 'stable' is exactly the wrong term for the one that is missing known bug and security fixes. 'Broken' and 'fixed' might be better descriptions if they are in different states. The point is that it is almost always better to have the updates than not have them. The people going to the trouble of making them generally know what they are doing. I just want to avoid surprises like you get in the middle of a repository update or when mirrors aren't in sync.

On Thu, 2005-09-08 at 13:07, Johnny Hughes wrote:

So, seriously, the best thing would be for you to create a directory that contains all your RPMS ... you put only the ones that you have approved in there. (You do not need to build anything from SRPMS). You make that accessible from the web and run createrepo on it.

OK, but I basically want to include all official updates here but I just want to delay/control rolling them out to make sure there are no surprises. That means I need to copy that whole repository (of a size you said was such a problem mirroring that you had to break it at the point releases) and repeat the copy for every state where I might want repeatable updates or I have to track every change. I do realize that both of these options are possible, I just don't see why anyone considers them desirable. Compare it to how you get a set of consistent updates from a cvs repository where someone has tagged the 'known good' states as the changes were added.

You only put authorized RPMS in there, and you rerun createrepo every time you put a new RPM in there.

Normally I'll want to mirror the official repository to get the set for testing. How do I know when you are finished doing your updates so that I don't get an rpm with a dependency that you haven't copied in yet? Or if I'm mirroring some other mirror, how do I know their full set is consistent? I hit problems like that using yum directly - what will be different if I make a snapshot at the wrong time?

You run auto YUM updates on your machines, pointing to your repo, where you only put the RPMS that you are happy with.

That's the 2nd step. I don't know I'm happy with them until I've applied them, so this copy has to co-exist with other copies and have separate versions for x86/x86_64, etc.

Les Mikesell lesmikesell@gmail.com wrote:

That means I need to copy that whole repository (of a size you said was such a problem mirroring that you had to break it at the point releases) and repeat the copy for every state where I might want repeatable updates

There is a difference between "mirroring" (like between servers, disks, etc...) and "copying" (like on the same, single server ;-).

Symlinks (same server/mounts) and hard links (same filesystem) are excellent options for APT/YUM repositories. ;->

I just don't see why anyone considers them desirable.

I have to agree with someone else's post ... simple put (in my own words) ...

What is it that you don't understand about the "costs" of configuration management?

If there is one place _no_ OS can save on, it's configuration management. _No_ distro can solve the configuration management requirement. But at least with UNIX and UNIX-like systems, especially Linux, it is "piecemeal" and "well packaged" enough that it really makes it much, much easier to deploy.

Compare it to how you get a set of consistent updates from a cvs repository where someone has tagged the 'known good' states as the changes were added.

Who says you can_not_ just use RCS/CVS/Subversions to track changes to your test system's RPM database and feed those into YUM ... HMMMMMM?!?!?! (hint, hint, hint, big-@$$ hint ;-).

That's _exactly_ what I do with CVS.

I have a "complete" repository. I then check out select packages/updates to a "test" system. When I have the "test" system to my liking something to my liking, I then do a listing of all RPMs on that system into a file.

I commit that file of RPM package-ver into CVS with a tag.

I then check that file out in another repository location. Then I use that file to create hard links in that new repository with 1 command that I write on the command line -- an ultra-simple for loop: for pkg in `cat rpm.list`; do ln ${YUMMY}/${pkg} .; done

Where YUMMY (YUM, MY) = My complete YUM repository

Bam! I have an exact configuration ready installs, updates, etc... I don't have to worry about any inconsistencies, I already did an update on a test system and it worked, and that's _exactly_ the packages I'm making available in that "production" YUM repository.

Normally I'll want to mirror the official repository to get the set for testing. How do I know when you are finished doing your updates so that I don't get an rpm with a dependency that you haven't copied in yet? Or if I'm mirroring some other mirror, how do I know their full set is consistent? I hit problems like that using yum directly - what will be different if I make a snapshot at the wrong time?

Don't know, but you _can_ mitigate the risk by maintaining a full repository internally, and linking only select file listings that have been tested/resolved on a test system.

That's the 2nd step. I don't know I'm happy with them until I've applied them, so this copy has to co-exist with other copies and have separate versions for x86/x86_64,

etc.

Separate x86_64 and ix86 is not an issue at all.

Now knowing what ix86 packages to use in an x86_64 system is a different story. If I was in charge of the Fedora Project, it would be my #1 priority to get this addressed in Fedora Core because they are making some very poor choices IMHO (largely on browser/multimedia).

Les Mikesell lesmikesell@gmail.com wrote:

The part I don't understand is why the tool built for the purpose doesn't do what everyone needs it to do.

Like? I'm still trying to find your explanation on this. So far, you talked about breaking out SPEC files. (WTF?)

Is that simple enough?

No. Specifics would be very nice.

Yes, I know I can build my own system.

There is _no_ system to build. I use RPM and YUM directly to do _all_ I need. I don't know why you even discussed SPEC files.

Now if you want a way to build a tree of RPM dependencies, there's several tools for that. But again, a test system and it's RPM database is all I need to get a package listing.

I know there are workarounds. I'd rather not.

Like? If you'd explain them, I could understand you better.

I could keep rolling my own tarballs like I used to also.

??? For what ???

The question is why everyone who is responding thinks it is a good thing or at least expected that a new system

designed

to manage packages does not do the simple and needed thing that cvs has always done to make it possible to make updates consistent and repeatable out of a changing repository.

First off, you're talking about atomicity. That has *0* to do with the tools on the client, and 100% to do with the server. I think you're completely on the _wrong_track_ there, hence your confusion.

Secondly, you _do_ have atomicity _if_ you generate the YUM repository meta-data _after_ you upload the files. How the site updates the YUM listing is more of an issue with their server procedures, _not_ the tools.

YUM repositories are just a package list and related meta-data which point to files. The atomicity happens at the server, on how that package list is updated.

On Thu, 2005-09-08 at 16:24, Johnny Hughes wrote:

...

...

What is it that you don't understand about the "costs" of configuration management?

The part I don't understand is why the tool built for the purpose doesn't do what everyone needs it to do. Is that simple enough? Yes, I know I can build my own system. I know there are workarounds. I'd rather not.

Yum is not designed for configuration management ... unless you want to update to the latest releases in the repo. In that case, it works perfectly.

What I want is to be able to update more than one machine and expect them to have the same versions installed. If that isn't a very common requirement I'd be very surprised.

If you want to artificially place limits on the repo, (ie ... this is stable, this is not) ... then you have to create your own repo.

When we release an update, it is considered stable by RedHat. Up you run up2date from RedHat, it will update you to the exact same versions that you get from CentOS.

I am not understanding what your issue with the repos or the tool is.

This isn't Centos-specific - I just rambled on from some other mention of it and apologize for dwelling on it here.

There are 2 separate issues: One is that yum doesn't know if a repository or mirror is consistent or in the middle of an update with only part of a set of RPM's that really need to be installed together.

The other is that if you update one machine and everything works, you have no reason to expect the same results on the next machine a few minutes later.

Both issues would be solved if there were some kind of tag mechanism that could be applied by the repository updater after all files are present and updates could be tied to earlier tags even if the repository is continuously updated.

I realize that yum doesn't do what I want - but lots of people must be having the same issues and either going to a lot of trouble to deal with them or just taking their chances.

-- Les Mikesell lesmikesell@gmail.com

"Bryan J. Smith" b.j.smith@ieee.org wrote:

1. Maintain multiple YUM repositories, even if all but the

original are links to the original. The problem is this is who defines what the "original" is? That's why you should maintain your _own_, so it's what _you_ expect it to be.

Er, change that 2nd statement: 'The problem is this is who defines what the "multiple" repositories are of?'

If you want it to "revision" a new repository and links everytime someone uploads _any_ new package update, that's going to be a PITA on the server end.

It's much better for _you_ to download the complete repository, and rsync regularly, and then _you_ decide what "snapshots" you want of the repository.

On Thu, 2005-09-08 at 17:37, Bryan J. Smith wrote:

...

What I want is to be able to update more than one machine and expect them to have the same versions installed. If that isn't a very common requirement I'd be very surprised.

So what you want to checkout the repository from a specific tag and/or date. So you want:

1. The repository to have every single package -- be it

packages as whole, or some binary delta'ing between RPMs (if possible)

It just needs to keep every package that it has ever had - at least as long as it might be useful for someone to install them. That seems to be the case now. You need this anyway unless you are sure that no files that remain have specific dependencies on anything removed.

2. The repository meta-data to have all history so it can

backtrack to any tag/date.

If by history, you mean a timestamp of when a file was added, yes - and that already seems to be there. That would be sufficient to make updates repeatable. I'd like to add one more thing to make it more or less atomic, and that would be some indication of the latest timestamp that should be usable - that is, newer files are in an inconsistent state of a partial update. When the repository maintainer has all the files in place this file would be modified - and some special consideration should be applied to make sure it shows up last during mirror updates. This extra part could be avoided if the 'latest timestamp' is published somewhere and you could manually pass it to yum during the update.

In other words, you want a repository to maintain storage and use CPU-I/O power to resolves tens of GBs of inter-related data and corresponding versioning meta-data.

No, I want to be able to tell yum not to consider files newer than a certain date corresponding to the time I did the update on the baseline/test machine even if newer ones happen to be sitting in the repository. And I'd like yum to always ignore changes that are transitory and incomplete.

BTW, Your comparison to CVS is extremely poor, so _stop_.

CVS would give the result I want. How it gets done is not particularly relevant.

APT, YUM and countless other package repositories store packages whole, with a "current state" meta-data list, and the packages and that meta-data is services via HTTP and the _client_ resolves what it wants to do.

CVS can run with only file-level access to the repository and no particular intelligence on the server. However, I agree that it isn't exactly the service we need here.

What you want is a more "real-time" resolution logic "like CVS." That either requires:

A) A massive amount of data transfer if done at the client, or

Yum only needs the headers which involve a massive amount of data tranfer already. Using them slightly more intelligently would not take much more, even if a timestamp/tagname filed had to be added to the header.

B) A massive amount of CPU-I/O overhead if done at the server

No it doesn't. All it needs is for yum to observe the timestamps on files and ignore any past the point you specify even if they are available. Or move this info to the headers if you don't trust timestamps to be maintained.

I see 2 evolutionary approaches to the problem.

1. Maintain multiple YUM repositories, even if all but the

original are links to the original. The problem is this is who defines what the "original" is? That's why you should maintain your _own_, so it's what _you_ expect it to be.

The Centos repository is the only one I've seen that doesn't keep every file that has ever been added forever. And they do have that available. I'm really not asking for eons of history here. I just want repeatable updates for some small testing window.

2. Modify the YUM respository meta-data files so they store

revisions, whereby each time createrepo is run, the meta-data is continuing list.

#1 is direct and practical. #2 adds a _lot_ to the initial query YUM does, and could push it from seconds to minutes or even _hours_ at the client (not to mention the increase in traffic). That's the problem.

The only extra piece of data really needed is the latest timestamp of a consistent update. The rest could be figured out but you'd need a way to find what that value was at the time you do one update so you could re-use it for repeatable results even if it had subsequently changed in the repository. If I were doing the #2 approach, as much as I like an arbitrary number of arbitrary named tags, I'd probably go with an incrementing 'repository update version' tag that would be bumped on new sets of files so you don't ever have to change old ones and you can compute which ones are past what you specify and should be ignored. Some of those header files are 100k now - how much more overhead could an update version entry add?

...

This isn't Centos-specific - I just rambled on from some other mention of it and apologize for dwelling on it here. There are 2 separate issues: One is that yum doesn't know if a repository or mirror is consistent or in the middle of an update with only part of a set of RPM's that really need to be installed together.

Not true. The checks that createrepo does can prevent an update if there are missing dependencies. The problem is that most "automated" repos bypass those checks.

Does createrepo do its magic atomically? What do yum attempts running concurrently see as it succeeds/fails?

So, again, we're talking "repository management" issues and _not_ the tool itself.

No, I want the repository to be able to be inconsistent and the tool to be able to perform an update based on a prior known-good state.

...

The other is that if you update one machine and everything works, you have no reason to expect the same results on the

...

next machine a few minutes later.

Because there is not tagging/date facility. But to add that, you'd have to add either (again):

1. A _lot_ of traffic (client-based)
2. A _lot_ of CPU-I/O overhead (server-based)

Or a sensible approach.

...

Both issues would be solved if there were some kind of tag mechanism that could be applied by the repository updater after all files are present and updates could be tied to earlier tags even if the repository is continuously

updated.

So, in other words, you want the client to get repository info in 15-30 minutes, instead of 15-30 seconds. ;->

No, I want it to get more or less what it already does but ignore inconsistent changes in progress and have the option to ignore things newer than a time you did an earlier update which you'd like to repeat.

_This_ is the point you keep missing. It's the load that is required to do what you want. Not just a few hundred developers moving around a few MBs of files, but _tens_ of _thousands_ of users accessing _GBs_ of binaries.

That's why you rsync the repository down, and you do that locally.

Sorry, I just don't buy the concept that rsync'ing a whole repository is an efficient way to keep track of the timestamps on a few updates so you can repeat them later. Rsync imposes precisely that big load on the server side that you wanted to avoid having everyone do.

On Fri, 2005-09-09 at 00:30 -0400, David Johnston wrote:

Les, I think this discussion has gotten lost in the weeds. What you want to do is easy to accomplish using Yum, but you have to use Yum the way it was intended to be used. First, you must have your own repository server, which will host as many repositories as your change control policies require (eg, untested, test, qa, production). Using the Centos repositories directly means that you're rolling out on Centos' change- control schedule, not yours. Set up your own repository and you can control it.

The rest of this message is just a summary of things that others on this list have already said.

1. You need your own repository server. This machine needs good

Internet connectivity, Apache, and about 100GB of disk space.

2. On your repository server, you need to host three repositories. #1 is a copy of the Centos repositories you use, call it "untested" #2 is a subset of #1, call it "qa" #3 is a subset of #2, call it "production"

3. #1 gets updated nightly with a simple yum update. In other words, it

just copies the binary packages from the Centos repositories.

4. Keep in mind that #2 and #3 won't take up much disk space because the

files in these repositories are actually just links to the real files in #1.

5. "createrepo" will create the Yum headers for all of the packages in a

given directory.

6. If you want to promote a set of packages from #1 to #2, you first add

links (eg, "ln -s /var/spool/repo/untested/somepkg.rpm /var/spool/repo/qa/"). As you do this, any machine attempting to run "yum update" against the qa repository will see no change.

7. Here's where the repo gets its atomicity: once all of the packages

are linked, you re-run createrepo. Until createrepo finishes, the repo will appear unchanged.

8. All of your QA machines use your "qa" repository, and run yum update

nightly.

9. All of your production machines use your "production" repository and

run yum update nightly.

10. YOU control when createrepo is run on your QA and Production

repositories, thus controlling when things roll out.

I agree with most of this ... except that I would (and do) use rsync to do updates of the repo from the CentOS trees.

You can make rsync only pull down the directories you need (ie, nothing but centos-3 i386 and x86_64 if that is what you care about, etc.)

Understand that CentOS already has more "repos" than just about anyone else out there already (contrib, extras, centosplus, addons, testing, updates, os). We do this to give the users almost unprecedented control on what they want to take.

The bottom line is ... if you want to QA control your own updates, and not rely on CentOS (or the upstream provider) to maintain an up2date and secure set of packages, then you need to do it yourself.

This is not a unique requirement ... I am a CentOS developer, and I personally QA almost every single package that gets released from the main CentOS-4 repos for i386 and x86_64. I still maintain a separate, local repo at my work that has tested and QA'ed packages required for my production machines to maintain configuration management. Not because I don't trust the updates ... but because I need a specific set of packages for specific requirements.

Having a configuration date/time feature in yum ... whereby anything after a specific point in time would not be considered in the resolution process might be a good thing (from the standpoint of configuration management). But that would not really do anything to verify that certain packages were stable, nor would it give you the flexibility to take certain packages newer than that date which you want while testing others.

You can use tools (like RHN) to register machines and pick certain updates to push across those machines ... but to be honest, I create local yum repos even for upstream supported machines too. I then point to those repos and use up2date to control my supported machines updates.

There is an open source project called "current" that is an open-source implementation of an up2date server. It might do some of the things you want. I haven't really looked at this in depth, but here is a link:

http://current.tigris.org/

This is growing tiresome. I hope this e-mail ends it.

On Thu, 2005-09-08 at 22:16 -0500, Les Mikesell wrote:

When the repository maintainer has all the files in place this file would be modified - and some special consideration should be applied to make sure it shows up last during mirror updates. This extra part could be avoided if the 'latest timestamp' is published somewhere and you could manually pass it to yum during the update.

And I have told you this is _more_involved_ than you think! If you knew how even CVS actually works, you would understand this.

Here, do this comparison:

1. Setup CVS

Check-in thousands of large, binary files totaling GBs of data at different times, revisioning several. You can use either pserver mode or ssh/local (including NFS mount).

2. Setup Apache

Create 2 or 3 trees of different sets of files that total a few GBs. Now share them out via an Apache directive (or under the Apache root).

3. Run the test ...

Do #1, check out those large, binary files using different dates Do #2, wget portions of each Apache tree

When you do this, run network traffic analysis, vmstat, iostat and make comparisons.

