This is a question for you guys out there that have a bunch of similar configured systems out there... How do you handle your updates? I do not mean the technical level, but from the logistics. No updates? Just run yum by cron and grab the latest of the web and trust the developers that it works? Deploy only certain packages automatically (i.e. omit kernel updates)? run your own yum/apt/up2date/whatever repos? Thanks for your time, Peter.
On Mon, 2005-06-27 at 06:38 -0400, Peter Arremann wrote:> This is a question for you guys out there that have a bunch of similar > configured systems out there... How do you handle your updates? I do not mean > the technical level, but from the logistics. No updates? Just run yum by cron > and grab the latest of the web and trust the developers that it works? Deploy > only certain packages automatically (i.e. omit kernel updates)? run your own > yum/apt/up2date/whatever repos? > > Thanks for your time, > > Peter.I create a local mirror for CentOS-3.x and CentOS4.x. Being that I am a CentOS-4 developer, I just run yum upgrades nightly on most of my CentOS-4.x servers (Since I test the upgrades before they get pushed) against the local mirror. On my Oracle servers (they are still CentOS-3.x and are extremely mission critical), I run the nightly yum updates on a test machine (where I also test the nightly oracle backups can be imported) ... and make sure nothing is broken, then update the other machines manually against the local mirror. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20050627/2d944b67/attachment-0003.sig>
From: Peter Arremann> This is a question for you guys out there that have a bunch of similar > configured systems out there... How do you handle your updates? I do not mean > the technical level, but from the logistics. No updates? Just run yum by cron > and grab the latest of the web and trust the developers that it works? > Deploy only certain packages automatically (i.e. omit kernel updates)? > run your own yum/apt/up2date/whatever repos?Unless there are only 2-3 systems, the last option. I _always_ maintain an internal repository that goes through its own "enterprise release." One test system always gets the task of regression testing a new set of updates before it hits production. High security rollouts happen ASAP, other rollouts are far less pressured. For only 2-3 systems, I still have a test system, but it's cheap and its hardware does not match production. So I test on one production as long as I can before upgrading all. If I had a huge client base, I'd just maintain my own repository on the Internet with my releases they feed from. So far, my clients have always had their own resources to maintain the repository and procedures after I setup it up and left.