On Thu, Mar 20, 2003 at 08:00:39AM -0500, Bill Mills-Curran wrote: subssn594> > I believe you can use a single up2date account to pull down the necessary subssn594> > RPMs and store them locally at which point you can rsync them to your pool subssn594> > of machines and upgrade each that way. subssn594> For most of the updates, that would work great. The kernel updates subssn594> are trickier, I understand. If you are going to do that, you might as well just do everything manually. It is pretty simple to apply errata manually. I mirror Red Hat's FTP site containing the update packages, and I also wrote a script to maintain a tree of just the latest versions of each package: ftp://angus.ind.wpi.edu/pub/mirrors/redhat/linux/updates (full mirror) ftp://angus.ind.wpi.edu/pub/updates (only latest) The latest-only tree is useful with the "rpm -F" command, and is used in my method below. My method for updates is as follows: 1. Determine if the kernel needs to be updated, and install the correct architecture of the main kernel, -smp, and/or -enterprise packages first. Always use rpm -i, so you install the new kernel without deleting the older kernel versions (in case you need to boot back to the old one if there is a problem): uname -r rpm -qa | grep kernel | sort rpm -ivh i686/kernel-2.4.18-27.8.0.i686.rpm i686/kernel-smp-2.4.18-27.8.0.i686.rpm (If you are not using grub bootloader, you may need to mkinitrd, edit /etc/lilo.conf, and re-run /sbin/lilo. Since at least Red Hat 7.2, if you are using the grub bootloader, everything is automatic.) 2. Next handle other packages that have i586 and/or i686 architectures (currently only glibc and openssl are compiled for i586/i686). Use rpm -F (freshen) to only upgrade what you already have installed. You also need to install the i386 sub-packages of each package at the same time (i.e., install the i686 version of openssl, but also the i386 versions of the openssl-devel and openssl-perl packages at the same time): rpm -Fvh i686/openssl-*.i686.rpm i386/openssl-{devel,perl}*.i386.rpm rpm -Fvh i686/glibc-{,debug}-2.3.2-4.80.i686.rpm i386/glibc-{common,debug-static,devel,profile,utils}*.i386.rpm 3. Finally, freshen everything else. This will automatically skip over the above packages which you already installed: rpm -Fvh i386/*.i386.rpm noarch/*.noarch.rpm 4. If you upgraded the kernel, reboot to the new one. If you upgraded glibc, you might want to reboot too. Otherwise, you can get away with just restarting services that use the upgraded packages (like restarting apache and sshd after an openssl upgrade): service httpd restart service sshd restart shutdown -r now -- Charles R. Anderson <cra@wpi.edu> / http://angus.ind.wpi.edu/~cra/ PGP Key ID: 49BB5886 Fingerprint: EBA3 A106 7C93 FA07 8E15 3AC2 C367 A0F9 49BB 5886