What do you think is going to be the difference between CVS and just an Apache tree? ;->

On Fri, 2005-09-09 at 07:39 -0500, Les Mikesell wrote:

No, it just shows that you don't understand what I said yet.

Actually, I don't understand what you're thinking. Then again, I don't think you understand how CVS works either.

But I _do_ know _exactly_ what you want. Unfortunately, how you think it can be done is full of omissions. Date/timestamps won't solve your "resolve from date X" want. That's what I can't seem to explain.

I even tried to use your CVS analogy and why it becomes infeasible. Apparently you're not familiar with how CVS works on the repository either.

Everthing I want could be done if yum simply had an option to ignore files newer than a specified timestamp and repository changes only involve additions (and the latter is already the case).

And you have absolutely no familiarity with what is involved with this on the _repository_ end. You have seemingly only used the YUM client, not actually created a YUM repo. The YUM client relies on a meta-data file because the YUM repo is little more than a "web site." It yanks down those meta-data files to do resolution.

If you want arbitrary fetches at an arbitrary tag/date, they you are going to _massive_bloat_ those meta-data files, not to mention the time it takes to resolve.

No extra server operations or network traffic is necessary.

Absolutely _not_ true. You are oblivious to the fact that the YUM client _relies_ on a set of meta-data files on the YUM repository. That's where the YUM client gets its information and many other details, _not_ by directly "browsing through" the tree.

All I want is to be able to pretend that additions more recent than a prior run weren't there.

Until you run your _own_ YUM repository and use createrepo a few times, you will be oblivious to what a YUM repository is.

On Fri, 2005-09-09 at 12:05, Mike McCarty wrote:

Les, what you seem to want is to put a tag on the files so one can create a snapshot version. A simple date will not do what you want. I know that you think it will. But I did configuration management for years, and you just do not have any concept of how difficult the problem is. You need to think of yum as being a transport agent, because that's really all it is. Yes, it knows about some dependencies, but it can't know about everything there is to know.

Please explain what would go wrong if yum simply ignored the presence of files newer than a specified date.

I'm here to tell you that I did software development and participated in configuration management at a large corporation, and we had *teams* of over 100 engineers and testers working to do what you want, and we *still* had some holes in the process.

I'm not asking to deal with arbitrary revisions to same-named files here. I'm asking for repeatable actions with all the same stuff available plus possibly some new things I'd prefer to ignore. Everything still exists in the repository and would be available if you extracted the version numbers from the machine with the prior run with rpm -q and fed it explicitly to yum to install. If there is a reason that yum would not make exactly the same decision again by itself if it just could be told to ignore the subsequently-added files in the repository I am missing something.

You need to think of yum as just being a fancy version of wget. You can ask wget to get a whole web page and its pieces, and it will. And it'll even resolve some dependencies to fix up the hyperlinks between the files to fit the structure it builds on your machine. But that's it. It's a transport mechanism. So is yum. It's a transport.

The only new thing I'm asking is for it to pretend some new files weren't there.

...

...

All I want is to be able to pretend that additions more recent than a prior run weren't there.

No, that is not what you want. What you expressly requested was to be able to recreate a yum install, and that the results be consistent.

Then I'm missing why yum would make different decisions than it did when the files actually weren't there.

That requires co-operation all along the whole software development chain, starting with source, and having a dedicated QA team to create the certified packages. It requires a certified source library of all the pieces, and a method for the development tools (compilers, assemblers, linkers, etc.) to pass along information about what version went into the build, and the test team to be able to certify what versions were tested together during integration.

This is inconsistent with "open software development on the web".

It requires a management structure.

That's all there, and all been done. That's the beauty of the current system and the value of using yum in the first place. And that's why I've pressed this conversation this far. Everything in the repository has already been version-numbered, dependency checked and well tested. It's insane to think that I can do a better job of this than has already been done. The only extra step is that I need to check for any surprises in interaction with home-grown apps and scripts (and in a distribution like Centos this would most likely mean the app was broken if it ever happened).

...

Until you run your _own_ YUM repository and use createrepo a few times, you will be oblivious to what a YUM repository is.

I believe you have struck the nail upon the head with perfect orthogonality.

In fact, he seems to have no concept of what configuration management is.

The configuration management is already done. All I'm asking for is a way to access what was done last week (which is still there) and ignore available additions. Yes it can be done with a complete snapshot of every repository state that I might want to repeat an update from. It could also be done by making a snapshot of a current repository and physically removing the files I don't want yet. It could also be done if the yum program just ignored the files I don't want yet. The last option just seems nicer.

-- Les Mikesell lesmikesell@gmail.com

Craig White craigwhite@azapple.com wrote:

have you checked out smartpm yet? http://smartpm.org no - I don't want in on the thread

Has absolutely nothing to do with what we are discussing.

SmartPM is an end-user tool that can use YUM repositories, among others, and does not address the larger issue of how repositories work (and the clients that access them) and the larger issue of configuration management.

On Fri, 2005-09-09 at 11:45 -0700, Bryan J. Smith wrote:

Craig White craigwhite@azapple.com wrote:

...

have you checked out smartpm yet? http://smartpm.org no - I don't want in on the thread

Has absolutely nothing to do with what we are discussing.

SmartPM is an end-user tool that can use YUM repositories, among others, and does not address the larger issue of how repositories work (and the clients that access them) and the larger issue of configuration management.

---- so therefore - I am not allowed to ask the question?

I didn't realize that your vastly superior knowledge of all things also permitted you to dictate topicality. So sorry. Do you ever pause before you click send and ask yourself is sending this necessary?

I said I wasn't entering the thread.

Craig

On Fri, 2005-09-09 at 12:51 -0700, Bryan J. Smith wrote:

Craig White craigwhite@azapple.com wrote:

...

so therefore - I am not allowed to ask the question?

But what question are you asking and why? You are mentioning that someone should try SmartPM, which will do _nothing_ to solve the problem we are discussing.

...

I didn't realize that your vastly superior knowledge

Give me a break. I am a _major_advocate_ of SmartPM. But this isn't about the end-user tool. It's about the repository and/or service. SmartPM has nothing to do with that. SmartPM uses YUM.

And as someone else pointed out, it could actually make things worse with what we're discussing. But SmartPM accesses a YUM repository, and the YUM repository is where this capability could _only_ be addressed.

...

of all things also permitted you to dictate topicality.

Dude, I do _not_ dictate what topics are discussed.

But one thing I really can't stand is when many people are trying to figure out a solution, and different people keep interjecting things because they don't understand the root problem. And why don't they? They don't take the time to understand.

I merely pointed out that SmartPM, APT or any other tool is not the issue here. I have repeatedly stated that the "client tool" has _nothing_ to do with _anything_ we are talking about. In fact, 99% of the confusion is because people are only used to using the "client tool" and not actually how the repository works.

The "yum client" program has *0* to do with this discussion, its how the "yum repository" is organized over simplistic HTTP. Switching to SmartPM does not solve it at all, because it's still using a YUM repository.

...

So sorry. Do you ever pause before you click send and ask yourself is sending this necessary?

Do you ever stop to read what people are discussing before just saying "use product X" to "fix problem Y" which you clearly didn't even stop to read?

...

I said I wasn't entering the thread.

You were entering into the thread by suggesting someone "use product X" to "fix problem Y" where X is wholly inapplicable.

It's like saying fix your Apache issue by using Microsoft Windows with Internet Explorer as your client instead of Linux with Firefox as your client. The client is _not_ the problem, it's the server, and changing clients does _nothing_. ;->

At this point, you're reminding me of Dilbert's point-hair boss. You're suggest something that is wholly inapplicable to the discussion. I merely pointed that out, and if you want to take offense to it, then I can't help you.

---- you assume way too much.

I never offered smartpm as any solution to any problem referenced in this discussion. I merely asked if he had used smartpm. The assumption that I asked that in order to solve his issues was yours and yours alone. You need to keep in mind that it is actually ok for topics of conversation to move tangentially and that shouldn't require the blessing of Bryan.

I never really attempted to dissect the discussion that you and Les were having because having had discussions with both of you already, I am well aware that neither of you would ever concede an inch - even if you pondered each other's points of view long enough to try and make them work for you, neither of you would allow it just out of principle (that's my opinion). I believe this because I have had these types of discussions with Les and you before. I had to be a moron to enter the discussion - even peripherally as I did (and got compared to Dilbert's boss as a reward).

You would be well served to invite others to participate in discussions rather than bite them off as you do if for no other reason than to give the impression of geniality. If you added geniality and humility to your arguments, they would be more persuasive. This is another way of saying that persuasion is an art - not a test of wills nor a referendum of one's knowledge.

Craig

On Fri, 2005-09-09 at 19:49, Craig White wrote:

I never offered smartpm as any solution to any problem referenced in this discussion. I merely asked if he had used smartpm.

