On 30/09/2014 3:59 am, Chris Beattie wrote: > I have a mix of CentOS 5, 6, and now 7 servers at work. There are enough of them now that it is starting to make sense for them to get updates from an internal source. > > I've seen RHN Satellite in years past. It looks like it may be a way to allow Windows admins here (familiar with WSUS) to update Linux boxes. A local repo might be easier to set up, but (as with Spacewalk) it seems like we'd end up with a lot of packages we don't need. A proxy and a sufficiently-large cache might do the trick if the first Linux box to get updates populates the cache which the files the others will need, but I haven't looked into this enough to see if there's even a way that works. > > How do you all keep a dozen or more Linux boxes updated? Hi Chris, Either a local mirror or spacewalk will do what you want. I find at my site with relatively little but expensive bandwidth, the cost of disks is much less compared to download time. Hence, I initially just mirrored over rsync and now rsync the changes every day or more frequently as required. At that stage my local machines pointed to the local mirror over my LAN. FWIW my current disk usage is about 0.7TB and I'm mirroring: -) centos -) cygwin -) dell -) epel -) rpmforge -) spacewalk After that, I then moved to spacewalk to manage the 30 or so CentOS machines currently in production. The effort to set up and maintain was not that great and the GUI front end is great for snapshots of the current state of my machines. Nice reporting tool for management. Currently I'm also moving into the OpenSCAP interface of SpaceWalk to provide the compliance reports that my company is starting to require. We do non-military civil engineering type work for government and its surprising the trickle down security and audit requirements being pushed down. I know that this can all be scripted but with a little set up its surprisingly easy via the GUI. Another big plus for me is that I love the local mirror that also makes spacewalk simpler. We do a bit of R&D so find when testing new servers a kickstart off the local http mirror is really quick. Initial application deployment on the kickstarts come directly off http - as previously mentioned if you run a local squid instance here this can be even faster. Next, the first step in my %POST of the kickstart is a couple of lines to disable the native repos and connect to SpaceWalk. From there all packages are deployed off SpaceWalk but still its over http so squid may still speed things up. The big move to make SpaceWalk viable for me though, was a few years ago when it fully supported PostgreSQL over Oracle. I didn't have an Oracle license and the free version maxed out with three centos channels covering both x86_64 and i386 architectures. Finally, as a number of my developers are and want to continue to use Ubuntu/Debian, now that SpaceWalk supports debian packages, I'm looking at starting to mirror those channels and publish via SpaceWalk as well for auditing purposes. My devs have a lot of freedom on their own platforms, so if I can at least have an overview of their status that helps me. I also mirror EPEL. And publish it via SpaceWalk for all the same reasons. Hope that helps, -pete -- Peter Brady Email: pdbrady@xxxxxxxxxx Skype: pbrady77
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos