[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Patching Solaris machines with cfengine
From: |
Rune Mossige |
Subject: |
Re: Patching Solaris machines with cfengine |
Date: |
Wed, 6 Feb 2002 08:54:13 +0100 |
User-agent: |
Mutt/1.2.5.1i |
I would be very interested in seeing Your cfservd configuration one line
shellcommands to do this.
On (05/02/02 16:15), Ian Wallace wrote:
> From: Ian Wallace <iwallace@context.com>
> Reply-To: iwallace@context.com
> Organization: Context Managed Services
> To: "Katherine Morris" <klmorris@pobox.com>,
> "Didier CONTIS" <didier@ece.gatech.edu>, <help-cfengine@gnu.org>
> Subject: Re: Patching Solaris machines with cfengine
> X-Mailer: KMail [version 1.3.1]
> Content-Transfer-Encoding: 8bit
> Sender: help-cfengine-admin@gnu.org
> Errors-To: help-cfengine-admin@gnu.org
> X-BeenThere: help-cfengine@gnu.org
> X-Mailman-Version: 2.0.5
> List-Help: <mailto:help-cfengine-request@gnu.org?subject=help>
> List-Post: <mailto:help-cfengine@gnu.org>
> List-Subscribe: <http://mail.gnu.org/mailman/listinfo/help-cfengine>,
> <mailto:help-cfengine-request@gnu.org?subject=subscribe>
> List-Id: Users list for GNU cfengine <help-cfengine.gnu.org>
> List-Unsubscribe: <http://mail.gnu.org/mailman/listinfo/help-cfengine>,
> <mailto:help-cfengine-request@gnu.org?subject=unsubscribe>
> List-Archive: <http://mail.gnu.org/pipermail/help-cfengine/>
> Date: Tue, 5 Feb 2002 16:15:22 -0700
>
> I agree with K that you shouldn't just go winging patches on machines,
> however we use cfengine, along with a list of patches that should be applied
> and the CheckPatches, GetApplyPatch scripts that you can get from Sun to
> automate the whole process.
>
> We haven't run into any problems yet (cross my fingers, etc). We tend not to
> worry about the fact that you should be rebooting machines after kernel
> patches etc. All of our environments are development only and we take that
> risk knowingly. I guess we'd rather patch the machines then not patch at all.
>
> Production is a whole different ball game.
>
> If you want more info just say so and I can share the cfservd configuration,
> one line shellcommands that we use for this.
>
> cheers
> ian
>
> On Tuesday 29 January 2002 07:28 am, Katherine Morris wrote:
> > If you're talking about applying OS patches, I wouldn't recommend
> > automating this in general. Your Solaris versions are foreign to me since
> > I run mostly 2.5.1 up through 8 and am currently evaluating 9. I don't
> > know Linux yet, so maybe that's where the disconnect is...
> >
> > However Solaris OS patches in general require some knowledge about what
> > you're patching and why, reading the README's is highly advisable prior to
> > patching as well. Sun's not perfect either, and some patches break
> > things... it would be terrible to break everything at once! There's also
> > potential user intervention involved if you apply a patch which requires
> > you to reboot your systems. Particularly if you have any slack-ass admins
> > you work with that don't update configuration files after they make changes
> > on the fly and should be fired. (vent)
> >
> > If you're using "patch" in a more general sense, we're basically using it
> > for security fixes/changes.
> >
> > -K
> >
> >
> > ----- Original Message -----
> > From: "Didier CONTIS" <didier@ece.gatech.edu>
> > To: <help-cfengine@gnu.org>
> > Sent: Monday, January 28, 2002 12:06 PM
> > Subject: Patching Solaris machines with cfengine
> >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > >
> > > Hi,
> > >
> > > I was wondering how people are patching their Solaris systems using
> > > cfengine.
> > > Which tool combined with cfengine works the best.
> > >
> > > I am starting to deploy 2.0.a16. Most of Solaris systems are however
> > > still running 1.6.x
> > >
> > > I am already doing that under Linux using autoupdate + cfengine.
> > >
> > > Thanks in advance for any feedback.
> > >
> > > Regards - Didier.
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
> > >
> > > iQA/AwUBPFWFF3qEbTtUcuwQEQIQ6gCfdOW5/x9Xce+AEt3ZsOK/mFSLsywAn1Xt
> > > 45PY8hDIZxuf7cLimoFfz9QA
> > > =8D3o
> > > -----END PGP SIGNATURE-----
> > >
> > >
> > > _______________________________________________
> > > Help-cfengine mailing list
> > > Help-cfengine@gnu.org
> > > http://mail.gnu.org/mailman/listinfo/help-cfengine
> >
> > _______________________________________________
> > Help-cfengine mailing list
> > Help-cfengine@gnu.org
> > http://mail.gnu.org/mailman/listinfo/help-cfengine
>
> --
> Ian Wallace - iwallace@context.com
> Senior Consultant, Context Managed Services
> (W) 303.209.5623 (H) 303.388.9858
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine
>
--
-------------------------------------------------------------------
(-: Hiroshima 45, Chernobyl 86, Windows 95 :-)
Our ultimate goal is to make overloaded systems appear to be idle.
High performance, High reliability, Low cost -------- Pick any two.
-------------------------------------------------------------------
Rune Mossige, Systems Support Engineer, WesternGeco, Stavanger
Tel: (+47)51946869 Mobile:(+47)90871024