Advertisment

Enterprise Patch Management

author-image
PCQ Bureau
New Update

One of the basic tenets of computing is that no software is

100% perfect. This is true regardless of the operating system, application or

development platform used. This leads to the uneviable task of updating software

through patches or service packs. A very futile exercise would be to debate

which operating system requires less patches. Patching a single system correctly

is difficult enough. Different vendors try different methodologies to solve

this. Microsoft has Windows Update and RedHat has the Redhat network. However,

when it comes to



Enterprise




patch management the stakes are very different.

Advertisment

The reason is that



Enterprise




patching requires that all patches be available centrally on a LAN server so

that the Intenet bandwidth required to have all systems patched is minimal. The

patches are downloaded only onto the single patch server and all clients on the

network pick up from that. The patching standard actually has many more

requirements — but these requirements are met only be large scale apps like

Windows Software Update Services and Systems Management Server for Windows or

HFNetCheck for Windows and Linux. In this article we will look at being able to

centrally download and deploy Linux patches and updates for machines on your

network.

The software that helps you do this is “yum”. This

application is one that can download patches from a “repository” and create

one on the local server from which other yum clients can download the updates. A

repository is basically a directory on the server that contains the RPMS that

are available to the clients, header files and other information. PCQLinux 2006

comes with yum installed, but no default repositories configured. We will need

to create a set of directories on the server that are to be used as different

repositories. These directories will get apps, updates and patches from

different repositories on the Internet. For instance, you might want to have

repositories that are for PCQLinux 2006 RPMS, FC4 Updates and FreshRPMS

repository available to the other computers in the network. For this create

directories such as the following:

/var/ftp/pub/yum/pcql/i386/os



/var/ftp/pub/yum/pcql/i386/updates


/var/ftp/pub/yum/pcql/i386/freshrpms


Advertisment

Now you can dump the contents of all the CDs directly into

the first directory. Make sure that the hidden file “.discinfo” is also

copied into it. For the FC4 updates, simply perform the following command:

rsync -av --exclude debug

rsync://mirrors.kernel.org/fedora/core/updates/4/i386/* /var/ftp/pub/yum/pcql/i386/updates/


This will get all the updates in the given mirror down to

the local folder specified. Repeat the same with the FreshRPMS repository as

well.  Once all the RPMS are downloaded, you need to set these as a

repository. There are two ways you can do it. If you have access to the

“createrepo” command, you can do the following:

Advertisment

createrepo —v

where is the path to the RPMS for each

repository. An alternative method is to use yum-arch (which is more compatible

with other package managers as it uses a slightly older but better known header

format). To use this, you need to go to each directory with RPMS and perform the

command 'yum-arch .' (please take note of the dot at the end of the

command). Once this is done, you need to be able to serve the content to clients

that ask for it. To do this, we can use the built-in FTP server. If you

haven't installed FTP, simply install the vsftpd rpm from the PCQLinux 2006

CDs. Now configure the FTP server by editing the /etc/vsftpd/vsftpd.conf file to

be able to serve content from the default /var/ftp directories.  Finally we

need to set up the clients to use this new server to pick up new applications,

updates and patches. For this, on a client go to the /etc/yum.repos.d directory

and delete all the files in it. Create a new file with the following content:









name=PCQLinux 2006







baseurl=ftp://myyumserver/pub/yum/pcql/i386/os







enabled=1







gpgcheck=0



Advertisment





name=PCQLinux 2006 Updates


baseurl=ftp://myyumserver/pub/yum/pcql/i386/updates


enabled=1


gpgcheck=0










name=FreshRPMS applications


baseurl=ftp://myyumserver/pub/yum/pcql/i386/freshrpms


enabled=1


gpgcheck=0







Test out the setup by issuing the following command:







yum update




This will connect to the local update server and download

updates . You can even install packages with the “yum install” command.

Usage of the yum application can be seen in its manual pages. You can put

scheduled cron jobs for rsyncing the yum server with its Internet repositories

to get the latest RPMS.

You can also put cron jobs on clients to periodically check

the local server for updates as well. With this setup a basic patch management

solution for your Linux network is ready that lets you manage the updates and

applications available to the machines as well as reduces Internet bandwidth

considerably.

Advertisment