Re: yum update best practices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

sprizes@xxxxxxxxx wrote:

Hello, we run approximately 400 Centos servers at our company. We use
cfengine for configuration management.

I am looking for some documentation to do patching including kernel
patches. I was thinking of just having each host run yum update via
cfengine but not sure if there are any gotchas there? Should I just do
yum update? or should i exclude the kernel and be more careful with
those? how about glibc?



Patches or updates .. BIG difference :D
Whether you need to exclude certain packages from update depends upon the machines and functionality.
If you have local hardware drivers or other things that must be redone between kernels, then manually updating them would be good. Other things like DRBD (requires a new kmod) could also dictate a need for a manual upgrade. 

If you have none of those issues, then upgrades of the kernel should be OK.
Other things like glibc need to be updated as well, as newer packages are built against newer glibc's. In practice, there is not usually a huge difference between the glibc's and new ones are only bug fixes or security fixes anyway. 


I am wondering what other people out there do with such large
installations. I'd very much appreciate any help or suggestions on
this.
I would maintain a "TESTED" repo that contains the configuration I wanted on every machine and run yum update to keep the machines at that level. 

Personally, I do important servers manually ... but that's just me.



Also, kinda related to the above is my question about the correct yum
behavior when installing kernels. I've seen it sometimes make the new
kernel the default in grub.conf but sometimes it doesnt? what is the
designed behavior?
The designed behavior is to make the most recently installed kernel (of the type specified in /etc/sysconfig/kernel ) be the default kernel ... if UPDATEDEFAULT=yes. If someone has shifted to the kernel-PAE package, they would need to update /etc/sysconfig/kernel to make it set kernel-PAE and not kernel as the default.
If both settings are correct, then after install of a new kernel, it should be made the default.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux