[gentoo-server] I search a Gentoo Linux "update system"

[gentoo-server] I search a Gentoo Linux "update system"

[sysspoof]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello ML members,

I am curious if there is any update system available for Gentoo Linux 
server for corporate use.
With update system I mean a full concept with dist host, perhaps a 
webinterface where you can see all available server and what packages 
are out of date, cron job for daily --sync and world update. It should 
also contain a guide, shows how to configure the Gentoo server for those 
updates. For example it should recommend settings like 
FEATURES="protect-collisions" etc.

Any input?

Thank you,

- --
Patrick Grieshaber
sysspoof@ng-lab.org
http://ng-lab.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHgjjDPtCAYLeEIgwRAnCdAJ0XHmy7VFzf3aLVNl3QzBJ7hMgaiQCdH2FC
IxcTc4B4rxblJywjDi+yquo=
=dkJr
-----END PGP SIGNATURE-----

-- 
gentoo-server@lists.gentoo.org mailing list

Re: [gentoo-server] I search a Gentoo Linux "update system"

[Brian Kroth]

[-- Attachment #1: Type: text/plain, Size: 3891 bytes --]

I imagine you're looking for something along the lines of WSUS.  There are
lots of ways to organize a set of (gentoo) servers, so I don't know if
there's one common tool out there to accomplish this just yet.  However,
since it can be a chore to manage many of them individually, I've been
working on something kinda like this in my spare time.  The current model
is as follows:

- A build server for each class of servers.  They build updates for their
  clients nightly.

- "Client" servers (auto) nfs mount the portage tree and packages dir for
  their build server.  Each client runs some reports each night that are
  emailed to a common account.  The reports include the output from the
  following: emerge -NDu world, glsa-check -p affected, revdep-rebuild -p

- Some procmail filters/perl scripts take each of those emails and dump
  them into a database for web viewing.  Various other features are
  planned for the web end, like inventory information, diffs of these
  reports, etc.  Logwatch data is also split up by type and dumped in
  here.

- Another cron script sifts through the reports in the database from that
  day and compiles a summary report.

Originally there were only a few servers, so a few emails to check a day
was no biggie, but eventually I needed a way to summarize it.  I admit
this is isn't the most efficient way of getting that, but its been
evolving rather slowly.

Anyways, if anyone's interested I can post the procmailrc, scripts, and db
schema somewhere.

Here's an example of a security-check summary report.  Currently the output is
split up by server class via data from the database and is formatted to allow
copy and paste execution on all hosts via cssh.

gentoo-i686ws update list:
        You can perform the following command(s) to update the hosts with their updates:
        # cssh \
                rocket

        # emerge -1ka \
                =net-analyzer/wireshark-0.99.7


gentoo-ppcencoder update list:
        You can perform the following command(s) to update the hosts with their updates:
        # cssh \
                ppcencoder01 \
                ppcencoder02 \
                ppcencoder03 \
                ppcencoder04 \
                ppcencoder05 \
                ppcencoder06 \
                ppcencoder07 \
                ppcencoder08 \
                ppcencoder09 \
                ppcencoder10 \
                ppcencoder11

        # emerge -1ka \
                =app-admin/syslog-ng-2.0.6


gentoo-p4srv update list:
        You can perform the following command(s) to update the hosts with their updates:
        # cssh \
                mysql1 \
                mysql2 \
                gentest

        # emerge -1ka \
                =app-admin/syslog-ng-2.0.6

Brian

sysspoof <sysspoof@ng-lab.org>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello ML members,
>
> I am curious if there is any update system available for Gentoo Linux 
> server for corporate use.
> With update system I mean a full concept with dist host, perhaps a 
> webinterface where you can see all available server and what packages are 
> out of date, cron job for daily --sync and world update. It should also 
> contain a guide, shows how to configure the Gentoo server for those 
> updates. For example it should recommend settings like 
> FEATURES="protect-collisions" etc.
>
> Any input?
>
> Thank you,
>
> - --
> Patrick Grieshaber
> sysspoof@ng-lab.org
> http://ng-lab.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHgjjDPtCAYLeEIgwRAnCdAJ0XHmy7VFzf3aLVNl3QzBJ7hMgaiQCdH2FC
> IxcTc4B4rxblJywjDi+yquo=
> =dkJr
> -----END PGP SIGNATURE-----
>
> -- 
> gentoo-server@lists.gentoo.org mailing list
>

