Hello, we run approximately 400 Centos servers at our company. We use cfengine for configuration management. I am looking for some documentation to do patching including kernel patches. I was thinking of just having each host run yum update via cfengine but not sure if there are any gotchas there? Should I just do yum update? or should i exclude the kernel and be more careful with those? how about glibc? I am wondering what other people out there do with such large installations. I'd very much appreciate any help or suggestions on this. Also, kinda related to the above is my question about the correct yum behavior when installing kernels. I've seen it sometimes make the new kernel the default in grub.conf but sometimes it doesnt? what is the designed behavior? best regards, SK