Maintenance script: Created page with " === What is this page about ? === On this page, we will consider all RPM updates, except for kernel updates which are fully explained [http://mon.iihe.ac.be/trac/t2b/wiki/Ke..."

2015-08-26T12:28:53Z

Created page with " === What is this page about ? === On this page, we will consider all RPM updates, except for kernel updates which are fully explained [http://mon.iihe.ac.be/trac/t2b/wiki/Ke..."

New page

=== What is this page about ? ===
On this page, we will consider all RPM updates, except for kernel updates which are fully explained [http://mon.iihe.ac.be/trac/t2b/wiki/KernelUpdate here].

Most of the time, these updates are to be done after a critical vulnerability has been discovered and the patched RPMs have been released.

=== Where to find the updates ? ===
For Scientific Linux, updates can be downloaded here :
http://linux.web.cern.ch/linux/updates/

Be careful when determining the list of RPM updates to download : there might be dependencies ! It is always a good thing to simulate a "yum update" of the RPMs you would like to update, that way you will see if additional RPMs are needed. As an example, after the critical vulnerability CVE-2010-4170 was discovered, it was asked to site-admins to update systemtap-runtime. Simulating a "yum update systemtap-runtime" on one of our machine, we got :
<pre>
...
Dependencies Resolved

======================================================================================================================================================
Package Arch Version Repository Size
======================================================================================================================================================
Updating:
systemtap x86_64 1.1-3.el5_5.3 sl-security 2.2 M
systemtap-runtime x86_64 1.1-3.el5_5.3 sl-security 85 k
Installing for dependencies:
kernel-devel x86_64 2.6.18-194.26.1.el5 sl-security 5.4 M
...
</pre>
This simulation reveals that updating RPMs systemtap and systemtap-runtime requires that we also update kernel-devel !

=== Adding the updates to BEgrid repository ===
This task is described [http://mon.iihe.ac.be/trac/t2b/wiki/GridAdminSurvivalGuide#AddsomeRPMstotheBEgridrepositorywithswrep here].

=== Updating the errata template ===
For each OS, there should be an errata template that tells the updates to apply :
<pre>
cfg/sites/begrid/os/<OperatingSystem>/rpms/errata.tpl
</pre>
These updates should normally be applied using the pkg_ronly function (update RPM will be installed only if a previous version is found). Note : with pkg_repl, the RPM will be installed no matter an older version was installed earlier.
As an example, here is the content of the errata template for OS SL5.3 x86_64 :
<pre>
#cat ~/workspace/central-begrid-v6/cfg/sites/begrid/os/sl530-x86_64/rpms/errata.tpl

template rpms/errata;

'/software/packages'=pkg_ronly('glibc','2.5-49.el5_5.7','i686');
'/software/packages'=pkg_ronly('glibc','2.5-49.el5_5.7','x86_64');
'/software/packages'=pkg_ronly('glibc-common','2.5-49.el5_5.7','x86_64');
'/software/packages'=pkg_ronly('glibc-devel','2.5-49.el5_5.7','i386');
'/software/packages'=pkg_ronly('glibc-devel','2.5-49.el5_5.7','x86_64');
'/software/packages'=pkg_ronly('glibc-headers','2.5-49.el5_5.7','x86_64');
'/software/packages'=pkg_ronly('glibc-utils','2.5-49.el5_5.7','x86_64');
</pre>

=== Activate update deployment in your site ===
Updates defined in errata.tpl are only applied if the variable PKG_DEPLOY_OS_ERRATA is true. It is set by default to false at the BEgrid level. So, to activate the updates deployment, we had to add :
<pre>
variable PKG_DEPLOY_OS_ERRATA = true;
</pre>
in the template :
<pre>
cfg/sites/iihe-production/site/global_variables.tpl
</pre>

{{TracNotice|{{PAGENAME}}}}

OSErrata - Revision history

Maintenance script: Created page with " === What is this page about ? === On this page, we will consider all RPM updates, except for kernel updates which are fully explained [http://mon.iihe.ac.be/trac/t2b/wiki/Ke..."