yum update best practices
Jason Edgecombe
jason at rampaginggeek.com
Sat Mar 8 19:10:19 UTC 2008
sprizes at gmail.com wrote:
> Hello, we run approximately 400 Centos servers at our company. We use
> cfengine for configuration management.
>
> I am looking for some documentation to do patching including kernel
> patches. I was thinking of just having each host run yum update via
> cfengine but not sure if there are any gotchas there? Should I just do
> yum update? or should i exclude the kernel and be more careful with
> those? how about glibc?
>
> I am wondering what other people out there do with such large
> installations. I'd very much appreciate any help or suggestions on
> this.
>
>
> Also, kinda related to the above is my question about the correct yum
> behavior when installing kernels. I've seen it sometimes make the new
> kernel the default in grub.conf but sometimes it doesnt? what is the
> designed behavior?
>
I'm currently using cfengine on RHEL5 with a nightly yum update for two
machine configs for a total of 40 machines. I use a private yum repo
that I manually sync with upstream after some testing. I would recommend
excluding the kernel updates and having those be triggered manually or
explicitly using cfengine. So far, I'm manually triggering kernel
updates. I use openafs and vmware-server so I have some kernel-dependent
rpms that must be kept on sync. My biggest problem is that I need to
move to some way of locking some machines to certain versions of rpms.
That would make it easier to roll out updates to my workstations before
I push the updates to the servers.
One thing that's nice is using a disabled repository for testing things.
With this strategy, I run "yum updates --enablerepo=testing" on a
testing/staging server to try out new updates.
Be sure to look at using cobbler/koan and mrepo for
provisioning/updates. I'm keeping an eye on those.
Jason
More information about the redhat-sysadmin-list
mailing list