From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JC0ve-0006vG-5x for garchives@archives.gentoo.org; Mon, 07 Jan 2008 22:58:46 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3949FE0643; Mon, 7 Jan 2008 22:58:44 +0000 (UTC) Received: from adsum.doit.wisc.edu (adsum.doit.wisc.edu [144.92.197.210]) by pigeon.gentoo.org (Postfix) with ESMTP id 20A40E0643 for ; Mon, 7 Jan 2008 22:58:44 +0000 (UTC) Received: from avs-daemon.smtpauth1.wiscmail.wisc.edu by smtpauth1.wiscmail.wisc.edu (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) id <0JUA00403QHV5Y00@smtpauth1.wiscmail.wisc.edu> for gentoo-server@lists.gentoo.org; Mon, 07 Jan 2008 16:58:43 -0600 (CST) Received: from omnius.wisc.edu (static-208-212.vpn.wisc.edu [146.151.208.212]) by smtpauth1.wiscmail.wisc.edu (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) with ESMTPSA id <0JUA00LUNQHP9760@smtpauth1.wiscmail.wisc.edu>; Mon, 07 Jan 2008 16:58:43 -0600 (CST) Date: Mon, 07 Jan 2008 16:58:36 -0600 From: Brian Kroth Subject: Re: [gentoo-server] I search a Gentoo Linux "update system" In-reply-to: <47829F45.9030208@ng-lab.org> To: sysspoof Cc: gentoo-server@lists.gentoo.org Mail-followup-to: sysspoof , gentoo-server@lists.gentoo.org Message-id: <20080107225836.GA13233@omnius.wisc.edu> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org MIME-version: 1.0 Content-type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary=YiEDa0DAkWCtVeE4 Content-disposition: inline X-Spam-Report: AuthenticatedSender=yes, SenderIP=146.151.208.212 X-Spam-PmxInfo: Server=avs-11, Version=5.3.3.310218, Antispam-Engine: 2.5.2.313940, Antispam-Data: 2008.1.7.144608, SenderIP=146.151.208.212 References: <478238C3.1010201@ng-lab.org> <20080107150442.GA4924@bpkroth-tux.hslc.wisc.edu> <47829F45.9030208@ng-lab.org> User-Agent: Mutt/1.5.16 (2007-06-09) X-Archives-Salt: 11538f1a-7c0b-454f-bcc9-a403e88a7f9f X-Archives-Hash: 08c645aa67c78b80a827da74c4924784 --YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Forgot to copy the list originally: sysspoof : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Brian > > Your work sounds interesting to me. > 2 questions so far: > - - Is it also possible to "download" the portage tree and pre-compiled= =20 > packages, perhaps with modified mirror url in make.conf? I use different= =20 > networks for the servers, so sharing is not an option. man make.conf, PORTAGE_BINHOST is what you want. In the tar below there's a script, emerge-binpkg, that makes downloading those packages a little quicker than emerge -g, which tries to maintain a cache. > - - You wrote other features are planned, will you work them out? At some point, when I have time. The database schema should show you what I have planned. Everything is just a name value pair for the post part. > Unfortunately I have no perl experience and I haven't got time to=20 > contribute with perl. But I would appreciate to see your work. Why not ma= ke=20 > it public? If I am possible to use your scripts I'd like to give you repo= rt=20 > and constructive input based on practical experience. Well, this is my second or third perl project as well. Don't learn unless you try, right? I think all the relevant scripts should be in there. Probably need to emerge/cpan some perl modules. = = =20 https://mywebspace.wisc.edu/bpkroth/web/update-summary-scripts/update-summa= ry-scripts.tar.bz2 Anyone else out there do something similar? Brian > Brian Kroth wrote: > | I imagine