Situation: public Linux package repositories (for example CentOS) are constantly getting updated by the distro project (e.g. the CentOS developers). New versions are added, old versions removed.
How do you "freeze" a set of packages so that when you run "yum update" on a Prod server it'll get the same package set as your Test server did 3 weeks ago? Let's say your operating policy is "no patch updates without testing first in the test environment". Let's say it takes you 3 weeks to test. Now the source repo has changed (new packages added, old removed). How do you manage that? I talked to a colleague who mirrors Ubuntu repo, and he rsyncs off the local mirror nightly, taking a snapshot of all the packages; and when we wants to "go back in time" 3 weeks, he just points his end nodes at the "3 weeks ago" copy. He's got this integrated into his CM setup (not CFEngine) so he can just say "I want these servers up to date on patches, and I want them to use repository of date X". Does anybody have another solution for this? (And another challenge is that the Linux distro project repos sometimes remove old packages, so going back in time 1 year can be impossible unless you maintain a local mirror and cache.) It'd be cumbersome to keep track of individual package versions, so I like his method of keeping track of the entire repo by date. Does anybody have any other clever solutions for this, or CFEngine policies or experience to share? Yours, -at _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
