Re: automating redhat package updates?

[Danny Holth]

On Sun, 1 Jul 2001, Philip J. Hollenback wrote:

] Here's something I want to solve with cfengine but I haven't figured
] out the best way to do it: automated package installs.
]
] It's frequently the case that I need to update an rpm package on all
] of the handful of redhat linux 6.2 servers I run.  It's too
] time-consuming to log on to every system and run the upgrade by hand.
] There must be an easy way to do this with cfengine.
]
] I envision a mechanism where I can drop a package somewhere on the cfd
] server and all the other systems will pick it up and install it.
]
] Is it possible to do this cleanly and in a relatively secure fashion?
] Has anyone implemented this?  It seems to be a fairly general issue
] which would turn up on just about any modern OS.
]
] P.

Phillip,

        I have done this several times on the network I administer.
Right now I am using autorpm and apt-get with the systems.  I have my own
apt rpm repository at milliways.stetson.edu.

        I have arranged the rpms into several directories for different
classes of machines.  Some of them are always installed, others are just
upgraded if the machine happens to have an older version of the package.
Autorpm logs in via ftp; apt-get does too but is much more intelligent.
I would like to either eliminate autorpm or modify it to use apt-get for
instals.  I still use autorpm because it will install everything in a
directory.  apt only knows how to update everything or install specific
packages.

        I also have a script that runs at startup that makes sure cfengine
is installed and has the latest config files.  That way my machines always
have config (no nfs dependency) but reconfig takes overnight to proragate.

        If I become more interested in security I will sign all my RPMs.

        If you're interested, most of my configs should be accessible from
milliways, in the pub directory.

        - Danny Holth