[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 2192 bytes --]

Re: [gentoo-server] I search a Gentoo Linux "update system"

[sysspoof]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Brian

Your work sounds interesting to me.
2 questions so far:
- - Is it also possible to "download" the portage tree and pre-compiled 
packages, perhaps with modified mirror url in make.conf? I use different 
networks for the servers, so sharing is not an option.
- - You wrote other features are planned, will you work them out?

Unfortunately I have no perl experience and I haven't got time to 
contribute with perl. But I would appreciate to see your work. Why not 
make it public? If I am possible to use your scripts I'd like to give 
you report and constructive input based on practical experience.

Pat

Brian Kroth wrote:
| I imagine you're looking for something along the lines of WSUS.  There are
| lots of ways to organize a set of (gentoo) servers, so I don't know if
| there's one common tool out there to accomplish this just yet.  However,
| since it can be a chore to manage many of them individually, I've been
| working on something kinda like this in my spare time.  The current model
| is as follows:
|
| - A build server for each class of servers.  They build updates for their
|   clients nightly.
|
| - "Client" servers (auto) nfs mount the portage tree and packages dir for
|   their build server.  Each client runs some reports each night that are
|   emailed to a common account.  The reports include the output from the
|   following: emerge -NDu world, glsa-check -p affected, revdep-rebuild -p
|
| - Some procmail filters/perl scripts take each of those emails and dump
|   them into a database for web viewing.  Various other features are
|   planned for the web end, like inventory information, diffs of these
|   reports, etc.  Logwatch data is also split up by type and dumped in
|   here.
|
| - Another cron script sifts through the reports in the database from that
|   day and compiles a summary report.
|
| Originally there were only a few servers, so a few emails to check a day
| was no biggie, but eventually I needed a way to summarize it.  I admit
| this is isn't the most efficient way of getting that, but its been
| evolving rather slowly.
|
| Anyways, if anyone's interested I can post the procmailrc, scripts, and db
| schema somewhere.
|
| Here's an example of a security-check summary report.  Currently the 
output is
| split up by server class via data from the database and is formatted 
to allow
| copy and paste execution on all hosts via cssh.
|
| gentoo-i686ws update list:
|         You can perform the following command(s) to update the hosts 
with their updates:
|         # cssh \
|                 rocket
|
|         # emerge -1ka \
|                 =net-analyzer/wireshark-0.99.7
|
|
| gentoo-ppcencoder update list:
|         You can perform the following command(s) to update the hosts 
with their updates:
|         # cssh \
|                 ppcencoder01 \
|                 ppcencoder02 \
|                 ppcencoder03 \
|                 ppcencoder04 \
|                 ppcencoder05 \
|                 ppcencoder06 \
|                 ppcencoder07 \
|                 ppcencoder08 \
|                 ppcencoder09 \
|                 ppcencoder10 \
|                 ppcencoder11
|
|         # emerge -1ka \
|                 =app-admin/syslog-ng-2.0.6
|
|
| gentoo-p4srv update list:
|         You can perform the following command(s) to update the hosts 
with their updates:
|         # cssh \
|                 mysql1 \
|                 mysql2 \
|                 gentest
|
|         # emerge -1ka \
|                 =app-admin/syslog-ng-2.0.6
|
| Brian
|
| sysspoof <sysspoof@ng-lab.org>:
| Hello ML members,
|
| I am curious if there is any update system available for Gentoo Linux
| server for corporate use.
| With update system I mean a full concept with dist host, perhaps a
| webinterface where you can see all available server and what packages are
| out of date, cron job for daily --sync and world update. It should also
| contain a guide, shows how to configure the Gentoo server for those
| updates. For example it should recommend settings like
| FEATURES="protect-collisions" etc.
|
| Any input?
|
| Thank you,
|
|>
- --
gentoo-server@lists.gentoo.org mailing list
|>

