Re: I'm searching for a network wide system update tool - fun stuff
hi ya
> On Sun, Jan 19, 2003 at 02:18:16PM +0100, Ivo Marino wrote:
>
> > I think using a cron-job like cron-apt for updating security related
> > packages automaticly on the servers not only could be a problem
> > considering the securtiy point of view but also this could corrupt a
> > server configuration and leave the system/service out of function.
>
d/l all the *.deb changes to your test.foo.com server
- test that the patches works ... nothing breaks
- than release (copy over ) the tested *.deb to your local ( deb.foo.com )
debian distribution server
- on each client box in your lan, add deb.foo.com to your sources.list
files ( be sure that all the *.deb are tested packages )
- in cron, on each box... run apt-get update and apt-get upgrades
- if you wanna force certain changes to occur now, send a command
to target pc to update "this file now" from the dist servers
c ya
alvin
pushing changes is bad idea
- you do not know if the changes was performed
- achine could be offline,
- you will get timeouts, slowing down other updates
- you can only update a limited number of machine
pulling changes is good..
- only machines that are up will update itself
- you can support hundreds/thousands of client boxes
> =====
>
> #!/bin/sh
> FIREWALLS="fw1 fw2"
> SERVERS="srv1"
> WORKSTATIONS="wk1 wk2 wk3"
> XTERMS="xt1 xt2 xt3"
>
> case $1 in
> "-f") HOSTS=$FIREWALLS;;
> "-s") HOSTS=$SERVERS;;
> "-w") HOSTS=$WORKSTATIONS;;
> "-x") HOSTS=$XTERMS;;
> "-a") HOSTS="$FIREWALLS $SERVERS $WORKSTATIONS $XTERMS";;
> *) echo "Usage: $0 (-f|-s|-w|-x|-a) command"; exit 1;;
> esac
> shift
> for HOST in $HOSTS; do
> echo $HOST:
> /usr/bin/ssh $HOST ${1+"$@"}
> done
>
Reply to: