Centralized YUM Repository Unix Patch Management
The PVALENTINO YUM repositories live on PATCH.PVALENTINO.ORG
All repositories live under /data01/repository/. The only sub-directory currently present is patch/, which is where all normal package updates go.
Under rhel5-x86_64 (in the example) would contain the actual repository metadata and all the RPM package files. You cannot just place the RPM files into a directory and call it a repository -- you must set up the YUM metadata for that directory before it can be used.
To create the repositories for a scheduled quarterly patch cycle, we will first need to obtain all the current packages for each release of Red Hat Linux and for each platform that it runs on in our environment.
rhel4-i386.systemid RHEL 4 i386
mkdir /data01/repository/patch/q3 ; cd /data01/repository/patch/q3
Clean up an existing repository:
yum clean all
Retrieve the packages for each release/platform (the directories will be automatically created). Use this exact script, in order to get the additional package channels that some systems are subscribed to:
rhnget --systemid=/data01/systemid/rhas21-i386.systemid rhn:///redhat-advanced-server-i386 ./rhas21-i386/
(You will probably want to create a simple script to run the commands, as downloading all the files will take several hours. Scripting it will let you run all of them without having to check on it constantly. Make sure to check the output occasionally to make sure that there weren't any problems during the downloads.)
Once all the files are downloaded, you can turn the directories into YUM repositories. This step will scan the RPMs in the directory and collect information from them, including their versions and dependencies.
In each of the directories under where you ran the rhnget command (e.g., /data01/repository/patch/q3/) you will need to run the following three commands:
Or, for older versions of Linux use:
The createrepo command creates the new-style of YUM metadata, used by newer versions of YUM. The yum-arch command creates the old-style of YUM metadata, required by older versions of YUM. For instance, RHEL 3 systems will not run the newer versions of YUM.
Automated Process Script:
#!/bin/bashif [ "$1" = "" ]thenexit 1fiif [ ! -d /data01/repository/patch/$1 ]; then mkdir /data01/repository/patch/$1 ; ficd /data01/repository/patch/$1rm -f /data01/repository/patch/currentln -s /data01/repository/patch/$1 /data01/repository/patch/currentresult="1"count="0"while [ $result != 0 ] && [ $count -lt 3 ]do/usr/bin/rhnget -vvv --systemid=/data01/systemid/rhel4-i386.systemid rhn:///rhel-i386-as-4 ./rhel4-i386/ 2>&1 | mail -s "$1 rhel4 patch download status" email@example.com=$?count=`expr $count + 1`doneif [ $result = 0 ]; then /usr/bin/createrepo -v ./rhel4-i386;firesult="1"count="0"while [ $result != 0 ] && [ $count -lt 3 ]do/usr/bin/rhnget -vvv --systemid=/data01/systemid/rhel4-x86_64.systemid rhn:///rhel-x86_64-as-4 ./rhel4-x86_64/ 2>&1 | mail -s "$1 rhel4 x86_64 patch download status" firstname.lastname@example.org=$?count=`expr $count + 1`doneif [ $result = 0 ]; then /usr/bin/createrepo -v ./rhel4-x86_64;firesult="1"count="0"while [ $result != 0 ] && [ $count -lt 3 ]do/usr/bin/rhnget -vvv --systemid=/data01/systemid/rhel5-x86_64.systemid rhn:///rhel-x86_64-server-5 ./rhel5-x86_64 2>&1 |mail -s "$1 rhel5-x86_64 patch download status" email@example.com=$?count=`expr $count + 1`doneif [ $result = 0 ]; then /usr/bin/createrepo -v ./rhel5-x86_64;fiexit
0 20 21 2 * /root/patchdownload.sh q10 20 3 6 * /root/patchdownload.sh q20 20 3 9 * /root/patchdownload.sh q30 20 3 11 * /root/patchdownload.sh q4
Congratulations, you have set up the repositories. The next step is to create the configuration files used to update the systems.
Creating YUM Configurations
you would create the following configuration file:
yum-rhel4-i386.tar.gz for RHEL 4 on i386
Once YUM is installed, you only have to issue the following command to start the update process:
Replace quarter with the quarter information (e.g. q3) or the current keyword, and release with the release/platform information (e.g. rhel5-x86_64)
Monitor the system console to ensure that it boots up without any issues. Make sure that all services on the system start up correctly.
mkinitrd initrd-(kernel).img (kernel)
PATCH System Build
The following are the specifications for PATCH.PVALENTINO.ORG. This is a fairly basic Red Hat installation, with only Apache as its major service.
Log into aixapp as root, create a temporary directory (i.e. mkdir /tmp/patchwork), and change to that directory. Copy the LatestFixData51 file that you downloaded into this directory. Then run:
This will generate two files: /tmp/lowerthanmaint.rpt and /tmp/lowerthanlatest1.rpt. The lowerthanlatest1.rpt file is what we need. Copy it to your workstation, and then go to:
That page lets you upload the lowerthanlatest1.rpt file, and get a customized list of what fileset updates you need. Click the Browse button on the page, select the lowerthanlatest1.rpt file, and then click Submit. On the next page, make sure all three checkboxes are selected. Select the operating system revision from the dropdown (use the oslevel -r command on lmsappdev to determine this), and then click Continue.
Installing the Patches
First thing you should do on your target system is to check to make sure that any previously applied patches were committed correctly. Log into the system as root and run installp -s. This will show all software updates that are applied but not committed. If nothing is returned, then you're ready to go. Otherwise, you will need to apply the previous updates by running installp -c all (as the root user.)
After all the patches are installed, the system must be rebooted. If possible, monitor the system console, and make sure the system comes back up normally. If you don't have access to the system console, be advised that it can take 10-15 minutes for the system to become accessible again.
PVALENTINO only has three Solaris systems: sun1, sun2, and sun3. These are all running Solaris 8 on the SPARC architecture.
Installing the Patch Cluster
Create a directory in a filesystem on the target machine that has enough space, change to that directory, and transfer the previously downloaded 8_Recommended.zip file there. Unzip it with the command:
Its a large file, and these aren't very fast systems, so unzipping may take a while. Once unzipped, remove the 8_Recommended.zip file.
The system will reboot, and then ask for the root password to enter maintenance mode. Enter the root password, and you will be at the shell prompt.
You will see plenty of 'Return code 2' and 'Return code 8' messages. These are normal... return code 2 means that the patch was already installed, and return code 8 means that the patch was for a software package that wasn't installed on the system. For other patch codes, Google search for "Solaris Patch Codes" -- there are several lists out there. With the 'tee patchlog' part of the command, all output from the install_cluster script will be written out to a file named patchlog so that you can review all the messages later.
Be advised that it will usually take a good hour or more for it to run through the entire patch process.
Once script is completed, reboot the system by typing 'reboot'.