Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] remote updating suses
On Monday 04 February 2002 08:17, you wrote:

> we are servicing older suses, how to update without
> console access ?
>
> the real question is, what constitutes a suse version.
>
> the kernel ?
> the base packages ?
> the glibc/shlib ?
>
> or the partitioning of applications in packages
> e.g. traceroute jumped from nkitb to nkita to traceroute.

I'd say a consistent set of rpm's issued by SuSE, and with YaST & YaST2
agreeing with the new version for updates (there's a note about that failing
on some updates in support DataBase, which gives a clue about the files that
define that)

In this situation, what I prefer is to prepare a general system, and scripts
to quickly customise it. Then I duplicate the disks (Upgrading your Hard
Disk Mini-HOWTO is useful), and simply send them out already prepared with
correct network addresses etc. Might mean copying some special per server
config that a particular server needs onto the replacement disk, not just
host names, IP addresses, and rerunning lilo.

Doing this requires planning ahead, and using a smallish number of classes of
hardware. Things like Hardware RAID controllers can complicate the issue,
and it may be impractical if servers have been 'bespoke install and
administered'. Sometimes it's easier to send a whole new server out, and
whoever replaces the old one in the rack, can simply attach the SCSI cable
for external data disks.

Personally I definitely wouldn't try an install or an upgrade remotely from
CD-ROM or ftp server, there's just too much that can go wrong. Most of my
experience with this was with Sun hardware using SunOS 4.1, but a similar
approach worked fine for me with co-located Linux boxes.

Rob

< Previous Next >
References