[Techtalk] Keeping Linux servers up to date

Amy Tanner amy at real-time.com
Mon Apr 7 17:29:50 EST 2003 

On Mon, Apr 07, 2003 at 06:02:37PM -0400, Raven Alder (raven at oneeyedcrow.net) wrote:
> Heya --
> 
> 	For the sysadmins in the house... I'm just wondering if there is
> a better way to handle software updates than I'm currently doing.
> 
> 	At my day job, I admin a wide variety of Linux servers.
> Everything from ancient to modern, with all sorts of things in between.
> Many different distributions, many different flavors.  I have some
> control over how new distros are installed, but not a whole heck of a
> lot on what's already up and running in the lab.  And some of it is
> oooold.  Like "Red Hat 6" old.
> 
> 	Given that scenario, what do you think the best way to deal with
> software updates and package management is?  

<snip>

Since the boxes don't have Internet access, I would recommend setting up
your own internal APT repository.  It's very easy to do.  Check
apt.freshrpms.net for info on how to setup an RPM-based apt repository.
I believe there's a howto for a deb-based apt repository.

At my work we have all RedHat boxes and I control all the installs (they
are kickstarted) which does simplify things.  Having APT has been a
lifesaver for me.  Nightly a script rsync's the updated RPMs and
re-makes the apt repository.  Then a script on each box does an apt-get
update;apt-get upgrade to keep them all updated.  On some boxes, servers
for instance, I put all the packages associated with services they run
in the list of HeldPackages so they don't automatically run.

When I started 1.5 years ago, there were about 10 linux boxes and 2 people
maintaining them.  Now we have nearly 100 boxes and I still don't see the
need to hire additional staff to maintain them.  We are considering switching
to Debian and if we do, I'll setup an internal apt repository as well.

I really advocate installing packages rather than from source.  It's so
much easier to see what's installed, see when it was installed, remove
software, etc.  If something I want does not come in an RPM, I take the
time to make one.  Plus, it's much faster than compiling every time.

Of course, as much as you can, I recommend standardizing on a distro and
versions.

-- 
Amy Tanner
amy at real-time.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url : http://linuxchix.org/pipermail/techtalk/attachments/20030407/a0326c48/attachment.pgp

More information about the Techtalk mailing list