[CentOS-devel] Delta RPMs disabled by default?

Fri Jul 11 19:38:05 UTC 2014
Les Mikesell <lesmikesell at gmail.com>

On Thu, Jul 10, 2014 at 5:46 PM, Nico Kadel-Garcia <nkadel at gmail.com> wrote:
> >>
>> So you are saying that the system does not have its own sane way to
>> manage packages?
>
> Most do. But there are often subtle implications. The chef "java"
> cookbook, for example, has no option to set a particular RPM release
> number, only to select a basic java "7" or "6" major release, and to
> select the openjdk or Oracle versions. When the original author did
> not appreciate the desire for more granularity, it can be very
> difficult to get the  subtleties like particular Java release
> installed as needed.

But that would be exactly the thing I'd need to control  - and I don't
want to control it by having to know anything about the packages ahead
of time.  For example updating to versions between java1.7u25 and
1.7u55 would have broken an elasticsearch cluster.  But I wouldn't
have known that ahead of time to use any top-down control.  I want to
control it by taking a known-good instance, built/tested by some group
that knows the details of the component they develop best, and be able
to duplicate that system as exactly as possible (allowing for
hardware/network/etc. differences), updating some subset of production
boxes at a time over some timespan.

>
> And by the way, I'd not use a 'yum list'. The yum output is difficult
> to parse, with extraneous and difficult to predict line breaks,
> unnecessary headers, etc. If you've got to go this way of replicating
> package lists, use:
>
>             rpm -qa --qf '%{name}-%{version}-%{release}.%{arch}\n'
>
> Or use 'rpm -qa --qf '%{name}.%{arch}\n' if you don't care about
> particular versions.

I sort-of like yum's knowledge of repository the package came from.
I just wish it would do something sensible about comparing/duplicating
a set.   Given that the packages are version, I think there should be
a way to do the same operations you do with source version control and
for the same reasons.

>> modulo any differences in hardware related packages and some special
>> cases that are our own local location specific packages.  Except for
>
> And this is when you suddenly need something more complex. That's
> where something more powerful is very useful.

I'd be happy if I could just say 'update' but don't take any packages
newer than 'timestamp'.  Where 'timestamp' would be the time of the
test host update.  CentOS is stable enough that I'll take my chances
with hardware specific updates that might be different, plus we never
update enough systems at once to have a problem with an unforeseen
hardware issue.

>> saltstack, they don't seem that well designed for cross-platform
>> environments and even there windows seems like an afterthought - and
>> it seems sort of fragile the way things can break if you update
>> clients ahead of the server.
>
> Yeah, consistency across environments is difficult. That's where tools
> like spacewalk can be useful, if only it didn't require so much time
> and resources to set up in the first place.

Don't think spacewalk is going to help with the windows boxes, and
probably not Suse either.  And aside from the complexity,  I don't
think it matches our workflow where many separate groups handle
different components on different platforms, all with their own
release scheduling.  There are probably some tools that could be made
to work, but I don't understand them well enough to see how the right
steps could be done by the right people to control the update
scheduling while ensuring that the changes are exactly what has been
tested.

So, I'd really rather have the much simpler capability of being able
to repeat a yum update with predictable results.

-- 
  Les Mikesell
      lesmikesell at gmail.com