- --
Patrick Grieshaber
sysspoof@ng-lab.org
http://ng-lab.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHgp9FPtCAYLeEIgwRAsDTAJ91R4Ow77p6Bri6ptw4MTu6/Q0bWwCfWjAd
65UjzQBpHsIOCVDy7bKl1RI=
=uYMe
-----END PGP SIGNATURE-----

-- 
gentoo-server@lists.gentoo.org mailing list

Re: [gentoo-server] I search a Gentoo Linux "update system"

[Brian Kroth]

[-- Attachment #1: Type: text/plain, Size: 5956 bytes --]

Forgot to copy the list originally:

sysspoof <sysspoof@ng-lab.org>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Brian
>
> Your work sounds interesting to me.
> 2 questions so far:
> - - Is it also possible to "download" the portage tree and pre-compiled 
> packages, perhaps with modified mirror url in make.conf? I use different 
> networks for the servers, so sharing is not an option.

man make.conf, PORTAGE_BINHOST is what you want.  In the tar below there's
a script, emerge-binpkg, that makes downloading those packages a little
quicker than emerge -g, which tries to maintain a cache.

> - - You wrote other features are planned, will you work them out?

At some point, when I have time.  The database schema should show you what
I have planned.  Everything is just a name value pair for the post part.

> Unfortunately I have no perl experience and I haven't got time to 
> contribute with perl. But I would appreciate to see your work. Why not make 
> it public? If I am possible to use your scripts I'd like to give you report 
> and constructive input based on practical experience.

Well, this is my second or third perl project as well.  Don't learn unless
you try, right?  I think all the relevant scripts should be in there.
Probably need to emerge/cpan some perl modules.
                                                                                                                                                                                                    
https://mywebspace.wisc.edu/bpkroth/web/update-summary-scripts/update-summary-scripts.tar.bz2

Anyone else out there do something similar?

Brian

> Brian Kroth wrote:
> | I imagine you're looking for something along the lines of WSUS.  There 
> are
> | lots of ways to organize a set of (gentoo) servers, so I don't know if
> | there's one common tool out there to accomplish this just yet.  However,
> | since it can be a chore to manage many of them individually, I've been
> | working on something kinda like this in my spare time.  The current model
> | is as follows:
> |
> | - A build server for each class of servers.  They build updates for their
> |   clients nightly.
> |
> | - "Client" servers (auto) nfs mount the portage tree and packages dir for
> |   their build server.  Each client runs some reports each night that are
> |   emailed to a common account.  The reports include the output from the
> |   following: emerge -NDu world, glsa-check -p affected, revdep-rebuild -p
> |
> | - Some procmail filters/perl scripts take each of those emails and dump
> |   them into a database for web viewing.  Various other features are
> |   planned for the web end, like inventory information, diffs of these
> |   reports, etc.  Logwatch data is also split up by type and dumped in
> |   here.
> |
> | - Another cron script sifts through the reports in the database from that
> |   day and compiles a summary report.
> |
> | Originally there were only a few servers, so a few emails to check a day
> | was no biggie, but eventually I needed a way to summarize it.  I admit
> | this is isn't the most efficient way of getting that, but its been
> | evolving rather slowly.
> |
> | Anyways, if anyone's interested I can post the procmailrc, scripts, and 
> db
> | schema somewhere.
> |
> | Here's an example of a security-check summary report.  Currently the 
> output is
> | split up by server class via data from the database and is formatted to 
> allow
> | copy and paste execution on all hosts via cssh.
> |
> | gentoo-i686ws update list:
> |         You can perform the following command(s) to update the hosts with 
> their updates:
> |         # cssh \
> |                 rocket
> |
> |         # emerge -1ka \
> |                 =net-analyzer/wireshark-0.99.7
> |
> |
> | gentoo-ppcencoder update list:
> |         You can perform the following command(s) to update the hosts with 
> their updates:
> |         # cssh \
> |                 ppcencoder01 \
> |                 ppcencoder02 \
> |                 ppcencoder03 \
> |                 ppcencoder04 \
> |                 ppcencoder05 \
> |                 ppcencoder06 \
> |                 ppcencoder07 \
> |                 ppcencoder08 \
> |                 ppcencoder09 \
> |                 ppcencoder10 \
> |                 ppcencoder11
> |
> |         # emerge -1ka \
> |                 =app-admin/syslog-ng-2.0.6
> |
> |
> | gentoo-p4srv update list:
> |         You can perform the following command(s) to update the hosts with 
> their updates:
> |         # cssh \
> |                 mysql1 \
> |                 mysql2 \
> |                 gentest
> |
> |         # emerge -1ka \
> |                 =app-admin/syslog-ng-2.0.6
> |
> | Brian
> |
> | sysspoof <sysspoof@ng-lab.org>:
> | Hello ML members,
> |
> | I am curious if there is any update system available for Gentoo Linux
> | server for corporate use.
> | With update system I mean a full concept with dist host, perhaps a
> | webinterface where you can see all available server and what packages are
> | out of date, cron job for daily --sync and world update. It should also
> | contain a guide, shows how to configure the Gentoo server for those
> | updates. For example it should recommend settings like
> | FEATURES="protect-collisions" etc.
> |
> | Any input?
> |
> | Thank you,
> |
> |>
> - --
> gentoo-server@lists.gentoo.org mailing list
> |>
>
> - --
> Patrick Grieshaber
> sysspoof@ng-lab.org
> http://ng-lab.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHgp9FPtCAYLeEIgwRAsDTAJ91R4Ow77p6Bri6ptw4MTu6/Q0bWwCfWjAd
> 65UjzQBpHsIOCVDy7bKl1RI=
> =uYMe
> -----END PGP SIGNATURE-----
>
> -- 
> gentoo-server@lists.gentoo.org mailing list
>