you're looking for something along the lines of WSUS. There= =20 > are > | lots of ways to organize a set of (gentoo) servers, so I don't know if > | there's one common tool out there to accomplish this just yet. However, > | since it can be a chore to manage many of them individually, I've been > | working on something kinda like this in my spare time. The current mod= el > | is as follows: > | > | - A build server for each class of servers. They build updates for the= ir > | clients nightly. > | > | - "Client" servers (auto) nfs mount the portage tree and packages dir f= or > | their build server. Each client runs some reports each night that are > | emailed to a common account. The reports include the output from the > | following: emerge -NDu world, glsa-check -p affected, revdep-rebuild = -p > | > | - Some procmail filters/perl scripts take each of those emails and dump > | them into a database for web viewing. Various other features are > | planned for the web end, like inventory information, diffs of these > | reports, etc. Logwatch data is also split up by type and dumped in > | here. > | > | - Another cron script sifts through the reports in the database from th= at > | day and compiles a summary report. > | > | Originally there were only a few servers, so a few emails to check a day > | was no biggie, but eventually I needed a way to summarize it. I admit > | this is isn't the most efficient way of getting that, but its been > | evolving rather slowly. > | > | Anyways, if anyone's interested I can post the procmailrc, scripts, and= =20 > db > | schema somewhere. > | > | Here's an example of a security-check summary report. Currently the=20 > output is > | split up by server class via data from the database and is formatted to= =20 > allow > | copy and paste execution on all hosts via cssh. > | > | gentoo-i686ws update list: > | You can perform the following command(s) to update the hosts wi= th=20 > their updates: > | # cssh \ > | rocket > | > | # emerge -1ka \ > | =3Dnet-analyzer/wireshark-0.99.7 > | > | > | gentoo-ppcencoder update list: > | You can perform the following command(s) to update the hosts wi= th=20 > their updates: > | # cssh \ > | ppcencoder01 \ > | ppcencoder02 \ > | ppcencoder03 \ > | ppcencoder04 \ > | ppcencoder05 \ > | ppcencoder06 \ > | ppcencoder07 \ > | ppcencoder08 \ > | ppcencoder09 \ > | ppcencoder10 \ > | ppcencoder11 > | > | # emerge -1ka \ > | =3Dapp-admin/syslog-ng-2.0.6 > | > | > | gentoo-p4srv update list: > | You can perform the following command(s) to update the hosts wi= th=20 > their updates: > | # cssh \ > | mysql1 \ > | mysql2 \ > | gentest > | > | # emerge -1ka \ > | =3Dapp-admin/syslog-ng-2.0.6 > | > | Brian > | > | sysspoof : > | Hello ML members, > | > | I am curious if there is any update system available for Gentoo Linux > | server for corporate use. > | With update system I mean a full concept with dist host, perhaps a > | webinterface where you can see all available server and what packages a= re > | out of date, cron job for daily --sync and world update. It should also > | contain a guide, shows how to configure the Gentoo server for those > | updates. For example it should recommend settings like > | FEATURES=3D"protect-collisions" etc. > | > | Any input? > | > | Thank you, > | > |> > - -- > gentoo-server@lists.gentoo.org mailing list > |> > > - -- > Patrick Grieshaber > sysspoof@ng-lab.org > http://ng-lab.