Automated kernel updates
Hello, I plan to recheck SuSE's security updates before installing them on the machines. "Normal" packages are easy. I just imitate an update mirror with just links in it. If a link exists the corresponding patch will be installed. This way I can use SuSE's online_update. Kernel updates on the other hand should just be installed when the system is going down. Furthermore I want the last working kernel not to be deinstalled when the new kernel is being installed. "rpm -i" would do this for me so I have vmlinuz (new kernel) and vmlinuz.previous (last working kernel) later on. Does anyone have such a system installed at his/her site? Otherwise there is some work to do for me... Can you give me some advises on the implementation? Thanks in advance Andreas -- | Andreas Haupt | E-Mail: andreas.haupt@hmi.de | Hahn-Meitner-Institut (DN) | WWW: | Glienicker Straße 100 | Phone: +49/30/8062-2597 | 14109 Berlin | Fax: +49/30/8062-2096
On Sep 30, Andreas Haupt <andreas.haupt@hmi.de> wrote:
Hello,
I plan to recheck SuSE's security updates before installing them on the machines. "Normal" packages are easy. I just imitate an update mirror with just links in it. If a link exists the corresponding patch will be installed. This way I can use SuSE's online_update.
Kernel updates on the other hand should just be installed when the system is going down. Furthermore I want the last working kernel not to be deinstalled when the new kernel is being installed. "rpm -i" would do this for me so I have vmlinuz (new kernel) and vmlinuz.previous (last working kernel) later on.
I think you want to look at my project: Fast OnlineUpdate for SuSE (fou4s) http://fou4s.gaugusch.at/ It sends you email notification for all updates, downloads them automatically and installation is just at your fingertips. Kernels are automatically backup'ed (vmlinuz.fou4s). Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \
Markus Gaugusch wrote:
On Sep 30, Andreas Haupt <andreas.haupt@hmi.de> wrote:
Hello,
I plan to recheck SuSE's security updates before installing them on the machines. "Normal" packages are easy. I just imitate an update mirror with just links in it. If a link exists the corresponding patch will be installed. This way I can use SuSE's online_update.
Kernel updates on the other hand should just be installed when the system is going down. Furthermore I want the last working kernel not to be deinstalled when the new kernel is being installed. "rpm -i" would do this for me so I have vmlinuz (new kernel) and vmlinuz.previous (last working kernel) later on.
I think you want to look at my project: Fast OnlineUpdate for SuSE (fou4s) http://fou4s.gaugusch.at/
It sends you email notification for all updates, downloads them automatically and installation is just at your fingertips. Kernels are automatically backup'ed (vmlinuz.fou4s).
Looks nice! But I have a little problem: It seems that you can only use ftp/http/rsync server to load the patches from. A (nfs) directory like in /etc/suseservers (dir://<directory>) doesn't seem to work. Do I have to setup an internal web server that exports this directory via http? Greetings Andreas -- | Andreas Haupt | E-Mail: andreas.haupt@hmi.de | Hahn-Meitner-Institut (DN) | WWW: | Glienicker Straße 100 | Phone: +49/30/8062-2597 | 14109 Berlin | Fax: +49/30/8062-2096
On Sep 30, Andreas Haupt <andreas.haupt@hmi.de> wrote:
Markus Gaugusch wrote:
I think you want to look at my project: Fast OnlineUpdate for SuSE (fou4s) http://fou4s.gaugusch.at/
It sends you email notification for all updates, downloads them automatically and installation is just at your fingertips. Kernels are automatically backup'ed (vmlinuz.fou4s).
Looks nice! But I have a little problem: It seems that you can only use ftp/http/rsync server to load the patches from. A (nfs) directory like in /etc/suseservers (dir://<directory>) doesn't seem to work.
You can mount the directory containing the patches to /var/cache/fou4s/packages (or set RpmDir in /etc/fou4s.conf) Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \
/ 2004-09-30 12:02:25 +0200 \ Markus Gaugusch:
On Sep 30, Andreas Haupt <andreas.haupt@hmi.de> wrote:
Markus Gaugusch wrote:
I think you want to look at my project: Fast OnlineUpdate for SuSE (fou4s) http://fou4s.gaugusch.at/
It sends you email notification for all updates, downloads them automatically and installation is just at your fingertips. Kernels are automatically backup'ed (vmlinuz.fou4s).
Looks nice! But I have a little problem: It seems that you can only use ftp/http/rsync server to load the patches from. A (nfs) directory like in /etc/suseservers (dir://<directory>) doesn't seem to work.
You can mount the directory containing the patches to /var/cache/fou4s/packages (or set RpmDir in /etc/fou4s.conf)
better: MNTPOINT=/var/cache/fou4s/packages/localdir mkdir $MNTPOINT mount #something# $MNTPOINT or LOCALDIR=<<directory>> ln -s $DIR /var/cache/fou4s/packages/${LOCALDIR##*/} that way you can have both remote (which will get wget/rsync'ed) or local dirs (which just happen to be there). lge
Lars Ellenberg wrote:
Looks nice! But I have a little problem: It seems that you can only use ftp/http/rsync server to load the patches from. A (nfs) directory like in /etc/suseservers (dir://<directory>) doesn't seem to work.