[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 2192 bytes --]

Re: [gentoo-server] I search a Gentoo Linux "update system"

[Konstantin V. Gavrilenko]

I have a similar setup to you, with binary updates for the class.

owever, the script for generating the update commands ios slightly more
complicated than just simple glsa-check -p affected.

I've posted it several month ago on oneof the gentoo lists.

kos


#!/bin/bash
tmp="/tmp/`cat /proc/sys/kernel/random/uuid`"
update="/root/run-to-update.sh"
glsa="/usr/portage/metadata/glsa"

if [ -f $tmp ] ; then
 rm -f $tmp
fi

if [ -f $update ] ; then
 rm -f $update
fi

emerge --sync >/dev/null 2>&1
glsa-check -n --list affected 2> /dev/null > $tmp

arr=(`cat $tmp | awk '{print $1}'`)
BUGCOUNT=${#arr[@]}

if [ $BUGCOUNT -gt "0" ] ; then

echo -e '#!/bin/bash' > $update
echo -ne '#relevant as for ' >> $update
echo `date +%D` >> $update

 n=0
 while (($n < $BUGCOUNT)); do

echo "/usr/bin/glsa-check -f" ${arr[$n]} >> $update
cat $glsa/glsa-${arr[$n]}.xml | grep "# emerge"  | grep -v "emerge
--sync" | \
  sed 's/\&quot\;/\"/g' | sed 's/\&gt\;/\>/g' | sed 's/<\/code>//g' >>
$update
echo  >> $update
  let n+=1
 done

echo -e "\nRun $update to update the system" >> $tmp
 cat $tmp | /bin/mail -s GLSA_UNAPPLIED YOUR@EMAIL.com
 rm -rf $tmp
fi





-------- Original Message --------
Subject: Re: [gentoo-server] I search a Gentoo Linux "update system"
From: Brian Kroth <bpkroth@wisc.edu>
To: sysspoof <sysspoof@ng-lab.org>
CC: gentoo-server@lists.gentoo.org
Date: Mon Jan 07 2008 22:58:36 GMT+0000 (BST)

