[TriLUG] large-scale patch rollouts?

[Joseph Tate]

David R.Matusiak wrote:

> hello Linux enthusiasts --
>
> please don't flame my foolish question, but it is possible to roll out 
> linux security patches to a network of machines at the same time?  
> also, are there any known security vulnerabilities presented by doing 
> such a thing?
>
> i know up2date is the tool to apply patches to a single (Red Hat) 
> machine, but can this functionality be extended to tens or hundreds of 
> machines?
>
> i'm looking for more ammunition for my "switch campaign."  can't 
> really tell people "Linux is better" if they have to waste massive 
> amounts of time applying patches across a large network of systems, ya 
> know.
>
> i know you can use Kickstart/Jumpstart to automate multiple system 
> builds, now i'm wondering about ways to speed up/automate on-going 
> administration.  the ideas would be primarily aimed at Windows admins, 
> so they can see an advantage in Open Source.
>
> muchas gracias!
> dave m.
>
You really should take a look at Yum: http://linux.duke.edu/yum/.
 As a cron job run every night, it queries new packages from a 
repository you specify.  You push patches when you've tested them.  I've 
been using it for years.  The other alternative is Current, which is a 
locally run up2date server, of course then all dependency calculations 
are done on the server, and it requires some muscle.  All Yum requires 
is an FTP or HTTP server.  Others will tout apt or urpmi, but I've not 
found them to be easier to use or more feature complete, contrarily, 
with yum it's easy to script individual package listings to give to 
hosts based on IP or some other criteria.  That's not the case with apt.

Joseph