I have a mix of CentOS 5, 6, and now 7 servers at work. There are enough of them now that it is starting to make sense for them to get updates from an internal source. I've seen RHN Satellite in years past. It looks like it may be a way to allow Windows admins here (familiar with WSUS) to update Linux boxes. A local repo might be easier to set up, but (as with Spacewalk) it seems like we'd end up with a lot of packages we don't need. A proxy and a sufficiently-large cache might do the trick if the first Linux box to get updates populates the cache which the files the others will need, but I haven't looked into this enough to see if there's even a way that works. How do you all keep a dozen or more Linux boxes updated? Thanks! -- Chris Nothing in this message is intended to make or accept an offer or to form a contract, except that an attachment that is an image of a contract bearing the signature of an officer of our company may be or become a contract. This message (including any attachments) is intended only for the use of the individual or entity to whom it is addressed. It may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, we hereby notify you that any use, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this message in error, please notify us immediately by telephone and delete this message immediately. Thank you.
On Mon, September 29, 2014 12:59 pm, Chris Beattie wrote:> Nothing in this message is intended to make or accept an offer or to form > a contract, except that an attachment that is an image of a contract > bearing the signature of an officer of our company may be or become a > contract. This message (including any attachments) is intended only for > the use of the individual or entity to whom it is addressed. It may > contain information that is non-public, proprietary, privileged, > confidential, and exempt from disclosure under applicable law or may > constitute as attorney work product. If you are not the intended > recipient, we hereby notify you that any use, dissemination, distribution, > or copying of this message is strictly prohibited. If you have received > this message in error, please notify us immediately by telephone and > delete this message immediately. > > Thank you.I was about to answer the question then all of a sudden my eye caught this footer which offended me, so I decided mention this fact instead of answering question... Valeri PS I never feel obliged to anything that is sent to me in e-mail without me originally soliciting it. All obligations lie purely on the sender. This has always be that way and will always be no matter whether I read your crap or not (sorry, everybody who does not send e-mail with that crap, it is really difficult to hold one's feelings when you just got offended). ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On Mon, Sep 29, 2014 at 12:59 PM, Chris Beattie <cbeattie at geninfo.com> wrote:> I have a mix of CentOS 5, 6, and now 7 servers at work. There are enough of them now that it is starting to make sense for them to get updates from an internal source. > > I've seen RHN Satellite in years past. It looks like it may be a way to allow Windows admins here (familiar with WSUS) to update Linux boxes. A local repo might be easier to set up, but (as with Spacewalk) it seems like we'd end up with a lot of packages we don't need. A proxy and a sufficiently-large cache might do the trick if the first Linux box to get updates populates the cache which the files the others will need, but I haven't looked into this enough to see if there's even a way that works. > > How do you all keep a dozen or more Linux boxes updated?I don't think there is a way to do it that doesn't take more human effort than it is worth unless you have limited internet access. It is basically designed not to work. A simple squid proxy with the file size bumped up will work with no extra attention (and be useful for all your internet accesses), but the first dozen or so runs are probably going to pick different mirror URLs instead of reusing the copy you have already cached. You can change the repo mirrorlist entry to a fixed system - but then your updates will break if it is down. Or you can mirror a bunch of stuff you'll never need into your own repo. Or set up some special-case thing that only works for Centos - or maybe even just one version of Centos. -- Les Mikesell lesmikesell at gmail.com
Chris Beattie wrote:> I have a mix of CentOS 5, 6, and now 7 servers at work. There are enough > of them now that it is starting to make sense for them to get updates from > an internal source. > > I've seen RHN Satellite in years past. It looks like it may be a way to > allow Windows admins here (familiar with WSUS) to update Linux boxes. A > local repo might be easier to set up, but (as with Spacewalk) it seems > like we'd end up with a lot of packages we don't need. A proxy and a > sufficiently-large cache might do the trick if the first Linux box to get > updates populates the cache which the files the others will need, but I > haven't looked into this enough to see if there's even a way that works. > > How do you all keep a dozen or more Linux boxes updated? >We have over 170 servers and workstations. We use yum update for system stuff. If you really want an internal source, build a repo of your own. I installed Spacewalk in '09. While I was doing it, it went from .3 to .4 or .5 - don't remember. For a dozen or so servers, it's *vastly* more effort to install and configure, and presumably maintain, than you would spend if you just set up an internal repo.