No I haven't. I've had version-related problems with python code not part of the distribution in the past and try to avoid using it. But as someone else mentioned, it would probably make things worse by offering more options than just installing the latest it finds in the repository which I'd like to modify into the 'latest if not later-than' some timestamp.

Johnny Hughes mailing-lists@hughesjr.com wrote:

OK ... There have been some good suggestions on this thread

...

1. It might be good if you could pass a date as a command

line option to yum ... and have yum not consider anything after that date as being in the repo.

I don't think anyone disagrees with that. The problem is that the current format of meta-data in the YUM repository makes this difficult -- let alone how do you "define" the date?

I suggested a simple "hack" on the repository end that merely retains previous createrepo runs. That way you can go back to any previous "state" of the meta-data that someone else might have pulled from earlier.

That is a good suggestion for the yum mailing list: https://lists.linux.duke.edu/mailman/listinfo/yum

I will join and offer my simple "hack" as a suggestion for handling the repo end until a more formal concept can be devised.

2. It might be good to develop a way to distribute update

RPMS with only the changed (delta) information and not all the information, thus saving time and bandwidth and storage

space.

For mirrors, it _might_ be a good way, I don't disagree. As long as only "a few" mirrors are yanking files. That will minimize the load of the ripple delta processing.

But for connecting dozens of clients, especially over the Internet, I think the space savings is going to be off-set by the massive overhead.

E.g., In most configuration management systems where TBs of binary data are involved, I've found the systems are intolerable after just after a few clients. In fact, what I typically do is have only the delta process run on the local disk, and then share out the resulting "assembly" via NFS.

So it would work as long as only a few clients connect -- such as limiting to mirrors. But when it comes to client operations, the load and temporary space used will not only be self-defeating, but far worse than just a flat/whole repository.

This is also a good suggestion, but not really for CentOS ... we use up2date and/or yum ... but if Red Hat where to change their method of distributing updates, then CentOS might too. This suggestion also

really

belongs upstream (if it is going to be acted upon).

Agreed.

3. It might be good to have a method for deploying

different sets of packages to different machines and

control

them individually or as a group. The program "current" is working on doing that: http://current.tigris.org/

Yep. There's a lot of capability that Subversions and other version control systems are offering.

But there are -- how can I say this -- "real world deployment" and "server v. client v. bandwidth load/transfer" issues. For each solution offered that fixes one problem, several others seem to be introduced.

I don't think anyone is arguing these things are not wanted -- God knows I'd _love_ to have these capabilities. But their feasibility is entirely another issue, and it requires some first-hand experience with how YUM repositories work, as well as binary delta'ing loads and buffering/temporary space when links are slow.

Running an rsync or two between a few systems is somewhat of a load. But doing a compounding set of rysncs (which is basically what delta'ing is) to numerous systems is going to introduce a load on the service that is far removed from just HTTP file services. ;->

Please ... let's offer constructive and non attacking comments to this and all other threads on the mailing

lists.

I think that's all I'm trying to do. But I will admit I did get a bit "frustrated" when people assumed how something worked, and it didn't.

On Sat, 2005-09-10 at 11:23, Scot L. Harris wrote:

...

1. It might be good if you could pass a date as a command line option

to yum ... and have yum not consider anything after that date as being in the repo.

That is a good suggestion for the yum mailing list: https://lists.linux.duke.edu/mailman/listinfo/yum

Which fails if the repo you are pointing to has to restore the repo files and the datetime stamp changes....

If you don't restore in a way that maintains the timestamp, every mirror is going to have to suck a fresh copy of the whole repository. I'd expect the maintainers to already be careful about that.

IMHO a completely different application should be used. This application is mostly a database that tracks a list of rpms. If you want to build a copy of a system you select the particular snapshot (the list of rpm versions you decided was the image) and the new utility proceeds to pull those rpms from the repo and install them on the target system. This new application would allow you to create multiple snapshots and select which one you wanted to use.

That would be better in the sense that it could detect errors like files being removed from the repository. If the repository only has additions, the timestamp is all you need to recreate the list of rpms that were present at any time. If you are going to the trouble of doing something more complicated, it should involve tying repository update 'sets' of rpms together so that a client could tell if all needed files were present at a mirror site instead of just failing dependencies when a partial update requires a missing file.

Trying to cram this into yum is IMHO going to make yum overly complex and more difficult to use.

Repeatable operations are more than just a nice idea in the computer world... And making everyone who wants a repeatable yum update store a whole repository snapshot for every point they need just doesn't seem like an efficient way to get that.

KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD.KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD.KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD. KILL THIS THREAD.

On 9/10/05, Les Mikesell lesmikesell@gmail.com wrote:

On Sat, 2005-09-10 at 11:23, Scot L. Harris wrote:

...

...

1. It might be good if you could pass a date as a command line option

to yum ... and have yum not consider anything after that date as being in the repo.

That is a good suggestion for the yum mailing list: https://lists.linux.duke.edu/mailman/listinfo/yum

Which fails if the repo you are pointing to has to restore the repo files and the datetime stamp changes....

If you don't restore in a way that maintains the timestamp, every mirror is going to have to suck a fresh copy of the whole repository. I'd expect the maintainers to already be careful about that.

...

IMHO a completely different application should be used. This application is mostly a database that tracks a list of rpms. If you want to build a copy of a system you select the particular snapshot (the list of rpm versions you decided was the image) and the new utility proceeds to pull those rpms from the repo and install them on the target system. This new application would allow you to create multiple snapshots and select which one you wanted to use.

That would be better in the sense that it could detect errors like files being removed from the repository. If the repository only has additions, the timestamp is all you need to recreate the list of rpms that were present at any time. If you are going to the trouble of doing something more complicated, it should involve tying repository update 'sets' of rpms together so that a client could tell if all needed files were present at a mirror site instead of just failing dependencies when a partial update requires a missing file.

...

Trying to cram this into yum is IMHO going to make yum overly complex and more difficult to use.

Repeatable operations are more than just a nice idea in the computer world... And making everyone who wants a repeatable yum update store a whole repository snapshot for every point they need just doesn't seem like an efficient way to get that.

-- Les Mikesell lesmikesell@gmail.com

---

CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos

Les Mikesell lesmikesell@gmail.com wrote:

Please explain what would go wrong if yum simply ignored the presence of files newer than a specified date.

No offense, but build a YUM repository and you'll know _exactly_ why we think you are _clueless_ in this thread.

The YUM client does _not_ access the RPMs, it accesses the repodata which is a meta-data listing of what is in the repository. That meta-data listing is set to a _specific_ set of RPMs at a _specific_ time.

To get what you want, you have to modify the _repository_ end. The YUM client does _not_ and can_not_ arbitrarily pick'n choose different RPMs that are physically on the server. It has to rely on the meta-data listing that is on the server -- generated by another process on the server.

I have described a "hack" that would do what you wish, by maintaining multiple repodata -- what I call repodelta -- sets. That would be a "nice option" but it can only regenerate the repodata for the state of the repository when it is run.

To do anything more advanced, you'd need to delta at least the headers of the packages in the repository (which would be the _only_ sane operation IMHO). And when we say "delta" -- we are talking about "CVS-like" operations.

I'm not asking to deal with arbitrary revisions to same-named files here. I'm asking for repeatable actions with all the same stuff available plus possibly some new things I'd prefer to ignore.

Then you need the YUM repository to maintain _multiple_ copies of the repodata from _different_ times. I described one way this might be done with my "repodelta" conceptual hack.

Everything still exists in the repository and would be available if you extracted the version numbers from the machine with the prior run with rpm -q and fed it explicitly to yum to install.

Then that's what you need to do. You _can_ feed a filelist into the YUM client. It's that simple.

What you're talking about requires changes at the repository end. That is far more involved.

If there is a reason that yum would not make exactly the same decision again by itself if it just could be told to ignore the subsequently-added files in the repository I am missing something.

You seem to continually be missing the point that the YUM client does _not_ directly access the RPMs for resolution, but a meta-data list that is _pre-generated_ at the repository.

Then I'm missing why yum would make different decisions than it did when the files actually weren't there.

EXACTLY! Becuse you don't understand how YUM repositories work. Just like you don't understand how delta'ing works.

Hence why this thread never dies, you keep responding to different people, and some of us (at least me) are too stupid to just not response (although I think I'm getting smarter, I think this could be my last post).

That's all there, and all been done. That's the beauty of the current system and the value of using yum in the first place.

No, the value of what _you_think_ YUM is.

This is very, very typical of someone who has only used a client piece of a system, but not actually managed the service end. In YUM, there is no "YUM service." It is a tree of files, shared out via HTTP. The YUM client figures out what is available in the repository by reading the meta-data that is pre-generated on the server -- *NOT* by reading the entire YUM repository of RPMs, or otherwise "interacting" with some "YUM service."

And that's why I've pressed this conversation this far.

Yes, we know.

