Difference between revisions of "How to install security updates using quattor"

From PDP/Grid Wiki
Jump to navigationJump to search
 
Line 3: Line 3:
 
To install ad-hoc security updates, proceed as follows:
 
To install ad-hoc security updates, proceed as follows:
 
* Download the rpm(s) to one of the existing (updates) repositories at stal. Use a repository in which the rpm will also appear when a proper installation of updates in done. Typically, the rpm will be present in the OS or grid middleware repositories, although it may also appear in the "mirror/nikhef" catch-all repo.
 
* Download the rpm(s) to one of the existing (updates) repositories at stal. Use a repository in which the rpm will also appear when a proper installation of updates in done. Typically, the rpm will be present in the OS or grid middleware repositories, although it may also appear in the "mirror/nikhef" catch-all repo.
* Find an appropriate quattor template to install the updated version of the rpm. This will typically be $L/cfg/os/<DISTRO>/rpms/updates.tpl or under $L/cfg/grid/<GLITE-VERSION>/update/<GLITE-UPDATE>/<ARCH>/rpms.tpl. Add a line like below to this file:
+
* Find an appropriate quattor template to install the updated version of the rpm. This will typically be $L/cfg/os/''<DISTRO>''/rpms/updates.tpl or under $L/cfg/grid/''<GLITE-VERSION>''/update/''<GLITE-UPDATE>''/''<ARCH>''/rpms.tpl. Add a line like below to this file:
 
  '/software/packages'=pkg_ronly('package-name','new-version','architecture');
 
  '/software/packages'=pkg_ronly('package-name','new-version','architecture');
 
to force installation of the package if any other version would be installed anyway. The line above will install 'new-version' instead of any earlier version. If the package should be installed irrespective of whether it was installed earlier, use pkg_repl instead of pkg_ronly.
 
to force installation of the package if any other version would be installed anyway. The line above will install 'new-version' instead of any earlier version. If the package should be installed irrespective of whether it was installed earlier, use pkg_repl instead of pkg_ronly.
Line 12: Line 12:
 
  pushxprof -u -A
 
  pushxprof -u -A
 
* Check on the node(s) that the new versions have been installed and that there were no package conflicts. If there were problems, fix them in the templates and follow the rest of the procedure.
 
* Check on the node(s) that the new versions have been installed and that there were no package conflicts. If there were problems, fix them in the templates and follow the rest of the procedure.
 +
 +
Note that installing a single rpm instead of a complete update collection may cause dependency trouble!

Revision as of 16:50, 8 May 2009

Note: this article describes an ad-hoc way of installing updates. The standard and preferred method is described in the article Installing_updates:_OS,_CAs_Quattor,_VL-e. The process below should only be used as a temporary measure in very urgent cases.

To install ad-hoc security updates, proceed as follows:

  • Download the rpm(s) to one of the existing (updates) repositories at stal. Use a repository in which the rpm will also appear when a proper installation of updates in done. Typically, the rpm will be present in the OS or grid middleware repositories, although it may also appear in the "mirror/nikhef" catch-all repo.
  • Find an appropriate quattor template to install the updated version of the rpm. This will typically be $L/cfg/os/<DISTRO>/rpms/updates.tpl or under $L/cfg/grid/<GLITE-VERSION>/update/<GLITE-UPDATE>/<ARCH>/rpms.tpl. Add a line like below to this file:
'/software/packages'=pkg_ronly('package-name','new-version','architecture');

to force installation of the package if any other version would be installed anyway. The line above will install 'new-version' instead of any earlier version. If the package should be installed irrespective of whether it was installed earlier, use pkg_repl instead of pkg_ronly.

  • Refresh the contents of the repository contents and try to build all object template(s) involved:
makexprof -u -A
  • If the build was successful, commit the changed templates to SVN.
  • Login as ndpfmgr@stal, refresh from SVN and deploy the profiles:
pushxprof -u -A
  • Check on the node(s) that the new versions have been installed and that there were no package conflicts. If there were problems, fix them in the templates and follow the rest of the procedure.

Note that installing a single rpm instead of a complete update collection may cause dependency trouble!