help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patching Solaris machines with cfengine

From: Katherine Morris
Subject: Re: Patching Solaris machines with cfengine
Date: Tue, 5 Feb 2002 18:20:52 -0500 
Sure, there are lots of patches that can be installed without a reboot.
But, I patched my workstation with a new kernel patch one time and forgot to
reboot it for a couple of weeks.  It never came back, I had to re-jumpstart
it.

According to Sun, they only guarantee that the kernel patch will work
properly when applied in single user mode.

We have a rollout procedure where patches get applied to low criticality
systems first and then we migrate through four phases of criticality until
all of the systems are patched.

FYI

----- Original Message -----
From: "Ian Wallace" <iwallace@context.com>
To: "Katherine Morris" <klmorris@pobox.com>; "Didier CONTIS"
<didier@ece.gatech.edu>; <help-cfengine@gnu.org>
Sent: Tuesday, February 05, 2002 6:15 PM
Subject: Re: Patching Solaris machines with cfengine


> I agree with K that you shouldn't just go winging patches on machines,
> however we use cfengine, along with a list of patches that should be
applied
> and the CheckPatches, GetApplyPatch scripts that you can get from Sun to
> automate the whole process.
>
> We haven't run into any problems yet (cross my fingers, etc).  We tend not
to
> worry about the fact that you should be rebooting machines after kernel
> patches etc.  All of our environments are development only and we take
that
> risk knowingly.  I guess we'd rather patch the machines then not patch at
all.
>
> Production is a whole different ball game.
>
> If you want more info just say so and I can share the cfservd
configuration,
> one line shellcommands that we use for this.
>
> cheers
> ian
>
> On Tuesday 29 January 2002 07:28 am, Katherine Morris wrote:
> > If you're talking about applying OS patches, I wouldn't recommend
> > automating this in general.  Your Solaris versions are foreign to me
since
> > I run mostly 2.5.1 up through 8 and am currently evaluating 9.  I don't
> > know Linux yet, so maybe that's where the disconnect is...
> >
> > However Solaris OS patches in general require some knowledge about what
> > you're patching and why, reading the README's is highly advisable prior
to
> > patching as well.  Sun's not perfect either, and some patches break
> > things... it would be terrible to break everything at once! There's also
> > potential user intervention involved if you apply a patch which requires
> > you to reboot your systems.  Particularly if you have any slack-ass
admins
> > you work with that don't update configuration files after they make
changes
> > on the fly and should be fired. (vent)
> >
> > If you're using "patch" in a more general sense, we're basically using
it
> > for security fixes/changes.
> >
> > -K
> >
> >
> > ----- Original Message -----
> > From: "Didier CONTIS" <didier@ece.gatech.edu>
> > To: <help-cfengine@gnu.org>
> > Sent: Monday, January 28, 2002 12:06 PM
> > Subject: Patching Solaris machines with cfengine
> >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > >
> > > Hi,
> > >
> > > I was wondering how people are patching their Solaris systems using
> > > cfengine.
> > > Which tool combined with cfengine works the best.
> > >
> > > I am starting to deploy 2.0.a16. Most of Solaris systems are however
> > > still running 1.6.x
> > >
> > > I am already doing that under Linux using autoupdate + cfengine.
> > >
> > > Thanks in advance for any feedback.
> > >
> > > Regards - Didier.
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
> > >
> > > iQA/AwUBPFWFF3qEbTtUcuwQEQIQ6gCfdOW5/x9Xce+AEt3ZsOK/mFSLsywAn1Xt
> > > 45PY8hDIZxuf7cLimoFfz9QA
> > > =8D3o
> > > -----END PGP SIGNATURE-----
> > >
> > >
> > > _______________________________________________
> > > Help-cfengine mailing list
> > > Help-cfengine@gnu.org
> > > http://mail.gnu.org/mailman/listinfo/help-cfengine
> >
> > _______________________________________________
> > Help-cfengine mailing list
> > Help-cfengine@gnu.org
> > http://mail.gnu.org/mailman/listinfo/help-cfengine
>
> --
> Ian Wallace - iwallace@context.com
> Senior Consultant, Context Managed Services
> (W) 303.209.5623 (H) 303.388.9858
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine
reply via email to
[Prev in Thread] Current Thread [Next in Thread]