[CentOS] centralized patch management
shuff at vecna.org
Wed Jul 16 13:48:25 UTC 2008
On Jul 16, 2008, at 9:08 AM, Terry wrote:
> I have been asked to come up with a strategy for centralized patch
> management of our linux servers. Today, this is only centos and rhel.
> What is everyone else doing in this arena?
here's a reasonably straightforward scheme:
1) make sure yum is installed on all your systems (if you have RHEL4
2) host your own yum repository
3) install an appropriate myrepo.conf in /etc/yum.repos.d on all your
at this point you have a few options:
a) mirror the upstream base and updates repos for your architectures
into your local repo and remove all the other contents of /etc/
yum.repos.d on all your hosts. this gives you the maximum control
over when patches go out to your machines; unfortunately, capturing
updates from RH is a bit arduous (one way to do is is to run one
machine per architecture that has an RHN subscription, capture all the
packages it downloads, and copy them into your local repository) and,
especially if you're manually approving each package that gets copied
over, it can introduce delay in the deployment of patches.
b) let your systems pull updates from RHN or from CentOS mirrors as
normal, and add any additional packages via your custom repo. this
scheme requires less effort, but may not be as "centralized" as you
both of these schemes scale to accommodate other third-party
repositories, though you have to think about whether you want other
repositories to clobber packages from your distribution. these should
also scale to accommodate other RPM-based distributions.
If this were played upon a stage now, I could condemn it as an
improbable fiction. - Fabian, Twelfth Night, III,v
More information about the CentOS