help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patching Solaris machines with cfengine


From: Rune Mossige
Subject: Re: Patching Solaris machines with cfengine
Date: Wed, 6 Feb 2002 08:52:12 +0100
User-agent: Mutt/1.2.5.1i

Could You describe this rollout procedure for the patches? Is anything
of that automated? If so, how?

On (05/02/02 18:20), Katherine Morris wrote:
> Reply-To: "Katherine Morris" <klmorris@pobox.com>
> From: "Katherine Morris" <klmorris@pobox.com>
> To: <iwallace@context.com>, "Didier CONTIS" <didier@ece.gatech.edu>,
>         <help-cfengine@gnu.org>
> Subject: Re: Patching Solaris machines with cfengine
> Content-Transfer-Encoding: 7bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 5.50.4807.1700
> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
> Sender: help-cfengine-admin@gnu.org
> Errors-To: help-cfengine-admin@gnu.org
> X-BeenThere: help-cfengine@gnu.org
> X-Mailman-Version: 2.0.5
> List-Help: <mailto:help-cfengine-request@gnu.org?subject=help>
> List-Post: <mailto:help-cfengine@gnu.org>
> List-Subscribe: <http://mail.gnu.org/mailman/listinfo/help-cfengine>,
>       <mailto:help-cfengine-request@gnu.org?subject=subscribe>
> List-Id: Users list for GNU cfengine  <help-cfengine.gnu.org>
> List-Unsubscribe: <http://mail.gnu.org/mailman/listinfo/help-cfengine>,
>       <mailto:help-cfengine-request@gnu.org?subject=unsubscribe>
> List-Archive: <http://mail.gnu.org/pipermail/help-cfengine/>
> Date: Tue, 5 Feb 2002 18:20:52 -0500
> 
> Sure, there are lots of patches that can be installed without a reboot.
> But, I patched my workstation with a new kernel patch one time and forgot to
> reboot it for a couple of weeks.  It never came back, I had to re-jumpstart
> it.
> 
> According to Sun, they only guarantee that the kernel patch will work
> properly when applied in single user mode.
> 
> We have a rollout procedure where patches get applied to low criticality
> systems first and then we migrate through four phases of criticality until
> all of the systems are patched.
> 
> FYI
> 
> ----- Original Message -----
> From: "Ian Wallace" <iwallace@context.com>
> To: "Katherine Morris" <klmorris@pobox.com>; "Didier CONTIS"
> <didier@ece.gatech.edu>; <help-cfengine@gnu.org>
> Sent: Tuesday, February 05, 2002 6:15 PM
> Subject: Re: Patching Solaris machines with cfengine
> 
> 
> > I agree with K that you shouldn't just go winging patches on machines,
> > however we use cfengine, along with a list of patches that should be
> applied
> > and the CheckPatches, GetApplyPatch scripts that you can get from Sun to
> > automate the whole process.
> >
> > We haven't run into any problems yet (cross my fingers, etc).  We tend not
> to
> > worry about the fact that you should be rebooting machines after kernel
> > patches etc.  All of our environments are development only and we take
> that
> > risk knowingly.  I guess we'd rather patch the machines then not patch at
> all.
> >
> > Production is a whole different ball game.
> >
> > If you want more info just say so and I can share the cfservd
> configuration,
> > one line shellcommands that we use for this.
> >
> > cheers
> > ian
> >
> > On Tuesday 29 January 2002 07:28 am, Katherine Morris wrote:
> > > If you're talking about applying OS patches, I wouldn't recommend
> > > automating this in general.  Your Solaris versions are foreign to me
> since
> > > I run mostly 2.5.1 up through 8 and am currently evaluating 9.  I don't
> > > know Linux yet, so maybe that's where the disconnect is...
> > >
> > > However Solaris OS patches in general require some knowledge about what
> > > you're patching and why, reading the README's is highly advisable prior
> to
> > > patching as well.  Sun's not perfect either, and some patches break
> > > things... it would be terrible to break everything at once! There's also
> > > potential user intervention involved if you apply a patch which requires
> > > you to reboot your systems.  Particularly if you have any slack-ass
> admins
> > > you work with that don't update configuration files after they make
> changes
> > > on the fly and should be fired. (vent)
> > >
> > > If you're using "patch" in a more general sense, we're basically using
> it
> > > for security fixes/changes.
> > >
> > > -K
> > >
> > >
> > > ----- Original Message -----
> > > From: "Didier CONTIS" <didier@ece.gatech.edu>
> > > To: <help-cfengine@gnu.org>
> > > Sent: Monday, January 28, 2002 12:06 PM
> > > Subject: Patching Solaris machines with cfengine
> > >
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > >
> > > >
> > > > Hi,
> > > >
> > > > I was wondering how people are patching their Solaris systems using
> > > > cfengine.
> > > > Which tool combined with cfengine works the best.
> > > >
> > > > I am starting to deploy 2.0.a16. Most of Solaris systems are however
> > > > still running 1.6.x
> > > >
> > > > I am already doing that under Linux using autoupdate + cfengine.
> > > >
> > > > Thanks in advance for any feedback.
> > > >
> > > > Regards - Didier.
> > > >
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
> > > >
> > > > iQA/AwUBPFWFF3qEbTtUcuwQEQIQ6gCfdOW5/x9Xce+AEt3ZsOK/mFSLsywAn1Xt
> > > > 45PY8hDIZxuf7cLimoFfz9QA
> > > > =8D3o
> > > > -----END PGP SIGNATURE-----
> > > >
> > > >
> > > > _______________________________________________
> > > > Help-cfengine mailing list
> > > > Help-cfengine@gnu.org
> > > > http://mail.gnu.org/mailman/listinfo/help-cfengine
> > >
> > > _______________________________________________
> > > Help-cfengine mailing list
> > > Help-cfengine@gnu.org
> > > http://mail.gnu.org/mailman/listinfo/help-cfengine
> >
> > --
> > Ian Wallace - iwallace@context.com
> > Senior Consultant, Context Managed Services
> > (W) 303.209.5623 (H) 303.388.9858
> >
> > _______________________________________________
> > Help-cfengine mailing list
> > Help-cfengine@gnu.org
> > http://mail.gnu.org/mailman/listinfo/help-cfengine
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine
> 

-- 
-------------------------------------------------------------------
           (-: Hiroshima 45, Chernobyl 86, Windows 95 :-)
Our ultimate goal is to make overloaded systems appear to be idle.
High performance, High reliability, Low cost -------- Pick any two.
-------------------------------------------------------------------
Rune  Mossige,  Systems  Support  Engineer,  WesternGeco, Stavanger
Tel: (+47)51946869                             Mobile:(+47)90871024



reply via email to

[Prev in Thread] Current Thread [Next in Thread]