Everything in the repository has already been version-numbered, dependency checked and well tested.

At a _single_, _discrete_ point-in-time when the meta-data was built. It is _neither_ a revisioning back-end _nor_ a service.

It's insane to think that I can do a better job of this than has already been done.

The problem is that you are assuming what "has already been done" in YUM, and your assumptions are _dead_wrong_.

The configuration management is already done.

No it's not! That's the problem.

YUM repositories are a "list of files" with a meta-data listing "done at date X." Your YUM client does _not_ resolve by looking through all the RPMs, it resolves by downloading that meta-data file which was pre-generated on the server.

That meta-data file was created at date X and can offer _no_other_information_ on the state of the repository at any other time. The only way around that is to build a _true_ delta'ing backend (version control like CVS) or maintain multiple copies of the meta-data from different times (which my conceptual hack suggested).

All I'm asking for is a way to access what was done last week (which is still there)

*WRONG*! The RPMs are still there, yes. But the meta-data listing is _not_, it's _gone_.

and ignore available additions. Yes it can be done with a complete snapshot of every repository state that I might want to repeat an update from. It could also be done by making a snapshot of a current repository and physically removing the files I don't want yet. It could also be done if the yum program just ignored the files I don't want yet. The last option just seems nicer.

And that last option _could_only_exist_ in your mind. ;->

You keep thinking the YUM client can automatically and arbitrarily pick and choose among RPMs exist in the repository. The thing is that the YUM client _only_ picks'n chooses what the meta-data listing says.

And there is _no_ information in that meta-data to say "give me the state of the repository on date X" if the meta-data was generated on date Y. There is _no_ "YUM service" on the server that can dynamically generate this. And the pre-built meta-data only describes now, because to maintain deltas on just the repository itself is far more involved (and would only add to the initial delay).

Which is why I suggested my conceptual "hack." You have to provide the capability at the repository. Modification of the YUM client can do _nothing_ with the current way YUM repositories work. Build a YUM repository and you'll see _exactly_ what I mean (among others here).

I've explained this enough times. I'll shutup now.

On Fri, 2005-09-09 at 15:29, Mike McCarty wrote:

Bryan J. Smith wrote:

...

Les Mikesell lesmikesell@gmail.com wrote:

...

Please explain what would go wrong if yum simply ignored the presence of files newer than a specified date.

No offense, but build a YUM repository and you'll know _exactly_ why we think you are _clueless_ in this thread.

[snip]

People who have never had kids make statements which begin "All you have to do is...", while the real parents are hanging on by their fingernails just trying to survive.

Maybe something a little bit similar is happening here?

Mike

If it was "easy" then anyone would be able to do it. :)

The answer has been given several times, build and maintain your own repos. The production build repo will only have those packages you have tested and released. You can then build or update existing systems to that level by simply pointing to the production build repo. You would also have a test repo (possibly more than one) which would be used for testing new updates. Once you have a set that have passed QA you sync your production repo with the certified test repo and update your production systems.

This is something you have to manage yourself. I don't know why you would trust an external repo to update your production systems in the first place. This would be a carefully controlled process that would be run from internal servers. You would only pull the latest release into a test environment from external repos. This eliminates potential issues with repos having problems, network issues, etc. And gives you the control over what is installed on your production systems.

This is not an easy thing. It takes organization and work to setup, operate, and manage a large number of servers to strict standards.

I withdraw now to watch the rest of this continuing saga unfold. :)

Les Mikesell wrote:

On Fri, 2005-09-09 at 12:05, Mike McCarty wrote:

...

Les, what you seem to want is to put a tag on the files so one can create a snapshot version. A simple date will not do what you want. I know that you think it will. But I did configuration management for years, and you just do not have any concept of how difficult the problem is. You need to think of yum as being a transport agent, because that's really all it is. Yes, it knows about some dependencies, but it can't know about everything there is to know.

Please explain what would go wrong if yum simply ignored the presence of files newer than a specified date.

Please explain to me how the date of a file describes its contents.

Until you can tell me how, merely by looking at the date of a file, one can know what its contents are, then you haven't shown how by using dates one can get yum to do consistent downloads.

...

I'm here to tell you that I did software development and participated in configuration management at a large corporation, and we had *teams* of over 100 engineers and testers working to do what you want, and we *still* had some holes in the process.

I'm not asking to deal with arbitrary revisions to same-named files here. I'm asking for repeatable actions with all the same stuff available plus possibly some new things I'd prefer to ignore. Everything still exists in the repository and would be available if you extracted the version numbers from the machine with the prior run with rpm -q and fed it explicitly to yum to install. If there is a reason that yum would not make exactly the same decision again by itself if it just could be told to ignore the subsequently-added files in the repository I am missing something.

If that's what you want, then the easiest way is simply to create your own repository. Use anything to create the repository, starting empty. Then draw only from that repository. This requires no cooperation between you, the developers, the repository maintainers, or anyone else. You will be in complete control. No changes to yum, or rsync, or any other tool is required. You can write a script which does the creation. Start the script and walk away. Have it e-mail you when it completes.

One day you decide you want to update some machines in a repeatable (though not necessarily consistent) manner. Start with an empty repository, and use any method you like to fill it. Then do all updates from that repository.

But, IIRC, you said yourself you wanted *consistency*. And that cannot be done simply.

...

You need to think of yum as just being a fancy version of wget. You can ask wget to get a whole web page and its pieces, and it will. And it'll even resolve some dependencies to fix up the hyperlinks between the files to fit the structure it builds on your machine. But that's it. It's a transport mechanism. So is yum. It's a transport.

The only new thing I'm asking is for it to pretend some new files weren't there.

The easiest way to do that is not to have those files exist. And using a date is not a reliable way to guarantee content.

...

...

...

All I want is to be able to pretend that additions more recent than a prior run weren't there.

No, that is not what you want. What you expressly requested was to be able to recreate a yum install, and that the results be consistent.

Then I'm missing why yum would make different decisions than it did when the files actually weren't there.

Perhaps you are using the word "consistent" in a way I don't understand.

Do you mean "repeatable" or do you mean "consistent"?

Either way, a file timestamp does not guarantee content.

[snip]

...

...

Until you run your _own_ YUM repository and use createrepo a few times, you will be oblivious to what a YUM repository is.

I believe you have struck the nail upon the head with perfect orthogonality.

In fact, he seems to have no concept of what configuration management is.

The configuration management is already done. All I'm asking for is

Not by using a timestamp it isn't.

a way to access what was done last week (which is still there) and ignore available additions. Yes it can be done with a complete snapshot of every repository state that I might want to repeat an update from. It could also be done by making a snapshot of

A snapshot is just that. What you want is named snapshots. And that is configuration management.

a current repository and physically removing the files I don't want yet. It could also be done if the yum program just ignored the files I don't want yet. The last option just seems nicer.

How can yum know what files you want to ignore, unless it has version tags associated, and a named version for the entire build?

Mike

On Friday 09 September 2005 13:49, Les Mikesell wrote:

files here. I'm asking for repeatable actions with all the same stuff available plus possibly some new things I'd prefer to ignore.

Ok, Les, try: rsync the header cache (found in /var/cache/yum/$repository/header) from the test box to production (they are small files) yum -C update (on the production box target of the rsync). Assuming the test box repository is populated from the internet (you said internet connectivity from production was better than to the test box), then the update on production should pull in the right files (assuming they still exist on that repository, which they might or might not).

And see if that helps. The 'yum -C' keeps yum from updating the cache; if you're good, you can edit these headers and remove things you don't want.

You seem to need a staging repo box out with the production boxes to help with your testbox -> production bandwidth bottleneck.

On Fri, 2005-09-09 at 16:58 -0500, Les Mikesell wrote:

But poking around I see some xml

gunk that I didn't expect (hadn't looked closely since it was just headers, packages, and header.info). I wonder if the installed RPM data gets cached now too.

Yeah, that xml gunk isn't anything... it's only gives all the info that yam uses to update something... not too important.

Maybe you need to maybe look inside? Ya think?

Les Mikesell wrote:

On Thu, 2005-09-08 at 17:37, Bryan J. Smith wrote:

[snip]

...

1. The repository to have every single package -- be it

packages as whole, or some binary delta'ing between RPMs (if possible)

It just needs to keep every package that it has ever had - at least as long as it might be useful for someone to install them. That seems to be the case now.

I don't know of any repo that keeps all packages ever released. CentOS moves them out of the repo so everyone doesn't have to mirror them. Fedora Core completely removes old packages (I have the rsync deletes to prove it). I only see the newest versions in Dags repo.

And again, I ask, who decides if it is "useful for someone to install them"? If the CentOS maintainers didn't feel the new packages were ready, they wouldn't release them.

