CentOS - Feb 2013 - Is this right? -- Centos 6 and RHEL 6 infrastrure for continuous update/upgrade

Hi all,

Both RHEL 6 and CentOS 6 can be installed from any minor releases DVDs: 6.0,
6.1, 6.2, 6.3, etc. And then got continuous upgrade/update with command 'yum
-y upgrade' if repos are setup correct.

But the repos infrastructure is different between the two. CentOS uses two
repos:

??? ..../centos/6/os/... repo and .../centos/6/updates/...

The updates/ repo contains ONLY updated RPMs between minor releases. currently
the updates/ contains updates after 6.3. and the /centos/6/os/ points to
6.3Base.

Question #1: 


supposed I installed with Centos 6.2 last year, and let's say Centos 6.4
comes out two months later and I have not updated a single package since initial
installation until Centos 6.4 comes out (I am way too lazy :) ), then How can I
setup my yum config to not miss any updated packages?

Should I put all three repos inside yum config?

??? ??? centos-6.2-kickstart-os
??? ??? centos-6-os
??? ??? centos-6-updates
??? 
? or the centos-6.2-kickstart-os is not needed at all -- the centos-6-os and
cnetos-6-updates together contains all latest RPMS since 6.0 -- ? The first way
may render yum to report warning of 'duplicate RPM group definitions' or
similar.


Questions #2:


I've heard that RHEL 6 uses a different path, they seems to have only one
big continuously updated base os/ repository. all the RPMs updated since 6.0
(include RPMs at the published day of RHEL 6.0) are contained in the repo. So
only the one repo is in need to upgrade systems at any time. Is this true? and
if so, any benefits go with it?

Thanks.

--Robinson

On 02/08/2013 07:45 PM, Gelen James wrote:
> Hi all,
>
> Both RHEL 6 and CentOS 6 can be installed from any minor releases DVDs:
6.0, 6.1, 6.2, 6.3, etc. And then got continuous upgrade/update with command
'yum -y upgrade' if repos are setup correct.
>
> But the repos infrastructure is different between the two. CentOS uses two
repos:
>
>     ..../centos/6/os/... repo and .../centos/6/updates/...
>
> The updates/ repo contains ONLY updated RPMs between minor releases.
currently the updates/ contains updates after 6.3. and the /centos/6/os/ points
to 6.3Base.
>
> Question #1: 
>
>
> supposed I installed with Centos 6.2 last year, and let's say Centos
6.4 comes out two months later and I have not updated a single package since
initial installation until Centos 6.4 comes out (I am way too lazy :) ), then
How can I setup my yum config to not miss any updated packages?
>
> Should I put all three repos inside yum config?
>
>         centos-6.2-kickstart-os
>         centos-6-os
>         centos-6-updates
>     
>   or the centos-6.2-kickstart-os is not needed at all -- the centos-6-os
and cnetos-6-updates together contains all latest RPMS since 6.0 -- ? The first
way may render yum to report warning of 'duplicate RPM group
definitions' or similar.
>
>
> Questions #2:
>
>
> I've heard that RHEL 6 uses a different path, they seems to have only
one big continuously updated base os/ repository. all the RPMs updated since 6.0
(include RPMs at the published day of RHEL 6.0) are contained in the repo. So
only the one repo is in need to upgrade systems at any time. Is this true? and
if so, any benefits go with it?
There is no difference in the 2 approaches if you want the latest
updated version of the OS.  You just need to use centos-6-os and
centos-6-updates.  If you install from a CentOS-6.0 iso and run yum
upgrade, you will have all the latest set of updated RPMs.

The one difference in having everything in one BIG repo is that you
would have access to every single version, not just the latest version,
of RPMS in that one repo.  If you needed an older version of a
particular package, it is fairly easy to do in that scenario.

The negative is that it would be much larger than only the latest RPMS. 

Our vault.centos.org servers (were all the old releases are available if
you actually need older RPMS for some reason), is 663GB.  The
mirror.centos.org trees are only 130GB.  Since we push CentOS to more
than 520 mirrors in 75 countries all over the world, we need to split
out the latest trees (130GB) and make that available to millions of
users. Vault (663GB) requires much more storage, but user demand is also
much less for the older releases.

Remember, Red Hat is a billion dollar company and CentOS runs our
infrastructure completely on donated servers ... the fact that we can
serve millions of users 130GB of data for free is nothing short of
amazing ... but many of our machines do not have the capacity to serve
all 663 GB of data.  But we do also provide vault.centos.org for users
who actually need all 663GB of data.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20130209/2c27024a/attachment-0003.sig>

On 02/08/2013 07:45 PM, Gelen James wrote:

<snip>
> supposed I installed with Centos 6.2 last year, and let's say Centos
6.4 comes out two months later and I have not updated a single package since
initial installation until Centos 6.4 comes out (I am way too lazy :)
That would be extremely unfortunate ... because there are *VERY
IMPORTANT* security updates that come out between point releases. 

There are 2 classes of these updates (Critical and Important) that
should be applied ASAP after release to prevent root access by
unauthorized users.  It is extremely important to maintain Internet
facing machines updated with security updates.  There are 2 less severe
security updates (Moderate and Low) that should also be installed, but
are not as critical ... and there are also bugfix and enhancement
updates that are a convenience, but likely not required.

Machines get rooted if security updates are skipped ... don't do it.

Our CentOS Announce list has "Topics" that split those announcements
so
you can minimize the traffice you get.  One "topic" is "Security
Updates" ... utilizing that and the Daily Digest feature, you can get
one e-mail (only on days when we do a security release) to get minimum
contact for only important announcements.  Please use it.

To understand how Red Hat rates "Severity" ... please review this:

https://access.redhat.com/security/updates/classification/

Here is also some good reading concerning security metrics:

http://www.redhat.com/security/data/metrics/

Stay updated !!!

Thanks,
Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20130209/df461c38/attachment-0003.sig>

On 02/09/2013 05:58 AM, Johnny Hughes wrote:
> On 02/08/2013 07:45 PM, Gelen James wrote:
>
> <snip>
>> supposed I installed with Centos 6.2 last year, and let's say
Centos 6.4 comes out two months later and I have not updated a single package
since initial installation until Centos 6.4 comes out (I am way too lazy :)
> That would be extremely unfortunate ... because there are *VERY
> IMPORTANT* security updates that come out between point releases.
>
> There are 2 classes of these updates (Critical and Important) that
> should be applied ASAP after release to prevent root access by
> unauthorized users.  It is extremely important to maintain Internet
> facing machines updated with security updates.  There are 2 less severe
> security updates (Moderate and Low) that should also be installed, but
> are not as critical ... and there are also bugfix and enhancement
> updates that are a convenience, but likely not required.
>
> Machines get rooted if security updates are skipped ... don't do it.
>
> Our CentOS Announce list has "Topics" that split those
announcements so
> you can minimize the traffice you get.  One "topic" is
"Security
> Updates" ... utilizing that and the Daily Digest feature, you can get
> one e-mail (only on days when we do a security release) to get minimum
> contact for only important announcements.  Please use it.
>
> To understand how Red Hat rates "Severity" ... please review
this:
>
> https://access.redhat.com/security/updates/classification/
>
> Here is also some good reading concerning security metrics:
>
> http://www.redhat.com/security/data/metrics/
>
> Stay updated !!!
>
> Thanks,
> Johnny Hughes
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
I would assume (and I know it's not good to do that!) that the updates 
and patches that are pushed out through the repos are something not to 
be ingored,....so why would the severity of one be that big an 
issue?....(and I'm just curious...not trying to start a war!..LoL!)


EGO II