You can mount the directory containing the patches to /var/cache/fou4s/packages (or set RpmDir in /etc/fou4s.conf)
better: MNTPOINT=/var/cache/fou4s/packages/localdir mkdir $MNTPOINT mount #something# $MNTPOINT or LOCALDIR=<<directory>> ln -s $DIR /var/cache/fou4s/packages/${LOCALDIR##*/}
that way you can have both remote (which will get wget/rsync'ed) or local dirs (which just happen to be there).
I tried both. They only work if I have a "server" entry in the config file. Maybe I'm just too blind to see it. I have a directory /net/linux/updates/suse91/i386/update/9.1/ containing the normal entries (mirror): dice:/var/cache/fou4s # ls /net/linux/updates/suse91/i386/update/9.1/ . .. misc patches patches.obsolete rpm scripts What exactly do I have to set as RpmDir in /etc/fou4s.conf? Thanks Andreas -- | Andreas Haupt | E-Mail: andreas.haupt@hmi.de | Hahn-Meitner-Institut (DN) | WWW: | Glienicker Straße 100 | Phone: +49/30/8062-2597 | 14109 Berlin | Fax: +49/30/8062-2096
/ 2004-10-04 14:34:08 +0200 \ Andreas Haupt:
Lars Ellenberg wrote:
Looks nice! But I have a little problem: It seems that you can only use ftp/http/rsync server to load the patches from. A (nfs) directory like in /etc/suseservers (dir://<directory>) doesn't seem to work.
You can mount the directory containing the patches to /var/cache/fou4s/packages (or set RpmDir in /etc/fou4s.conf)
better: MNTPOINT=/var/cache/fou4s/packages/localdir mkdir $MNTPOINT mount #something# $MNTPOINT or LOCALDIR=<<directory>> ln -s $DIR /var/cache/fou4s/packages/${LOCALDIR##*/}
that way you can have both remote (which will get wget/rsync'ed) or local dirs (which just happen to be there).
I tried both. They only work if I have a "server" entry in the config file. Maybe I'm just too blind to see it.
I have a directory /net/linux/updates/suse91/i386/update/9.1/ containing the normal entries (mirror):
dice:/var/cache/fou4s # ls /net/linux/updates/suse91/i386/update/9.1/ . .. misc patches patches.obsolete rpm scripts
What exactly do I have to set as RpmDir in /etc/fou4s.conf?
one way: you have some server actually using "standard" fou4s configuration, and it gets the packages, too. you export readonly its RpmDir (just leave it as /var/cache/fou4s/packages), and you mount that to your local box mount your-fou4s-server:/var/cache/fou4s/packages \ /var/cache/fou4s/packages on the local box, you put the same server in the config, you just never run fou4s -u, you only run fou4s -eni other way (you want your "fou4s client" boxes not only to not access the web, you want them to only see "approved" packages. point the local box to some "invented" server, like "my.approved.fou4s.updates", still you can not use -u or -d then, on the server, you have something like /var/cache/fou4s/packages/ftp.gwdg.de/... with all the normal patches /var/cache/fou4s/packages/my.approved.fou4s.updates/..., where you make copies or links of the full tree, BUT you have the patches/* subdirectory on its own. once approved, you copy/link the patch description: ln -s /var/.../packages/{f.g.d,my.a.f.u}/i/u/9.0/patches/<approved description> maybe additionally: implement dir:// prefix in fou4s script, and just skip any downloading operation for [[ SERVERURL == dir://* ]] if you would like the dir:// to actually temporary mount a nfs share, that needs some time hacking additional routines into fou4s. if you mount it before hand, and only point fou4s at the mountpoint, that would be an easy thing to implement. it "just" needs to ba added at all places. hth, lge
/ 2004-09-30 09:08:40 +0200 \ Andreas Haupt:
Hello,
I plan to recheck SuSE's security updates before installing them on the machines. "Normal" packages are easy. I just imitate an update mirror with just links in it. If a link exists the corresponding patch will be installed. This way I can use SuSE's online_update.
Kernel updates on the other hand should just be installed when the system is going down. Furthermore I want the last working kernel not to be deinstalled when the new kernel is being installed. "rpm -i" would do this for me so I have vmlinuz (new kernel) and vmlinuz.previous (last working kernel) later on.
Does anyone have such a system installed at his/her site? Otherwise there is some work to do for me... Can you give me some advises on the implementation?
you ever looked at http://fou4s.gaugusch.at ?
The Thursday 2004-09-30 at 09:08 +0200, Andreas Haupt wrote:
deinstalled when the new kernel is being installed. "rpm -i" would do this for me so I have vmlinuz (new kernel) and vmlinuz.previous (last working kernel) later on.
Not enough. You also need the old version of /lib/modules/kernel-{oldversion}/*, the whole tree. -- Cheers, Carlos Robinson
Carlos E. R. wrote:
The Thursday 2004-09-30 at 09:08 +0200, Andreas Haupt wrote:
deinstalled when the new kernel is being installed. "rpm -i" would do this for me so I have vmlinuz (new kernel) and vmlinuz.previous (last working kernel) later on.
Not enough. You also need the old version of /lib/modules/kernel-{oldversion}/*, the whole tree.
That's part of the kernel package and remains on the system therefor. Greetings Andreas -- | Andreas Haupt | E-Mail: andreas.haupt@hmi.de | Hahn-Meitner-Institut (DN) | WWW: | Glienicker Straße 100 | Phone: +49/30/8062-2597 | 14109 Berlin | Fax: +49/30/8062-2096
participants (4)
-
Andreas Haupt -
Carlos E. R. -
Lars Ellenberg -
Markus Gaugusch