On Mon, September 29, 2014 1:19 pm, Les Mikesell wrote: > On Mon, Sep 29, 2014 at 12:59 PM, Chris Beattie <cbeattie at geninfo.com> > wrote: >> I have a mix of CentOS 5, 6, and now 7 servers at work. There are >> enough of them now that it is starting to make sense for them to get >> updates from an internal source. >> >> I've seen RHN Satellite in years past. It looks like it may be a way to >> allow Windows admins here (familiar with WSUS) to update Linux boxes. A >> local repo might be easier to set up, but (as with Spacewalk) it seems >> like we'd end up with a lot of packages we don't need. A proxy and a >> sufficiently-large cache might do the trick if the first Linux box to >> get updates populates the cache which the files the others will need, >> but I haven't looked into this enough to see if there's even a way that >> works. >> >> How do you all keep a dozen or more Linux boxes updated? > > I don't think there is a way to do it that doesn't take more human > effort than it is worth unless you have limited internet access. It > is basically designed not to work. A simple squid proxy with the > file size bumped up will work with no extra attention (and be useful > for all your internet accesses), but the first dozen or so runs are > probably going to pick different mirror URLs instead of reusing the > copy you have already cached. You can change the repo mirrorlist entry > to a fixed system - but then your updates will break if it is down. > Or you can mirror a bunch of stuff you'll never need into your own > repo. Or set up some special-case thing that only works for Centos - > or maybe even just one version of Centos. > I guess my feeling will not hurt if I add my reply *here* ;-) We keep local mirror, which I'm pointing my CentOS boxes to. When I know some update is critical I kick the script that walks through all boxes and installs all updates accumulated by that time (yum clean all; yum -y update). In the past when I had awfully important servers under CentOS (they are FreeBSD now), I was testing updates on a separate box first to see if they will or will not break anything, and find the way to not have production stuff broken before actually install updates. I kick my script into action to the contrary to having daily, hourly or weekly cron job as I have system integrity verification system which will give me a kick every time anything changes without a reason. This makes cron job prohibitive for me (and requires me to incorporate that integrity stuff into update script, - which is beyond the scope here). Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++