help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patching Solaris machines with cfengine


From: Mark . Burgess
Subject: Re: Patching Solaris machines with cfengine
Date: Thu, 7 Feb 2002 10:37:01 +0100 (MET)

It would be good if people wrote short HOW-TO guides which could be
published on the website.

Mark


On  6 Feb, Rune Mossige wrote:
> Could You describe this rollout procedure for the patches? Is anything
> of that automated? If so, how?
> 
> On (05/02/02 18:20), Katherine Morris wrote:
>> Reply-To: "Katherine Morris" <address@hidden>
>> From: "Katherine Morris" <address@hidden>
>> To: <address@hidden>, "Didier CONTIS" <address@hidden>,
>>         <address@hidden>
>> Subject: Re: Patching Solaris machines with cfengine
>> Content-Transfer-Encoding: 7bit
>> X-Priority: 3
>> X-MSMail-Priority: Normal
>> X-Mailer: Microsoft Outlook Express 5.50.4807.1700
>> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
>> Sender: address@hidden
>> Errors-To: address@hidden
>> X-BeenThere: address@hidden
>> X-Mailman-Version: 2.0.5
>> List-Help: <mailto:address@hidden>
>> List-Post: <mailto:address@hidden>
>> List-Subscribe: <http://mail.gnu.org/mailman/listinfo/help-cfengine>,
>>      <mailto:address@hidden>
>> List-Id: Users list for GNU cfengine  <help-cfengine.gnu.org>
>> List-Unsubscribe: <http://mail.gnu.org/mailman/listinfo/help-cfengine>,
>>      <mailto:address@hidden>
>> List-Archive: <http://mail.gnu.org/pipermail/help-cfengine/>
>> Date: Tue, 5 Feb 2002 18:20:52 -0500
>> 
>> Sure, there are lots of patches that can be installed without a reboot.
>> But, I patched my workstation with a new kernel patch one time and forgot to
>> reboot it for a couple of weeks.  It never came back, I had to re-jumpstart
>> it.
>> 
>> According to Sun, they only guarantee that the kernel patch will work
>> properly when applied in single user mode.
>> 
>> We have a rollout procedure where patches get applied to low criticality
>> systems first and then we migrate through four phases of criticality until
>> all of the systems are patched.
>> 
>> FYI
>> 
>> ----- Original Message -----
>> From: "Ian Wallace" <address@hidden>
>> To: "Katherine Morris" <address@hidden>; "Didier CONTIS"
>> <address@hidden>; <address@hidden>
>> Sent: Tuesday, February 05, 2002 6:15 PM
>> Subject: Re: Patching Solaris machines with cfengine
>> 
>> 
>> > I agree with K that you shouldn't just go winging patches on machines,
>> > however we use cfengine, along with a list of patches that should be
>> applied
>> > and the CheckPatches, GetApplyPatch scripts that you can get from Sun to
>> > automate the whole process.
>> >
>> > We haven't run into any problems yet (cross my fingers, etc).  We tend not
>> to
>> > worry about the fact that you should be rebooting machines after kernel
>> > patches etc.  All of our environments are development only and we take
>> that
>> > risk knowingly.  I guess we'd rather patch the machines then not patch at
>> all.
>> >
>> > Production is a whole different ball game.
>> >
>> > If you want more info just say so and I can share the cfservd
>> configuration,
>> > one line shellcommands that we use for this.
>> >
>> > cheers
>> > ian
>> >
>> > On Tuesday 29 January 2002 07:28 am, Katherine Morris wrote:
>> > > If you're talking about applying OS patches, I wouldn't recommend
>> > > automating this in general.  Your Solaris versions are foreign to me
>> since
>> > > I run mostly 2.5.1 up through 8 and am currently evaluating 9.  I don't
>> > > know Linux yet, so maybe that's where the disconnect is...
>> > >
>> > > However Solaris OS patches in general require some knowledge about what
>> > > you're patching and why, reading the README's is highly advisable prior
>> to
>> > > patching as well.  Sun's not perfect either, and some patches break
>> > > things... it would be terrible to break everything at once! There's also
>> > > potential user intervention involved if you apply a patch which requires
>> > > you to reboot your systems.  Particularly if you have any slack-ass
>> admins
>> > > you work with that don't update configuration files after they make
>> changes
>> > > on the fly and should be fired. (vent)
>> > >
>> > > If you're using "patch" in a more general sense, we're basically using
>> it
>> > > for security fixes/changes.
>> > >
>> > > -K
>> > >
>> > >
>> > > ----- Original Message -----
>> > > From: "Didier CONTIS" <address@hidden>
>> > > To: <address@hidden>
>> > > Sent: Monday, January 28, 2002 12:06 PM
>> > > Subject: Patching Solaris machines with cfengine
>> > >
>> > > > -----BEGIN PGP SIGNED MESSAGE-----
>> > > > Hash: SHA1
>> > > >
>> > > >
>> > > > Hi,
>> > > >
>> > > > I was wondering how people are patching their Solaris systems using
>> > > > cfengine.
>> > > > Which tool combined with cfengine works the best.
>> > > >
>> > > > I am starting to deploy 2.0.a16. Most of Solaris systems are however
>> > > > still running 1.6.x
>> > > >
>> > > > I am already doing that under Linux using autoupdate + cfengine.
>> > > >
>> > > > Thanks in advance for any feedback.
>> > > >
>> > > > Regards - Didier.
>> > > >
>> > > > -----BEGIN PGP SIGNATURE-----
>> > > > Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
>> > > >
>> > > > iQA/AwUBPFWFF3qEbTtUcuwQEQIQ6gCfdOW5/x9Xce+AEt3ZsOK/mFSLsywAn1Xt
>> > > > 45PY8hDIZxuf7cLimoFfz9QA
>> > > > =8D3o
>> > > > -----END PGP SIGNATURE-----
>> > > >
>> > > >
>> > > > _______________________________________________
>> > > > Help-cfengine mailing list
>> > > > address@hidden
>> > > > http://mail.gnu.org/mailman/listinfo/help-cfengine
>> > >
>> > > _______________________________________________
>> > > Help-cfengine mailing list
>> > > address@hidden
>> > > http://mail.gnu.org/mailman/listinfo/help-cfengine
>> >
>> > --
>> > Ian Wallace - address@hidden
>> > Senior Consultant, Context Managed Services
>> > (W) 303.209.5623 (H) 303.388.9858
>> >
>> > _______________________________________________
>> > Help-cfengine mailing list
>> > address@hidden
>> > http://mail.gnu.org/mailman/listinfo/help-cfengine
>> 
>> 
>> _______________________________________________
>> Help-cfengine mailing list
>> address@hidden
>> http://mail.gnu.org/mailman/listinfo/help-cfengine
>> 
> 



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  address@hidden
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





reply via email to

[Prev in Thread] Current Thread [Next in Thread]