Sorry, I just don't buy the concept that rsync'ing a whole repository is an efficient way to keep track of the timestamps on a few updates so you can repeat them later. Rsync imposes precisely that big load on the server side that you wanted to avoid having everyone do.

Rsync only imposes that load the once or twice a month you sync, not every time a machine does a "yum update".

As I've said before, if you have your test machines pointed at the official mirrors, you have the RPMs you need and can just copy them into your repo and run createrepo, no rsync needed.

On Fri, 2005-09-09 at 08:54 -0400, William Hooper wrote:

Rsync only imposes that load the once or twice a month you sync, not every time a machine does a "yum update".

Exactly! He seems to also fail to understand that there is a significant "cost savings" for _all_ parties to rsync the YUM repository.

On Fri, 2005-09-09 at 10:21 -0500, Les Mikesell wrote:

On Fri, 2005-09-09 at 08:32, Bryan J. Smith wrote:

...

On Fri, 2005-09-09 at 08:54 -0400, William Hooper wrote:

...

Rsync only imposes that load the once or twice a month you sync, not every time a machine does a "yum update".

Exactly! He seems to also fail to understand that there is a significant "cost savings" for _all_ parties to rsync the YUM repository.

The only reason there is even a possible savings is that yum circumvents standard http/ftp caching practices by randomizing the source locations. Even then, you'd have to update a vast number of server-type machines to make up for the fact that rsync'ing the repository is going to pull copies of updates for a gazillion programs that no machine has installed.

Yum doesn't do that at all ... we at CentOS do it on purpose.

We can't possibly provide access by one server to all the CentOS users who want to do updates. We transmit more than 18 TB of data per month for updates and rsyncs ... so we use something called rrdns (round robin DNS) to create mirror.centos.org (or us-mirror and eu-mirror) for yum, and msync.centos.org(or us-msync, eu-msync) for rsync. Those names all have multiple machines that respond in a round robin way to requests.

That way, we can utilize many different servers to provide CentOS yum and rsync servers.

On Fri, 2005-09-09 at 10:51, Johnny Hughes wrote:

...

...

Yum doesn't do that at all ... we at CentOS do it on purpose.

We can't possibly provide access by one server to all the CentOS users who want to do updates. We transmit more than 18 TB of data per month for updates and rsyncs ... so we use something called rrdns (round robin DNS) to create mirror.centos.org (or us-mirror and eu-mirror) for yum, and msync.centos.org(or us-msync, eu-msync) for rsync. Those names all have multiple machines that respond in a round robin way to requests.

One thing I wanted to point out though, since one name is used (ie, mirror.centos.org)... most caching proxy servers would cache the results.

Yes, rrdns does work fine with standard caching techniques. It is the one where yum pulls a file containing a list of mirror urls and uses one of them that gets new copies all the time. Maybe it is the fedora boxes doing that. If so, its one of those things I wish I didn't need to know about.

On Fri, 2005-09-09 at 10:44, William Hooper wrote:

...

The only reason there is even a possible savings is that yum circumvents standard http/ftp caching practices by randomizing the source locations.

We've been through this before. Yum only changes servers if you use the mirror list option. By default CentOS (at least 4) doesn't, so what is the problem?

Most of my machines are running 3.5.

...

Even then, you'd have to update a vast number of server-type machines to make up for the fact that rsync'ing the repository is going to pull copies of updates for a gazillion programs that no machine has installed.

So don't rsync it. Pull the RPMs from your test machine's yum cache and make your own repo.

That's actually the most sensible suggestion so far. Is there a generic automation for this? Yum over ssh or something that doesn't take additional setup/infrastructure for every variation of Linux distributions or architecture I might like to use?

On Fri, 2005-09-09 at 11:11, Bryan J. Smith wrote:

I'm at a loss for words now.

I think that's basically what everyone was saying earlier. Take one system, and use the RPMs in its YUM cache. It's straight-forward and easy to do.

Please quantify easy. Will you do it for me every time it needs to be done? Today I'd have a use for at least 6 variations, although I guess you'd double that with the suggested overlap of testing/staging instances. With a little thought about the process, yum updates could be made to be repeatable without extra work, network traffic or any other overhead. I just don't see why this is not considered desirable.

-- Les Mikesell lesmikesell@gmail.com

Les Mikesell lesmikesell@gmail.com wrote:

Please quantify easy. Will you do it for me every time it needs to be done? Today I'd have a use for at least 6 variations, although I guess you'd double that with the suggested overlap of testing/staging instances.

So, in other words, you want a service that provides custom tagging, revisioning and/or date-based retrieval. That includes your wish for a dynamic delta'ing repository and real-time RPM generation.

Again, I don't think you understand what delta'ing systems like CVS does compared to just a "HTTP accessable" repository trees. A world of difference!

With a little thought about the process,

Again, I don't think you understand how delta'ing systems like CVS work, and the massive mindshift in the "back-end" that is required. It's no "little thought about the process."

yum updates could be made to be repeatable without extra work, network traffic or any other overhead.

That's utter BS! Delta'ing is the _worst_ overhead! It works fine for textual data of a few MBs, but when you start rebuilding tens of MBs, you're going to kill your server after just a few clients!

I just don't see why this is not considered desirable.

I _never_ said it wasn't desirable. I just said it is _not_ feasible.

I have maintained version control systems for _large_ engineering components in my time -- everything from models to IC schematics. No matter how much you "break down" the files into smaller files, you still put a _lot_ of data around.

And that means I either have a massive Sun (and now Opteron) box that does major I/O with a massive amount of memory for "server-side" delta'ing assembly/disassembly, or a have the same for NFS performance for "client-side" delta'ing assembly/disassembly.

And that's _before_ we even get to the point of the "added delay" that users will see using the "YUM" or whatever client-side tool. It will take signficantly longer to resolve things -- regardless of who does it.

Although client-side resolution will be a crapload slower over the Internet than server. Which means these "servers" will need to be "intelligent" and take a crapload more load just for the resolution (even before we get to the actual package delta'ing/services) than just "dumbly" serving files up via HTTP.

Sorry, I've just built too many TB-sized engineering revision control repositories to even listen to this thread any longer. Revision control exponentially increases the load over just serving files whole. That's tolerable on small textual files, but intolerable on larger binaries (no matter how small you break down things) -- especially when tens of clients are hitting the server.

There is a program called yam on Dag's site. There are several others on the net. They build repos. Build one the way you want it built. Tell us your results. Show us how to do it your way.

Roy

Les Mikesell wrote:

On Fri, 2005-09-09 at 13:28, Bryan J. Smith wrote:

...

Les Mikesell lesmikesell@gmail.com wrote:

[snip]

...

Again, I don't think you understand what delta'ing systems like CVS does compared to just a "HTTP accessable" repository trees. A world of difference!

I've never said I wanted deltas. I've said I wanted yum to not consider additions to a repository past a certain timestamp so it will make the same update decision it did a week or so ago even if the repostitory has additions.

Ok, you don't want to store deltas, you want to store multiple *copies*. That's even worse!

You said the alternative was easy. This question was just to find out what you mean by "easy". Put a price tag on what you mean when you say easy.

How much would it cost for you to do it your easy way for me - to have perhaps a dozen repository states saved and 10 clients configured to use each of them?

[snip]

Well, let's see, you want to have everyone in the world except you to have to maintain a dozen repository "states" (rather ill-defined word) so you can have the luxury of not doing so yourself. And, never having maintained one (let alone a dozen) repository "states" (whatever they are), you presume that it is easy.

Here's what I don't get about this thread: We have a fellow who has never done configuration management saying "All you have to do is..." when experts still don't have a complete solution to configuration management which works in all circumstances. And when people who *have* done configuration management try to point out that the task he wants performed is more complex than he imagines, he argues back.

Everything always looks simple from the outside, I guess.

Mike

Les Mikesell wrote:

On Fri, 2005-09-09 at 14:45, Mike McCarty wrote:

...

Well, let's see, you want to have everyone in the world except you to have to maintain a dozen repository "states" (rather ill-defined word) so you can have the luxury of not doing so yourself. And, never having maintained one (let alone a dozen) repository "states" (whatever they are), you presume that it is easy.

No, that's what I want to avoid. Everyone else responding *is* maintaining snapshot copies of repositories and I don't think anyone should have to. Yum's view of a repository consists of all the hdr files it has downloaded from it. I want it to pretend that files added after a certain time weren't there, thus creating a view of the state of the repository at a prior time. Given only that, nothing anyone has said yet has convinced me that that yum would not make the same decisions about update versions again.

I thought I mentioned something about file timestamps not guaranteeing file content. The date of a file is simply the moment in time when it got placed onto the web server. I'm not sure yum can even get that information, but if it could, it would be useless. A repository is really just a web page, and yum is just a wget with some control files which tell it what to pull. So I don't think that yum's view of a repository is quite what you think. The yum program is very nice for what it does, and it does it very well. It's very nice to use. I like it. It does some very clever things. But due to the nature of what a repository is, I don't see how yum could be used to accomplish the end you have in mind. Even if it had access to file dates. And making a repository contain the kind of information it would have to have in order to accomplish your goal would take quite a degree of co-operation among developers.

