update help

Ed Wilts ewilts at ewilts.org
Thu Jan 5 01:50:38 UTC 2006 

On Wed, Jan 04, 2006 at 05:16:02PM -0800, Sherrett O. Walker wrote:
> I have inherited a pack of RHEL3.0ES servers.  2 Dell 2850s, a pack of 
> 1850s, an 850, and 6 1420s.  They come to me with a load of software 
> installed via different methods (rpm, tar.gz, tar.bz).
> 
> Forgive me, as I'm new to this.  My understanding is that I can get 
> redhat to upgrade software with problems (sounds like a rap group- SWP?) 
> on these machines for me for $300 per year per machine or so via the red 
> hat network.  

Yup - the price list is only at redhat.com.  You need a subscription for
every system.  You can't subscribe one and not the rest.  Once you have
everything properly configured (and it's quick and easy to do), a simple
# up2date -u    will upgrade all the software to the current patch
levels.  The subscription also includes free upgrades to RHEL 4.

Red Hat offers discounts starting at 10 systems and you're well above
that.  Contact sales at redhat.com for a quote for your environment.

> However, is the software that's installed via non-RPM hard 
> to keep in the proper update queue?  

Nope - it's just the packages that came from Red Hat.  RHN doesn't know
about about any other installed software.

> Is there a better way to do this?  I've read a little about yum- is
> that an option for me?  

What I do is a combination of RHN and yum.  I use yum for packages are
not in RHN and point it to Dag's archive that includes RHEL-package
software (http://dag.wieers.com/home-made/apt/).  I typically do not
install software from tarballs if I can avoid it.  For example,
bash-completion comes from Dag's archive.  You can also build your own
yum repository for home-created software and update your systems from
it.  The updates that Red Hat provides are not available anywhere else.
(there are forks/rebuilds of the source rpms, but that's a totally
different topic).

> And, is it important for me to keep an eye on this?  Should I be
> looking out for software like ssh or https only, or do I need to watch
> kernel information especially?  Am I missing something else?

Most of the packages that have received updates via RHN are due to
security vulnerabilities.  The kernel updates include new features like
updated drivers and some packages include bug fixes, but there are a
*lot* of security fixes in there.  If your systems are totally in a
trusted environment, you will safer than if they're internet-facing, but
you still upgrade nonetheless.

        .../Ed

-- 
Ed Wilts, RHCE
Mounds View, MN, USA
mailto:ewilts at ewilts.org
Member #1, Red Hat Community Ambassador Program

More information about the redhat-list mailing list