[Ma-linux] Re: Centos Up2Date - Best Practices

Fri Jan 4 19:41:53 EST 2008

Tim:

Out of curiosity, and per memory here, why are you using up2date when IIRC yum is the primary "higher level" package manager for CentOS these days on the CLI?  up2date is for RHEL v4.0 and below, with RHEL v5.0 going over to yum now.

Another aspect to consider is what (if any) packages did you manually add that were outside the scope of the base system package listings.  By this, as an example (and this is first hand), we had a client that wanted a web app that for all the "full features" needed PHP 5 and MySQL 5.  The system was RHEL4, which only allowed via the RHEL repo's PHP 4 and MySQL 4.  So we used the RPMs directly from the PHP and MySQL sites, did the build, everything worked nicely.  Upon upgrading to RHEL5 though, the RPMs for MySQL and PHP were "foreign" to RHEL5, so we had some oddities in play dependency wise.  Since we knew what we did, we just remove the previously installed PHP and MySQL from outside of the RHEL repos, used yum to install the "RHEL approved" ones, things work just fine after that.

Just some thoughts to your situation.  In the end, if one were to go "native" and use Linux in any form and fashion by installing outside the "norm" or boundaries within a particular distribution, things do "happen".  If one were to stay within the boundaries of a distribution (CentOS in your case), things should be relatively ok and decent.  So from my personal experience and with my company's policies on consulting on distributions, so far this has not cause any major issues to present date.  The above would be at best one of the "minor issues" we have dealt with in going and using RPM source packages from an outside of the distribution's selection or preference choice.

PS: Pardon any delayed responses to the list since I get and review this in digest format.

--- Crawford
--
The Linux ETC Company
368 South McCaslin Boulevard
Suite 146
Louisville, CO 80027 USA
+1.303.604.2550 (voice)
+1.303.664.0036 (fax)
http://www.linux-etc.com

----- ma-linux-request at calypso.tux.org wrote:
> 
> Message: 1
> Date: Fri, 4 Jan 2008 15:09:00 -0500 (EST)
> From: "Tim Weil" <tweil at securityfeeds.net>
> Subject: [Ma-linux] Centos Up2Date - Best Practices
> To: ma-linux at calypso.tux.org
> Message-ID:
> 	<1417.209.249.182.126.1199477340.squirrel at securityfeeds.net>
> Content-Type: text/plain;charset=iso-8859-1
> 
> This is a generalized question for MA-LUGers -
> 
> My last effort at 'close my eyes' and 'up2date the complete Centos
> system'
> produced some scary results and knocked out my Apache server for
> several
> days.  As a similar process - using MS-Redmond aggregate OS patches
> have a
> way of clobbering the system.
> 
> So what's a SysAdmin to do?  I don't expect to read 50+ bulletins
> software
> upgrades. The blindfold, just hit the update button, doesn't work so
> good
> either.
> 
> Bottom line, how often do SysAdmins go in for system utility/OS
> updates?
> If you don't have 2 servers to stage this on, what alternatives can be
> used.
> A reasonable alternative is - 'if it's not broke, don't fix it'.
> 
> Happy New Year
> 
> -- 
> Tim Weil | CISSP/CISA | SecurityFeeds | 301.452.3641  | fax
> 240.337.1305 |
> http://securityfeeds.net
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 