Mike

Les Mikesell wrote:

No, that's what I want to avoid. Everyone else responding *is* maintaining snapshot copies of repositories and I don't think anyone should have to. Yum's view of a repository consists of all the hdr files it has downloaded from it. I want it to pretend that files added after a certain time weren't there, thus creating a view of the state of the repository at a prior time.

At this moment in time, to do what you want, you have to maintain your own repository.

If you want to create a custom repository and have control of it yourself, or make a snapshot of a yum repository, which is a good idea to save bandwidth if you are going to update multiple computers in one location, there is a very good program to do this easily. It is called Repo-janitor and the author's website is here: http://www.bioxray.dk/~mok/repo-janitor.php

I have written a howto and have rpms here for Centos 4.1: http://smeserver.sourceforge.net/howto/RepoJanitor

Hope this helps,

Greg Swallow

Les Mikesell lesmikesell@gmail.com wrote:

I've never said I wanted deltas.

Okay, let's scratch RPM deltas then. That was someone else.

But you _still_ need at least a "delta" on the meta-data. Whether you delta the meta-data files, or you keep multiple copies, you _must_ do so.

YUM repositories do _not_ keep a running journal of changes in their meta-data. And YUM clients _only_ access that meta-data. YUM clients do _not_ inspect the RPM tree for resolution, only the meta-data.

My "conceptual hack" is a way to maintain multiple copies of the repo's meta-data, so you can look up older versions of the repository. It's not as good as a delta of the repository, and you "can't regenerate an old repository," but it does let you reference previous meta-data sets that were previously generated.

Which does most of what you want. You want to be able to pass a date that worked on another system, to any subsequent system. So you can access the repository's meta-data from that time by passing date. But, _again_, that requires the maintainance of _multiple_ sets of the repo meta-data.

The repo meta-data, which is what the YUM client uses, does _not_ contain a history -- only the current set of files, and there is no "date" information (nor can there be without deltas).

I've said I wanted yum to not consider additions to a repository past a certain timestamp so it will make the same update decision it did a week or so ago even if the repostitory has additions.

And I said that is _impossible_!

The YUM client _never_ accesses date information during resolution.

The YUM repository is a "static web site" and cannot provide that information.

The YUM repository contains meta-data matched the _discrete_date_ that "createrepo" or whatever tool that created the meta-data list.

And that's what the YUM client accesses.

To add in date information and all the meta-data associated would massively bloat the meta-data files. Which is why I suggested that conceptual hack, to serve up the meta-data from specific times in the past.

Do you understand this now?

Les Mikesell wrote:

On Fri, 2005-09-09 at 10:44, William Hooper wrote:

...

...

The only reason there is even a possible savings is that yum circumvents standard http/ftp caching practices by randomizing the source locations.

We've been through this before. Yum only changes servers if you use the mirror list option. By default CentOS (at least 4) doesn't, so what is the problem?

Most of my machines are running 3.5.

I just verified CentOS 3.5 is configured the same as 4.

...

...

Even then, you'd have to update a vast number of server-type machines to make up for the fact that rsync'ing the repository is going to pull copies of updates for a gazillion programs that no machine has installed.

So don't rsync it. Pull the RPMs from your test machine's yum cache and make your own repo.

That's actually the most sensible suggestion so far.

I've said it three or four times now.

Is there a generic automation for this?

Copy the files to an FTP/HTTP server and run yum-arch on them (since you are using CentOS 3.5).

Yum over ssh or something that doesn't take additional setup/infrastructure for every variation of Linux distributions or architecture I might like to use?

All can be served from a single FTP/HTTP server, just like the CentOS repos are now.

Les Mikesell lesmikesell@gmail.com wrote:

Caching network content without having to make a special effort for every different source is a problem that was solved eons ago by squid and similar caching proxies. My other complaint about yum is that it goes out of its way to prevent this from being useful in the standard way. No machine behind a caching proxy should have to pull a new copy of an unchanged file.

YUM _uses_ HTTP. But yes, any [good] HTTP proxy _will_ check for changes to the files retrieved.

I think you're failing to realize the problem is _not_ the tool, but the social/load aspects of something doing what you want.

I've posted my concept for a little "hack," but it's far from "ideal." "Ideal" is _only_ by maintaining your own, internal repository.

It is what Microsoft does. It is what Red Hat does. It is what Sun does. Etc...

You mirror their updates, and deploy internally. How you manage that varies, but it's _not_ a tool issue. It's a 100% social/load issue.

Les Mikesell wrote:

On Thu, 2005-09-08 at 13:07, Johnny Hughes wrote:

...

So, seriously, the best thing would be for you to create a directory that contains all your RPMS ... you put only the ones that you have approved in there. (You do not need to build anything from SRPMS). You make that accessible from the web and run createrepo on it.

OK, but I basically want to include all official updates here but I just want to delay/control rolling them out to make sure there are no surprises.

Then you: point your test machines to the official repos, after testing, move the tested RPMs to your locally managed repo and run createrepo. Done.

That means I need to copy that whole repository (of a size you said was such a problem mirroring that you had to break it at the point releases)

I believe Mr. Hughes was referring to the size of the whole mirror (all releases and all updates). Using the method above you only have to download the packages you need.

[snip]

where someone has tagged the 'known good' states as the changes were added.

Someone who? When updates are released they are believed to be in 'known good' states, but yet you (and a good number of people) still test them in your environment. Having anyone else besides yourself tagging things doesn't work, so you will be keeping your own repos anyway.

...

You only put authorized RPMS in there, and you rerun createrepo every time you put a new RPM in there.

Normally I'll want to mirror the official repository to get the set for testing. How do I know when you are finished doing your updates so that I don't get an rpm with a dependency that you haven't copied in yet?

You see the errors when you do the yum update on your test machine (see above, test machines are the only ones looking at the official repos). Or you look at the announce list and verify that the newer packages are all there.

Lamar Owen lowen@pari.edu wrote:

This seems a good application for differential or 'patch' RPM's and a CVS-like RPM repository. The mirroring requirements alone make, in my mind at least, a good case for patch RPM's that take up far less space (and take far less time to mirror, and can be mirrored in a transaction so that the repository, to the yum enduser, is ALWAYS consistent), and then a CVS-like RPM repository that stores the initial import and all patches from that import, and builds the desired RPM on the fly.

But now you're talking GBs of binary data, and "real-time" resolution by 1,000s of clients!

Yes, it's techncially possible to leverage XDelta and other support to do this. And you're going to burden your server with a massive amount of overhead that you don't have when you simply share stuff out via HTTP.

Think about it. ;->

Really, this problem has been dealt with before in the various revision control systems. To mirror the whole repository, something like CVSup that gets a consistent copy could be built. A portion of this infrastructure is available now as yam, but the underlying repository is far from ACID compliant (and now we're talking databases).

The mirroring size difference alone might make it worthwhile. But, it is likely to require more CPU; one of those trade-offs: CPU versus disk and bandwidth.

CPU, memory, disk, etc... will be _expoentially_ increased.

As I said, check in GBs of different binarie revisions to CVS and share the same out in multiple trees via HTTP. Now monitor the difference in load when you have 1, 2, 4, 8 ... 1024 clients connect!

Your CVS server is _crawling_ by just a half-dozen or so clients. Your Apache server is handling over 100 without much issue, depending on your I/O.

It is _not_ feasible, period.

Lamar Owen lowen@pari.edu wrote:

It depends on the implementation. You in your other delta message spell out essentially the same idea.

No, my other message was a _completely_different_ idea. It is a hack to the HTTP-serviced repository that just keeps multiple sets of repodata directories.

A major difference between a true delta back-end and that hack is that while you can re-generate the meta-data at any point for the former, you can_not_ for the latter. In other words, the "repodelta" hack I described can _only_ generated repodata for the state of the repository then, there and at _no_ other time. I.e., you cannot "go back in time" to re-generate it.

There is no "database" or "interwoven history" of the repository in the repodelta hack. It is just a simple hack to keep multiple copies of the repodata meta-data, that's it.

I have, repeatedly. If the RPMs in question are stored with the payload unpacked, and binary deltas against each file (similar to the CVS repository v file) stored,

I don't think you're realizing what you're suggesting. Who is going to handle the load of the delta assembly?

It's one thing to do an off-line disassembly and "check-in" the files, that only happens once -- when you upload the file.

But the on-line, real-time, end-user assembly during "check-out" is going to turn even a high-end server into a big-@$$ door-stop (because it's not able to do much else) with just a few users checking things out! Do you understand this?

