How to install security updates using quattor
Note: this article describes an ad-hoc way of installing updates. The standard and preferred method is described in the article Installing_updates:_OS,_CAs_Quattor,_VL-e. The process below should only be used as a temporary measure in very urgent cases.
To install ad-hoc security updates, proceed as follows:
- Download the rpm(s) to one of the existing (updates) repositories at stal. Use a repository in which the rpm will also appear when a proper installation of updates in done. Typically, the rpm will be present in the OS or grid middleware repositories, although it may also appear in the "mirror/nikhef" catch-all repo.
- Find an appropriate quattor template to install the updated version of the rpm. This will typically be $L/cfg/os/<DISTRO>/rpms/updates.tpl or under $L/cfg/grid/<GLITE-VERSION>/update/<GLITE-UPDATE>/<ARCH>/rpms.tpl. Add a line like below to this file:
to force installation of the package if any other version would be installed anyway. The line above will install 'new-version' instead of any earlier version. If the package should be installed irrespective of whether it was installed earlier, use pkg_repl instead of pkg_ronly. Note that installing kernel updates requires special actions. Details are described in Installing_updates:_OS,_CAs_Quattor,_VL-e.
- Refresh the contents of the repository contents and try to build all object template(s) involved:
makexprof -u -A
- If the build was successful, commit the changed templates to SVN.
- Login as ndpfmgr at stal, refresh from SVN and deploy the profiles:
pushxprof -u -A
- Check on the node(s) that the new versions have been installed and that there were no package conflicts. If there were problems, fix them in the templates and follow the rest of the procedure.