Forum: CFEngine Help Subject: Re: OS patch management -- how to deploy the same patch set to production as you did to testing 3 weeks ago? (How to "take a snapshot" of an OS patch set) Author: sauer Link to topic: https://cfengine.com/forum/read.php?3,23563,23579#msg-23579
We just configure a "test" and "production" local mirror. When we are ready to deploy an updated package to the test environment, we copy the package into the test repo. Once it's ready for production, we copy it into the production repo. We have the yum.d repository definition file(s) packaged into an RPM. So we just make sure that a system has the right RPM, and then simply do a yum update during each system's identified change window. Technically, it's more complicated than test and production. What we actually do is bundle package sets into a release, and then slowly roll the release-referencing yum config out across the environment. For the release bundles themselves, you initially populate a new repo with a "cp -l" and then just remove/add changed packages, so that packages which are the same across releases are hardlinked and only take up the space of another link. If packages need removed with a release, that goes in the config management tool, and the tool uses the release package's version to identify a list of core packages which should be installed and removed. The individual application configs also have a set of packages for the given release which should be present (or not present). It's similar to the Ubuntu solution referenced above. Yeah, it requires maintaining a local mirror. But there is no way we're going to directly updated systems off of the Internet either way, so in my mind that's just a given. :) _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
