[Techtalk] Keeping Linux servers up to date

Amy Tanner amy at real-time.com
Tue Apr 8 06:13:33 EST 2003 

On Tue, Apr 08, 2003 at 09:30:21AM +0200, Magni Onsoien (magnio+lc-techtalk at pvv.ntnu.no) wrote:
> On Mon, Apr 07, 2003 at 05:29:50PM -0500, Amy Tanner said:
> 
> > At my work we have all RedHat boxes and I control all the installs (they
> > are kickstarted) which does simplify things.  Having APT has been a
> > lifesaver for me.  Nightly a script rsync's the updated RPMs and
> > re-makes the apt repository.  Then a script on each box does an apt-get
> > update;apt-get upgrade to keep them all updated.  On some boxes, servers
> > for instance, I put all the packages associated with services they run
> > in the list of HeldPackages so they don't automatically run.
> > 
> > When I started 1.5 years ago, there were about 10 linux boxes and 2 people
> > maintaining them.  Now we have nearly 100 boxes and I still don't see the
> > need to hire additional staff to maintain them.  We are considering switching
> > to Debian and if we do, I'll setup an internal apt repository as well.
> 
> How to you know the state of each box? Do you read through 100 mails
> with output from apt-get or do you just check them once in a while to
> see if they are fully updated or do you have a nice system to see the
> current state of them, also besides the "up or down"-state?

I read the mail from cron every night to see if there were any problems
and if packages were held back.  Then, I manually fix any problems and update 
the held packages.  Problems with updates have been rare.  We have a
mailing list server, as well, where the output gets posted.  So, we have
historical data that way.

> We have been using RedHat Network for a while at work and it works ok,
> especially when we decided to go for the Enterprise version in stead of
> Basic (the big difference is the possibility of updating a cluster of
> systems in stead of doing clickety-click on every single box. Or it is
> possible to run 'up2date -u' on each server, but it's noisy and I have a
> few bad experiences with packages not working properly and thus breaking
> systems 500 km away from here). 
> 
> The best extra-value we get from RHN is the overview in the web interface 
> - with a quick glance I can see if a box is updated, update is scheduled 
> or if it's not updated, but if we could get that plus an historic 
> overview of when packages were installed I'd concider changing to 
> another system than RHN, since it's a bit too expensive for some of our 
> clients (they accept paying our hourly salary for working on the boxes, 
> but no fixed fee, so in fact we would make more money on doing all the 
> updating manually (since they will happily pay for that) than selling 
> them a maintenance agreement. Strange client.)

You can see when packages were installed by running:

rpm -qa --last | less

I use that frequently.  For example, if we have a sick box, I see
whether any packages were recently installed.

I originally tried to get money in the budget for RHN but when I
couldn't, I setup APT.  I'm so happy with APT, I wouldn't go back to RHN
even if money became available.  I do have to use RHN on 1 RH AS box we
have and I find it slow and cumbersome.  We have a Basic subscription so
I'm not sure how much different Enterprise would be.
 
-- 
Amy Tanner
amy at real-time.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url : http://linuxchix.org/pipermail/techtalk/attachments/20030408/0268ffa1/attachment.pgp

More information about the Techtalk mailing list