BTW/FYI: I know how deltas work -- not only text, but the larger issue of delta'ing binary files. And I have personally deployed XDelta as a binary delting application over the last 5 years, since CVS can only store binaries whole. I haven't looked into how Subversion stores binaries (same algorithm as XDelta?).

then what is happening is not quite as CPU-intensive as you

make it out to be.

Not true! Not true at all! You're talking GBs of transactions _per_user_.

You're going to introduce: - Massive overhead - Greatly increased "resolution time" (even before considering the server responsiveness) - Many other issues that will make it "unusable" from the standpoint of end-users

You can_not_ do this on an Internet server. At most, you can do it locally with NFS with GbE connections so the clients themselves off-load a lot of the overhead. That's not feasible over the Internet, so that falls back on the Internet server.

As I mentioned before, not my Internet server! ;->

Most patches are a few bytes here and there in an up to a few megabyte executable, with most package patches touching one or a few files, but typically not touching every binary in the package. You store the patch (applied with xdelta

or

similar) and build the payload on the fly (simple CPIO here). You send an RPM out that was packed by the server, which is I/O bound, not CPU bound.

Either you have to: - Do full xdelta revisions on the entire RPM (ustar/cpio) - Break up the RPM and use your own approach

In any case, it's a crapload more overhead than merely serving out files via HTTP. You're going to reduce your ability to service users by an order of magntitude, if not 2!

With forethought to those things that can be prebuilt versus those things that have to be generated realtime, the amount of realtime generation can be minimized, I think.

That's the key right there -- you think.

Again, keep in mind that repositories merely serve out files via HTTP today. Now you're adding in 10-100x the overhead. You're sending data back and forth, back and forth, back and forth, between the I/O, memory, CPU, etc... Just 1 single operation is going to choke most servers that can service 10-100 HTTP users.

Prove exponential CPU usage increase. If designed intelligently, it might be no more intensive than rsync, which is doing much of what is required already. Would need information on the loading of rsync on a server.

No, you're talking about facilities that go beyond what rsync does. You're not just doing simple file differences between one system and another. You're talking about _multiple_ steps through _multiple_ deltas and lineage.

There's a huge difference between traversing extensive delta files and just an rsync delta between existing copies. ;->

That's because CVS as it stands is inefficient with binaries.

I only referenced CVS because someone else made the analogy. So yes, I know CVS stores binaries whole. That aside, the XDelta is _still_ going to cause a sizeable amount of overhead. Far more than Rsync.

Think outside the CVS box, Bryan.

I am. I _only_ used CVS because it was used prior for analogy. Now I'm talking about XDelta, which I _did_ have in mind previously when I wrote my prior e-mails.

I did not say 'Use CVS for this'; I said 'Use a CVS-like system for this' meaning simply the guts of the mechanism.

I know. I was already thinking ahead, but since the original poster doesn't even understand how delta'ing works, I didn't want to burden him with further understanding.

CVS per se would be horribly inefficient for this purpose.

Delta'ing _period_ is horribly inefficient for this purpose. In fact, storing the revisions whole would actually be _faster_ than reverse deltas of _huge_ binary files.

I don't care how you "break it up" -- it's going to _kill_ your server compared to just an HTTP stream.

Store the unpacked RPMs and binary deltas for each file.

You're talking about cpio operations _en_masse_ on a server! Have you ever done just a few smbtar operations from a server before? Do you _know_ what happens to your I/O?

_That's_ what I'm talking about.

Store prebuilt headers if needed.

As far as I'm concerned, that's the _only_ thing you should _ever_ delta. I don't relish the idea of a repository of delta'd cpio archives. It's just ludicrious to me -- and even more so over the Internet.

Because on the Internet, now you have to start "buffering" or "temporarily storing" packages. When you have tens of systems getting updates, you're duplicating a lot. Case-in-point: You'd be better off just storing the RPMs whole on the filesystem itself.

Only revision headers, period.

Trust the server to sign on the fly rather than at build time (I/O bound).

No, sorry. I sign _off-line_ for a reason.

Pack the payload on the fly with CPIO (I/O bound).

But the problem is you have duplicate I/O streams -- back and forth. That's a PITA when you've got tens of operations going on.

Again, have you _ever_ run smbtar from your server to just a few Windows clients for backup? Same problem.

Send the RPM out (I/O bound) when needed.

And buffer it, temporarily store it, etc... for 10+ connections.

Mirrors rsync the whole unpacked repository (I/O bound).

But it does a delta against 2 existing files -- not an entire lineage of deltas. I really don't think you've thought this through.

Are there issues with this? Of course there are. But the tradeoff is mirroring many GB of RPM's (rsync has to take some CPU for mirroring this large of a collection) versus mirroring fewer GB of unpacked RPM's plus binary deltas,

I think your minimizing the binary delta operation, big time. I don't think you're going to save any size in the end for mirrors either.

and signing the on-the-fly RPM.

Again, for security reasons, I very much consider this to be a "disadvantage." I like to sign _off-line_ for a reason -- still automated -- but from an _internal_ system.

Yes, it will take more CPU, but I think linearly more CPU and not exponentially.

Here's a "real world" test for you.

Write a Apache script or even C program that takes XDelta version files, makes them into a cpio archive, and services them up.

Now just services up the cpio archive without all the processing.

How many clients can you serve for each?

Of course, it would have to be tried. The many GB of mirror has got to have many GB of redundancy in it. The size of the updates is getting out of control; for those with limited bandwidth it becomes very difficult to stay up to date.

I think you've underestimated the resources required to XDelta -- not "two points" like in rsync, but _multiple_. The cpio operation actually pales in comparison.

Les Mikesell lesmikesell@gmail.com wrote:

it would be trivial for a client to decide whether it is more efficient to apply a delta to an existing cached or locally available version or pull the latest.

But how does the "appropriate delta" get built? At the server! That's more server overhead, let alone the "service" that the client uses to query.

Now let's say you just have the client download the _entire_ delta for the RPM to avoid all that extra server overhead. Now you're actually _increasing_ the amount you download. ;->

There's no way to do it _remotely_, over the Internet without add a lot of load -- either in the total amount of transfer, or in the amount of overhead in the service. You're no longer offering a simple HTTP-serviced tree, but an intelligent service on the server that requires a lot more overhead.

It would take more storage, but wouldn't break anything already working

??? You really don't know what a YUM repository is, do you ???

It's a web site. Not only that, the YUM client only accesses the meta-data on the web site for resolution, _not_ the actual RPMs. That's the problem.

To do otherwise requires far more bandwidth. Or requires the server to have an "intelligent" service, and not just a "dumb" web site.

Likewise, how does the style used in rdiff-backup compare?

rdiff-backup does 1 delta, against 2 files.

A delta versions system requires you to _ripple_ through every delta, _rebuilding_ every change each time.

That either requires you to have a beefy server to do that. Or it requires you to have a massive amount of bandwidth for the client to download all the deltas and it will do it.

It claims to be similar to rsync which has proven very efficient in being able to transmit the differences between two files.

rsync does *1* delta. Furthermore, it's not as efficient as a straight HTTP stream when it comes to the server.

With rdiff the server side work only has to be done once.

Not for rippling through multiple deltas, which is what versioned files are. Several of you seem to forget that aspect.

Let alone the repository "service" will need to temporarily house what you need, or handle multiple accesses for each "rippled" delta the client then re-assembles.

You're talking a lot more overhead than just a HTTP access.

You really only need to create a delta once per RPM version update creation.

Yes, per RPM version update creation. You're talking about the "disassembly" of the "check-in." That's cake! You're right!

But what do clients need? Re-assembly in the check-out! So if there have been 5 version updates since, then _all_5_ deltas will need to be "rippled through."

Again, at what point do people realize YUM is just HTTP access, and now you're doing a lot more. As someone who has maintained engineering part files, semiconductor layouts, etc... in various revision control systems -- I can tell you this is a _lot_ of overhead versus just file access like via HTTP, NFS, etc...

You can't service more than a few clients locally, much less the nightmare of an Internet server where operations are much slower, temporary files must be created, etc...

Then you need to store the delta in addition to the full versions, so there is more disk storage needed for this approach.

So why not just store the _whole_ versions? That's my point.

Maybe I can make a better analogy ... backup servers.

It's one thing to have a full backup and a few incrementals and rebuilt them for a restore. It's a completely different thing to have tens of clients wanting the same!

They could still do that. The only overhead added would be for the storage of the deltas and the traffic of the client checking the sizes.

I give up.

You would trade that off against the network traffic saved when the client chooses the smaller delta. But, for this to work you need an on-line local cache of the base rpms.

Hence why you should have a local repository! Isn't that what you were arguing against?!?!?!

Yum saves one for a while for the updates but I doubt if enough people would set up the local cache of the base files to make this approach work unless that step is automated during the OS install.

Wait, you're actually making sense now! No way!