[rhn-users] learning the RHN ropes

[inode0]

On Dec 21, 2007 1:59 PM, Martin, William <wmartin at lgb-inc.com> wrote:
> I have been put in charge of some RH servers, and inherited the RHN account
> from the previous sysadmin, with no guidance. I have little sysadmin
> experience, so I have some newbie questions about RHN updates:
>
> - the servers are set up with Auto Errata Update = Yes, but there is a huge
> list of Errata and Packages to update the servers with, months-worth of
> them. the rhnsd daemon is running every four hours, but as reported by
> logwatch it only does a few updates now and then (a few a week). no idea how
> it picks them. it does pick up updates I explicitly schedule on RHN, so that
> part works fine. doesnt Auto Errata Update mean all updates should be done
> without user intervention?

Sorry about taking so long to respond to this ... as a first comment
I'd say it is probably a bit risky to apply errata automatically to a
server. I would turn that off except perhaps on desktops or other
systems where if something went wrong it wouldn't be critical.

To be honest our experience with the auto errata update facility has
been inconsistent with it often not working as expected. At this point
I would not rely on it even if it were what I wanted to accomplish. On
systems older than RHEL5 running "up2date -u" (or something similar
modified to taste) from cron once a day is more reliable. On RHEL5
systems yum-updatesd can be configured to apply errata automatically
as well regardless of this setting on RHN.

> - what is the relationship between rhnsd and up2date? up2date --list does
> show the whole long list of pending updates. it seems rhnsd is not running
> off the same list, or just picks a tiny fraction of it.

rhnsd checks in with RHN periodically. If it finds actions scheduled
on RHN (errata or other scheduled actions) if should fire off
rhn_check to pick them up and apply them. Generally if you don't
schedule actions on RHN to be picked up automatically I don't see any
reason to run rhnsd.

It sounds like some of the errata failed to get scheduled. This is not
an unusual outcome for us and is why I don't recommend relying on this
mechanism to keep your systems up to date.

If at this point you have a large number of updates to be applied I
think mass updates generally go smoother if you apply them in smaller
hunks. So I wouldn't do an "up2date -u" to try to get them all in one
pass. Going to RHN and scheduling them all followed by running
rhn_check on the system tends to work better in this sort of
situation. It will pick up and apply the updates in smaller chunks
(one errata at a time plus dependencies pulled in) leading to fewer
dependency and other problems.

My experience may differ from that of others here. Hope this helps.

John