> Thanks! > -- > Chris > Nothing in this message is intended to make or accept an offer or to form > a contract, except that an attachment that is an image of a contract > bearing the signature of an officer of our company may be or become a > contract. This message (including any attachments) is intended only for > the use of the individual or entity to whom it is addressed. It may > contain information that is non-public, proprietary, privileged, > confidential, and exempt from disclosure under applicable law or may > constitute as attorney work product. If you are not the intended > recipient, we hereby notify you that any use, dissemination, distribution, > or copying of this message is strictly prohibited. If you have received > this message in error, please notify us immediately by telephone and > delete this message immediately. >I agree with Varleri - this is a ludicrously long and extremely pissy postscript. I probably should have joined him in *not* responding, since a) it says "may> contain information that is non-public, proprietary, privileged, > confidential, and exempt from disclosure under applicable law", whichyou posted to a public email list, which is international in scope, and therefore a null and void statement, since it would *only* be applicable to someone who had signed an NDI, and b) you're not offering anyone here to pay for such. mark -- Any resemblance between the above views and those of my employer, my terminal, or the view out my window are purely coincidental. Any resemblance between the above and my own views is non-deterministic. The question of the existence of views in the absence of anyone to hold them is left as an exercise for the reader. The question of the existence of the reader is left as an exercise for the second god coefficient. (A discussion of non-orthogonal, non-integral polytheism is beyond the scope of this article.) - kate roth-whitworth
On Mon, 29 Sep 2014, Chris Beattie wrote:> I have a mix of CentOS 5, 6, and now 7 servers at work. There are > enough of them now that it is starting to make sense for them to get > updates from an internal source. > > I've seen RHN Satellite in years past. It looks like it may be a > way to allow Windows admins here (familiar with WSUS) to update > Linux boxes. A local repo might be easier to set up, but (as with > Spacewalk) it seems like we'd end up with a lot of packages we don't > need. A proxy and a sufficiently-large cache might do the trick if > the first Linux box to get updates populates the cache which the > files the others will need, but I haven't looked into this enough to > see if there's even a way that works. > > How do you all keep a dozen or more Linux boxes updated?We keep local repos for CentOS, Debian, Fedora, Ubuntu -- plus some smaller repos like OpenBSD -- on an older machine with a RAID-5 array. The faster moving distributions are updated a couple time a day, while CentOS is updated just once per day. Right now, disk usage on that machine is about 2.5TB. Debian and Ubuntu have some distro-specific scripts we use (ftpsync and ubumirror, respectively), while I update CentOS and Fedora with fairly unremarkable cron jobs. Under the hood, all these tools use rsync. All installations and updates are done from the local mirrors; we use cfengine to make sure the /etc/yum.repos.d/* or /etc/apt/* files point to the right spot. -- Paul Heinlein heinlein at madboa.com 45?38' N, 122?6' W
2014-09-29 20:59 GMT+03:00 Chris Beattie <cbeattie at geninfo.com>:> I have a mix of CentOS 5, 6, and now 7 servers at work. There are enough > of them now that it is starting to make sense for them to get updates from > an internal source. > > I've seen RHN Satellite in years past. It looks like it may be a way to > allow Windows admins here (familiar with WSUS) to update Linux boxes. A > local repo might be easier to set up, but (as with Spacewalk) it seems like > we'd end up with a lot of packages we don't need. A proxy and a > sufficiently-large cache might do the trick if the first Linux box to get > updates populates the cache which the files the others will need, but I > haven't looked into this enough to see if there's even a way that works. > > How do you all keep a dozen or more Linux boxes updated? > >install yum-utils and use reposync to create local mirror with only newest packages.> Thanks! > -- > Chris > Nothing in this message is intended to make or accept an offer or to form > a contract, except that an attachment that is an image of a contract > bearing the signature of an officer of our company may be or become a > contract. This message (including any attachments) is intended only for the > use of the individual or entity to whom it is addressed. It may contain > information that is non-public, proprietary, privileged, confidential, and > exempt from disclosure under applicable law or may constitute as attorney > work product. If you are not the intended recipient, we hereby notify you > that any use, dissemination, distribution, or copying of this message is > strictly prohibited. If you have received this message in error, please > notify us immediately by telephone and delete this message immediately. >Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Nam liber tempor cum soluta nobis eleifend option congue nihil imperdiet doming id quod mazim placerat facer possim assum. Typi non habent claritatem insitam; est usus legentis in iis qui facit eorum claritatem. Investigationes demonstraverunt lectores legere me lius quod ii legunt saepius. Claritas est etiam processus dynamicus, qui sequitur mutationem consuetudium lectorum. Mirum est notare quam littera gothica, quam nunc putamus parum claram, anteposuerit litterarum formas humanitatis per seacula quarta decima et quinta decima. Eodem modo typi, qui nunc nobis videntur parum clari, fiant sollemnes in futurum. eh. -- Eero
