Redhat to Fedora - up2date/RHN

Tue Nov 4 21:53:27 UTC 2003

Charles Gregory wrote:

>On Tue, 4 Nov 2003, nosp wrote:
>  
>
>>The trained monkey can still run up2date and it will still work ok.
>>    
>>
>
>That was not my worry. My worry was how to get the TM to remember to do
>so. 
>  
>
Just write a little cron script that runs the update check tool of your 
choice,

    up2date -l
    apt-get update
    yum <whatever>

and then redirect the output to a file or pipe it to a grep that checks 
for the presence
of available updates, and then if found e-mails your organizations TM list.

>>You will need to worry a bit more than usual in case up2date picks up
>>a big upgrade that needs human intervention.....
>>    
>>
>
>Can you give an example of this? 
>
>  
>

I would think that this depends on your particular installation.
For example on my companies network we have some OLD X.25 cards that
have proprietary binary drivers that work with a particular RedHat 7.2 
kernel.
So, we don't install new 7.2 kernel's on those boxes.

Also for example, we have some perl modules that got installed and 
configured
by a contractor, and we have no idea what he did on a particular box, 
but we know
it works with the perl that is installed there, and not on other boxes 
with different
perl installs.  So we don't install perl updates on that box.

You need to understand what particular packages might be "SENSITIVE"
to an upgrade for your environment.

>>.... just as much human intervention as is required by a standard
>>is-this-going-to-affect-me decision when the "upgrade this rpm RIGHT
>>NOW before you get hacked" situation happens once every six months or
>>so.
>>    
>>
>
>Actually, I'm hoping to *not* have human *decision making* involved when
>the 'upgrade right now' message comes in, it should just be a knee-jerk
>response to run up2date as soon as *any* notice arrives. Which is why I
>would like to have some sort of notice actually arrive. :-)
>
>  
>
Again, this depends on your environment.
If you install Fedora from the Fedora Core repositories and you only use 
Fedora Core
packages, and you don't write any compiled code or customize anything on 
your boxes
at all (except for minimal things like adding users or turning on or off 
services).  Then
you probably can get away with just having a cronjob install all updates 
when they become
available.  There is no need for a TM, or even a permanent HTM (after 
the cronjob is in place).

However this is rarely the case.  Usually an HTM receives errata notices 
and examines the
errata and then tests it on a few workstations or test/devel boxes.  If 
that seems fairly
non-troublesome after a day or two, then maybe a few internal/intranet 
servers might get the upgrade.
And if there is still no trouble, then the mission critical servers 
(which are in pairs to enact some
sort of clustering, right?)  will cut over to the patch while leaving 
their standby system on the old
patch revision in case a failback is necessary.   Then if after a few 
weeks no one has reported
any problems, (or if another patch comes out that has to be installed)  
the standby system will
get the patch installed.