One of the basic tenets of computing is that no software is
100% perfect. This is true regardless of the operating system, application or
development platform used. This leads to the uneviable task of updating software
through patches or service packs. A very futile exercise would be to debate
which operating system requires less patches. Patching a single system correctly
is difficult enough. Different vendors try different methodologies to solve
this. Microsoft has Windows Update and RedHat has the Redhat network. However,
when it comes to
Enterprise
patch management the stakes are very different.
The reason is that
Enterprise
patching requires that all patches be available centrally on a LAN server so
that the Intenet bandwidth required to have all systems patched is minimal. The
patches are downloaded only onto the single patch server and all clients on the
network pick up from that. The patching standard actually has many more
requirements — but these requirements are met only be large scale apps like
Windows Software Update Services and Systems Management Server for Windows or
HFNetCheck for Windows and Linux. In this article we will look at being able to
centrally download and deploy Linux patches and updates for machines on your
network.
The software that helps you do this is “yum”. This
application is one that can download patches from a “repository” and create
one on the local server from which other yum clients can download the updates. A
repository is basically a directory on the server that contains the RPMS that
are available to the clients, header files and other information. PCQLinux 2006
comes with yum installed, but no default repositories configured. We will need
to create a set of directories on the server that are to be used as different
repositories. These directories will get apps, updates and patches from
different repositories on the Internet. For instance, you might want to have
repositories that are for PCQLinux 2006 RPMS, FC4 Updates and FreshRPMS
repository available to the other computers in the network. For this create
directories such as the following:
/var/ftp/pub/yum/pcql/i386/os
/var/ftp/pub/yum/pcql/i386/updates
/var/ftp/pub/yum/pcql/i386/freshrpms
Now you can dump the contents of all the CDs directly into
the first directory. Make sure that the hidden file “.discinfo” is also
copied into it. For the FC4 updates, simply perform the following command:
rsync -av --exclude debug
rsync://mirrors.kernel.org/fedora/core/updates/4/i386/* /var/ftp/pub/yum/pcql/i386/updates/
This will get all the updates in the given mirror down to
the local folder specified. Repeat the same with the FreshRPMS repository as
well. Once all the RPMS are downloaded, you need to set these as a
repository. There are two ways you can do it. If you have access to the
“createrepo” command, you can do the following:
createrepo —v
where
repository. An alternative method is to use yum-arch (which is more compatible
with other package managers as it uses a slightly older but better known header
format). To use this, you need to go to each directory with RPMS and perform the
command 'yum-arch .' (please take note of the dot at the end of the
command). Once this is done, you need to be able to serve the content to clients
that ask for it. To do this, we can use the built-in FTP server. If you
haven't installed FTP, simply install the vsftpd rpm from the PCQLinux 2006
CDs. Now configure the FTP server by editing the /etc/vsftpd/vsftpd.conf file to
be able to serve content from the default /var/ftp directories. Finally we
need to set up the clients to use this new server to pick up new applications,
updates and patches. For this, on a client go to the /etc/yum.repos.d directory
and delete all the files in it. Create a new file with the following content:
name=PCQLinux 2006
baseurl=ftp://myyumserver/pub/yum/pcql/i386/os
enabled=1
gpgcheck=0
name=PCQLinux 2006 Updates
baseurl=ftp://myyumserver/pub/yum/pcql/i386/updates
enabled=1
gpgcheck=0
name=FreshRPMS applications
baseurl=ftp://myyumserver/pub/yum/pcql/i386/freshrpms
enabled=1
gpgcheck=0
Test out the setup by issuing the following command:
yum update
This will connect to the local update server and download
updates . You can even install packages with the “yum install” command.
Usage of the yum application can be seen in its manual pages. You can put
scheduled cron jobs for rsyncing the yum server with its Internet repositories
to get the latest RPMS.
You can also put cron jobs on clients to periodically check
the local server for updates as well. With this setup a basic patch management
solution for your Linux network is ready that lets you manage the updates and
applications available to the machines as well as reduces Internet bandwidth
considerably.