On 30/09/2014 3:59 am, Chris Beattie wrote:> I have a mix of CentOS 5, 6, and now 7 servers at work. There are enough of them now that it is starting to make sense for them to get updates from an internal source. > > I've seen RHN Satellite in years past. It looks like it may be a way to allow Windows admins here (familiar with WSUS) to update Linux boxes. A local repo might be easier to set up, but (as with Spacewalk) it seems like we'd end up with a lot of packages we don't need. A proxy and a sufficiently-large cache might do the trick if the first Linux box to get updates populates the cache which the files the others will need, but I haven't looked into this enough to see if there's even a way that works. > > How do you all keep a dozen or more Linux boxes updated?Hi Chris, Either a local mirror or spacewalk will do what you want. I find at my site with relatively little but expensive bandwidth, the cost of disks is much less compared to download time. Hence, I initially just mirrored over rsync and now rsync the changes every day or more frequently as required. At that stage my local machines pointed to the local mirror over my LAN. FWIW my current disk usage is about 0.7TB and I'm mirroring: -) centos -) cygwin -) dell -) epel -) rpmforge -) spacewalk After that, I then moved to spacewalk to manage the 30 or so CentOS machines currently in production. The effort to set up and maintain was not that great and the GUI front end is great for snapshots of the current state of my machines. Nice reporting tool for management. Currently I'm also moving into the OpenSCAP interface of SpaceWalk to provide the compliance reports that my company is starting to require. We do non-military civil engineering type work for government and its surprising the trickle down security and audit requirements being pushed down. I know that this can all be scripted but with a little set up its surprisingly easy via the GUI. Another big plus for me is that I love the local mirror that also makes spacewalk simpler. We do a bit of R&D so find when testing new servers a kickstart off the local http mirror is really quick. Initial application deployment on the kickstarts come directly off http - as previously mentioned if you run a local squid instance here this can be even faster. Next, the first step in my %POST of the kickstart is a couple of lines to disable the native repos and connect to SpaceWalk. From there all packages are deployed off SpaceWalk but still its over http so squid may still speed things up. The big move to make SpaceWalk viable for me though, was a few years ago when it fully supported PostgreSQL over Oracle. I didn't have an Oracle license and the free version maxed out with three centos channels covering both x86_64 and i386 architectures. Finally, as a number of my developers are and want to continue to use Ubuntu/Debian, now that SpaceWalk supports debian packages, I'm looking at starting to mirror those channels and publish via SpaceWalk as well for auditing purposes. My devs have a lot of freedom on their own platforms, so if I can at least have an overview of their status that helps me. I also mirror EPEL. And publish it via SpaceWalk for all the same reasons. Hope that helps, -pete -- Peter Brady Email: pdbrady at ans.com.au Skype: pbrady77 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 881 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20140930/9d7c628b/attachment-0003.sig>
On Mon, Sep 29, 2014 at 3:53 PM, Peter Brady <subscriptions at simonplace.net> wrote:> > > I also mirror EPEL. And publish it via SpaceWalk for all the same reasons.How big is EPEL? And when you mirror with SpaceWalk does it preserve old version so you'd have the possibility to downgrade after a change? -- Les Mikesell lesmikesell at gmail.com
On 9/29/2014 1:59 PM, Chris Beattie wrote:> How do you all keep a dozen or more Linux boxes updated?I just wanted to say thank you to everyone at once for the advice. It's much appreciated. I also wanted to apologize in advance to those who were injured by the legal text at the end of my previous message (I have no control over it. It is mandatory on all outgoing messages AND the use of personal e-mail accounts is prohibited where I work.), because, well, you're just going to get offended again if you keep reading past the signature block separator. We all know the legalese down there is worse than YouTube comments, which at least have a nonzero chance of being funny going for them. Or, you need to try harder if you want to be as offended as the Cygwin mailing list is at these sorts of things. -- -Chris