help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OS patching via cfengine

From: Thomas Glanzmann
Subject: Re: OS patching via cfengine
Date: Thu, 6 Mar 2003 23:20:01 +0100
User-agent: Mutt/1.4i 
> I think experiences like the NFS patching problems are very helpful,
> thanks for sharing that. I agree that moving patches/updates to the
> local filesystem and verifying the files before starting the patch
> install is the right way to do it. We have some solaris patch cluster
> install scripts that do it this way (using scp then md5 to verify).

I am asking right now on comp.unix.solaris for ways to handle autopatch.
It would be nice if you could provide some of your scripts. It sounds
useabel and much better the hack I use at the moment.

> On the same topic, but with a debian focus, has anyone had any problems
> with debian auto-updates using stable (apt-get -q -q -y -u
> dselect-upgrade)? I do it on some non-production hosts and my
> workstation, but I've always been hesitant to do it for production
> hosts.

I am using this together with some config files[1] to make dpkg less
chatty.

        /usr/bin/dpkg --set-selections < /var/cfengine/inputs/selections
        /usr/bin/apt-get update
        /usr/bin/yes '' | /usr/bin/apt-get dselect-upgrade
        /usr/bin/yes '' | /usr/bin/apt-get upgrade
        /usr/bin/apt-get clean
        yes '' | dpkg --configure -a

> Kernels are always separate packages and never actually upgrade,
> right?

To boot Linux kernels we use a pxegrub, which gets configfile/ip via
dhcp / tftpboot and loads the kernel per tftp.

        Thomas

[1] Make dpkg less chatty
        
http://wwwcip.informatik.uni-erlangen.de/~sithglan/cfengine/distributed/linux/etc/apt/apt.conf
        
http://wwwcip.informatik.uni-erlangen.de/~sithglan/cfengine/distributed/linux/etc/debconf.conf
reply via email to
[Prev in Thread] Current Thread [Next in Thread]