[Techtalk] Keeping Linux servers up to date

Magni Onsoien magnio+lc-techtalk at pvv.ntnu.no
Tue Apr 8 09:30:21 EST 2003

On Mon, Apr 07, 2003 at 05:29:50PM -0500, Amy Tanner said:

> At my work we have all RedHat boxes and I control all the installs (they
> are kickstarted) which does simplify things.  Having APT has been a
> lifesaver for me.  Nightly a script rsync's the updated RPMs and
> re-makes the apt repository.  Then a script on each box does an apt-get
> update;apt-get upgrade to keep them all updated.  On some boxes, servers
> for instance, I put all the packages associated with services they run
> in the list of HeldPackages so they don't automatically run.
> When I started 1.5 years ago, there were about 10 linux boxes and 2 people
> maintaining them.  Now we have nearly 100 boxes and I still don't see the
> need to hire additional staff to maintain them.  We are considering switching
> to Debian and if we do, I'll setup an internal apt repository as well.

How to you know the state of each box? Do you read through 100 mails
with output from apt-get or do you just check them once in a while to
see if they are fully updated or do you have a nice system to see the
current state of them, also besides the "up or down"-state?

We have been using RedHat Network for a while at work and it works ok,
especially when we decided to go for the Enterprise version in stead of
Basic (the big difference is the possibility of updating a cluster of
systems in stead of doing clickety-click on every single box. Or it is
possible to run 'up2date -u' on each server, but it's noisy and I have a
few bad experiences with packages not working properly and thus breaking
systems 500 km away from here). 

The best extra-value we get from RHN is the overview in the web interface 
- with a quick glance I can see if a box is updated, update is scheduled 
or if it's not updated, but if we could get that plus an historic 
overview of when packages were installed I'd concider changing to 
another system than RHN, since it's a bit too expensive for some of our 
clients (they accept paying our hourly salary for working on the boxes, 
but no fixed fee, so in fact we would make more money on doing all the 
updating manually (since they will happily pay for that) than selling 
them a maintenance agreement. Strange client.)

For the initial question: I'd try either apt or autorpm. Both can be used
from a local repository, autorpm can use ftp or NFS and you can decide
how automatic you want to install the packages (I use it on a few
servers and have automatic install of our own packages from our own
repository, and interactive install of updates from RedHat).

Magni :)
sash is very good for you.

More information about the Techtalk mailing list