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHgp9FPtCAYLeEIgwRAsDTAJ91R4Ow77p6Bri6ptw4MTu6/Q0bWwCfWjAd > 65UjzQBpHsIOCVDy7bKl1RI=3D > =3DuYMe > -----END PGP SIGNATURE----- > > --=20 > gentoo-server@lists.gentoo.org mailing list > --YiEDa0DAkWCtVeE4 Content-Type: application/x-pkcs7-signature Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIIIjAYJKoZIhvcNAQcCoIIIfTCCCHkCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC BmkwggNtMIIC1qADAgECAgIDizANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMCVVMxKzAp BgNVBAoTIkRpdmlzaW9uIG9mIEluZm9ybWF0aW9uIFRlY2hub2xvZ3kxIzAhBgNVBAsTGkZh Y3VsdHkgLSBTdGFmZiAtIFN0dWRlbnRzMSgwJgYDVQQDEx9Vbml2ZXJzaXR5IG9mIFdpc2Nv bnNpbi1NYWRpc29uMB4XDTA3MDYwNjE4MDI0MFoXDTA4MDYwNTE4MDI0MFowgfsxCzAJBgNV BAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xKDAmBgNVBAoT H1VuaXZlcnNpdHkgb2YgV2lzY29uc2luLU1hZGlzb24xIzAhBgNVBAsTGkZhY3VsdHkgLSBT dGFmZiAtIFN0dWRlbnRzMRMwEQYDVQQLEwpUb2tlbiAtIG5vMRIwEAYDVQQuEwlVVzE1MFE3 MDcxFzAVBgoJkiaJk/IsZAEBEwdicGtyb3RoMRQwEgYDVQQDEwtCcmlhbiBLcm90aDEfMB0G CSqGSIb3DQEJARYQYnBrcm90aEB3aXNjLmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEAq4DtEuA/qy52kFDN9016QqYtxUAZ3NY60FwsB3zbRg/Gn4hr/XLALelcbzIPEwjw865u Y+KPgzEKYOEFTELiN4fKLoWVwx4IVuzU2b/ZVFkRUxVhZUqPgRE4ZhWA9Xx4vFDny/i6OoXN esZPYC1QuK2ppyVxGwhV4L+ZGIStbfkCAwEAAaNwMG4wDgYDVR0PAQH/BAQDAgXgMDsGA1Ud HwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvd2lzY29uc2luLmNy bDAfBgNVHSMEGDAWgBQcnlJSGwRiRyxrLAG4afGpNywjJDANBgkqhkiG9w0BAQUFAAOBgQB9 JDpPA+Wq7IratJDr4PL9Zf6V9WmnZ5ayNnZk1jwGkMH7QKTMa8IzlE16J1B77RLgkP4rWWB+ lBAa1sYkc4sd5n6igvkZDDvHse8Y5KXC4memMP7ntOIAOfBgUtMp6dwu31QN4IMgKwXBkgh1 TKaGe4aM37+seIi5C3CI+PQQljCCAvQwggJdoAMCAQICAkRNMA0GCSqGSIb3DQEBBQUAMFMx CzAJBgNVBAYTAlVTMRwwGgYDVQQKExNFcXVpZmF4IFNlY3VyZSBJbmMuMSYwJAYDVQQDEx1F cXVpZmF4IFNlY3VyZSBlQnVzaW5lc3MgQ0EtMTAeFw0wNTA4MjkxNjA3MjBaFw0xNTA4Mjkx NjA3MjBaMIGJMQswCQYDVQQGEwJVUzErMCkGA1UEChMiRGl2aXNpb24gb2YgSW5mb3JtYXRp b24gVGVjaG5vbG9neTEjMCEGA1UECxMaRmFjdWx0eSAtIFN0YWZmIC0gU3R1ZGVudHMxKDAm BgNVBAMTH1VuaXZlcnNpdHkgb2YgV2lzY29uc2luLU1hZGlzb24wgZ8wDQYJKoZIhvcNAQEB BQADgY0AMIGJAoGBAOhIUdwld8sfAAlrdOv5Tt8PTX1Wku/ItsIjHrkus1MbKoulSXxSsSUP APYzgT8HfhuRY+tHHzohFSu3xJWgx0wk8q2pqwo4KZ2evy7GMDFxTHyXSYa/1m0Wsg5c11u8 J6/tR8yqu7RWIJPr+edlPjx8r/cYP7AK5nA7msMFFZqDAgMBAAGjgZ8wgZwwDgYDVR0PAQH/ BAQDAgGGMB0GA1UdDgQWBBQcnlJSGwRiRyxrLAG4afGpNywjJDAfBgNVHSMEGDAWgBRKeDJS EdtZFjZe38EUNkBqR3xMoTAPBgNVHRMBAf8EBTADAQH/MDkGA1UdHwQyMDAwLqAsoCqGKGh0 dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvZWJpemNhMS5jcmwwDQYJKoZIhvcNAQEFBQAD gYEAJfFEWDN3f+cS1o3XqrcgmDdr5h3e37WxerB/YxVfHpsr5UzTGVBwR09zyRA+AtmBrNBE 07HcLSsri/x9o1qJPwtko8GB+ScW9lTvoSoWKf93fkeymKj4T7X2rFV+umJTSmgs850RTh+o Rx0eVGHfc1zHRNjpUiPqZRoaYqjFZ5AxggHrMIIB5wIBATCBkDCBiTELMAkGA1UEBhMCVVMx KzApBgNVBAoTIkRpdmlzaW9uIG9mIEluZm9ybWF0aW9uIFRlY2hub2xvZ3kxIzAhBgNVBAsT GkZhY3VsdHkgLSBTdGFmZiAtIFN0dWRlbnRzMSgwJgYDVQQDEx9Vbml2ZXJzaXR5IG9mIFdp c2NvbnNpbi1NYWRpc29uAgIDizAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG 9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA4MDEwNzIyNTgzNlowIwYJKoZIhvcNAQkEMRYEFPR8 AFjHd+WlrAVVdurVItBk1ljxMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZI hvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMA0GCSqG SIb3DQEBAQUABIGAS7QNSiBt79kxJmZOj6t4d2FmShxsPh3+52o2ZtvXVFIw3cpf3MrEFGDL XwOG4Y9MIFr3G7huSiNE62loKVkiQRayjUxAnki/UVY9Kr/eVxxABJ0SvRJ+NRfqM9n1JlFs CXtYGQFi0XB+w6mAkWNZpoPuXgmocxctoKtuyZc2mw4= --YiEDa0DAkWCtVeE4-- -- gentoo-server@lists.gentoo.org mailing list