Redhat to Fedora - up2date/RHN
ben at muppethouse.com
Tue Nov 4 21:53:27 UTC 2003
Charles Gregory wrote:
>On Tue, 4 Nov 2003, nosp wrote:
>>The trained monkey can still run up2date and it will still work ok.
>That was not my worry. My worry was how to get the TM to remember to do
Just write a little cron script that runs the update check tool of your
and then redirect the output to a file or pipe it to a grep that checks
for the presence
of available updates, and then if found e-mails your organizations TM list.
>>You will need to worry a bit more than usual in case up2date picks up
>>a big upgrade that needs human intervention.....
>Can you give an example of this?
I would think that this depends on your particular installation.
For example on my companies network we have some OLD X.25 cards that
have proprietary binary drivers that work with a particular RedHat 7.2
So, we don't install new 7.2 kernel's on those boxes.
Also for example, we have some perl modules that got installed and
by a contractor, and we have no idea what he did on a particular box,
but we know
it works with the perl that is installed there, and not on other boxes
perl installs. So we don't install perl updates on that box.
You need to understand what particular packages might be "SENSITIVE"
to an upgrade for your environment.
>>.... just as much human intervention as is required by a standard
>>is-this-going-to-affect-me decision when the "upgrade this rpm RIGHT
>>NOW before you get hacked" situation happens once every six months or
>Actually, I'm hoping to *not* have human *decision making* involved when
>the 'upgrade right now' message comes in, it should just be a knee-jerk
>response to run up2date as soon as *any* notice arrives. Which is why I
>would like to have some sort of notice actually arrive. :-)
Again, this depends on your environment.
If you install Fedora from the Fedora Core repositories and you only use
packages, and you don't write any compiled code or customize anything on
at all (except for minimal things like adding users or turning on or off
you probably can get away with just having a cronjob install all updates
when they become
available. There is no need for a TM, or even a permanent HTM (after
the cronjob is in place).
However this is rarely the case. Usually an HTM receives errata notices
and examines the
errata and then tests it on a few workstations or test/devel boxes. If
that seems fairly
non-troublesome after a day or two, then maybe a few internal/intranet
servers might get the upgrade.
And if there is still no trouble, then the mission critical servers
(which are in pairs to enact some
sort of clustering, right?) will cut over to the patch while leaving
their standby system on the old
patch revision in case a failback is necessary. Then if after a few
weeks no one has reported
any problems, (or if another patch comes out that has to be installed)
the standby system will
get the patch installed.
More information about the fedora-list