Red Hat Enterprise Linux 5.5 patching

Matty Sarro msarro at gmail.com
Tue Mar 8 16:29:53 UTC 2011 

I had no idea some of these options existed, so I appreciate everyones
suggestions.

In my situation we needed to develop a baseline based off of the
current errata and updates. From this point forward we have to use
this as a baseline for all certification testing to ensure that the
production servers are kept identical to our lab servers that we've
done certification testing on.

Our lab architecture cannot talk to the production, and vice versa due
to security. I had manually downloaded all updates after running a yum
update and copying the list of all downloaded packages. I then went to
red hat's site, downloaded all of them manually. I copied them to
media, as well as to HPSA. When installing with HPSA it failed every
time, stating that numerous dependencies were missing (even though
they were all present). That could have been an issue with HPSA
though. I had run a yum update, TEE-d the results to a file, and
copied the exact versions of every listed package and dependency from
Red hat's package repo on their website.

I copied the same packages to a USB drive and attempted to install
using RPM, and it complained about dependencies. I tried installing
locally using yum, and it complained that the gpg key wasn't present.
This was done on a secure network, so there was no way for me to get
the key. Is there a simple way to get it? Is it its own RPM?

We do have RHN satellites in both lab and prod, but those networks are
inaccessible from our staging/build area, again due to to security
constraints (the HPSA subnet is kept separate from everything else and
that's the subnet used in the build area).

As for setting up a mirror box, that would be impossible due to
constraints at the data center where the boxes will be deployed. I'll
look into mrepo though, that may help.


On Tue, Mar 8, 2011 at 10:42 AM, R P Herrold <herrold at owlriver.com> wrote:
> On Tue, 8 Mar 2011, Matty Sarro wrote:
>
>> Sadly with red hat you have the option of red hat, run satellites, or
>> bust. You could use the cent OS repository bit you'd lose your support for
>> the system.
>
> ehh?  This not correct. It is simple enough to use 'mrepo' to 'mirror'
> updates, then copy the same up some media to 'transit the air gap', and then
> set up a local mirror that CAN be reached by a machine NOT connected
> directly to an external network.
>
> Indeed, via setting up a mirror that CAN see the internet, and having a
> second interface that does NOT ROUTE, one avoid the 'sneakernet' step
>
> 0.0.0.0 --- firewall --- mirror (non-routing)
>                           |
>                           |
>                         client that cannot 'see' the internet
>
> We have used such a setup for 'builders' that need to see sources, but
> should not be able to see the internet
>
> -- Russ herrold
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list