> Forgot to copy the list originally:
> 
> sysspoof <sysspoof@ng-lab.org>:
> Hi Brian
> 
> Your work sounds interesting to me.
> 2 questions so far:
> - Is it also possible to "download" the portage tree and pre-compiled 
> packages, perhaps with modified mirror url in make.conf? I use different 
> networks for the servers, so sharing is not an option.
> 
>> man make.conf, PORTAGE_BINHOST is what you want.  In the tar below there's
>> a script, emerge-binpkg, that makes downloading those packages a little
>> quicker than emerge -g, which tries to maintain a cache.
> 
> - You wrote other features are planned, will you work them out?
> 
>> At some point, when I have time.  The database schema should show you what
>> I have planned.  Everything is just a name value pair for the post part.
> 
> Unfortunately I have no perl experience and I haven't got time to 
> contribute with perl. But I would appreciate to see your work. Why not make 
> it public? If I am possible to use your scripts I'd like to give you report 
> and constructive input based on practical experience.
> 
>> Well, this is my second or third perl project as well.  Don't learn unless
>> you try, right?  I think all the relevant scripts should be in there.
>> Probably need to emerge/cpan some perl modules.
> 
>> https://mywebspace.wisc.edu/bpkroth/web/update-summary-scripts/update-summary-scripts.tar.bz2
> 
>> Anyone else out there do something similar?
> 
>> Brian
> 
> Brian Kroth wrote:
> | I imagine you're looking for something along the lines of WSUS.  There 
> are
> | lots of ways to organize a set of (gentoo) servers, so I don't know if
> | there's one common tool out there to accomplish this just yet.  However,
> | since it can be a chore to manage many of them individually, I've been
> | working on something kinda like this in my spare time.  The current model
> | is as follows:
> |
> | - A build server for each class of servers.  They build updates for their
> |   clients nightly.
> |
> | - "Client" servers (auto) nfs mount the portage tree and packages dir for
> |   their build server.  Each client runs some reports each night that are
> |   emailed to a common account.  The reports include the output from the
> |   following: emerge -NDu world, glsa-check -p affected, revdep-rebuild -p
> |
> | - Some procmail filters/perl scripts take each of those emails and dump
> |   them into a database for web viewing.  Various other features are
> |   planned for the web end, like inventory information, diffs of these
> |   reports, etc.  Logwatch data is also split up by type and dumped in
> |   here.
> |
> | - Another cron script sifts through the reports in the database from that
> |   day and compiles a summary report.
> |
> | Originally there were only a few servers, so a few emails to check a day
> | was no biggie, but eventually I needed a way to summarize it.  I admit
> | this is isn't the most efficient way of getting that, but its been
> | evolving rather slowly.
> |
> | Anyways, if anyone's interested I can post the procmailrc, scripts, and 
> db
> | schema somewhere.
> |
> | Here's an example of a security-check summary report.  Currently the 
> output is
> | split up by server class via data from the database and is formatted to 
> allow
> | copy and paste execution on all hosts via cssh.
> |
> | gentoo-i686ws update list:
> |         You can perform the following command(s) to update the hosts with 
> their updates:
> |         # cssh \
> |                 rocket
> |
> |         # emerge -1ka \
> |                 =net-analyzer/wireshark-0.99.7
> |
> |
> | gentoo-ppcencoder update list:
> |         You can perform the following command(s) to update the hosts with 
> their updates:
> |         # cssh \
> |                 ppcencoder01 \
> |                 ppcencoder02 \
> |                 ppcencoder03 \
> |                 ppcencoder04 \
> |                 ppcencoder05 \
> |                 ppcencoder06 \
> |                 ppcencoder07 \
> |                 ppcencoder08 \
> |                 ppcencoder09 \
> |                 ppcencoder10 \
> |                 ppcencoder11
> |
> |         # emerge -1ka \
> |                 =app-admin/syslog-ng-2.0.6
> |
> |
> | gentoo-p4srv update list:
> |         You can perform the following command(s) to update the hosts with 
> their updates:
> |         # cssh \
> |                 mysql1 \
> |                 mysql2 \
> |                 gentest
> |
> |         # emerge -1ka \
> |                 =app-admin/syslog-ng-2.0.6
> |
> | Brian
> |
> | sysspoof <sysspoof@ng-lab.org>:
> | Hello ML members,
> |
> | I am curious if there is any update system available for Gentoo Linux
> | server for corporate use.
> | With update system I mean a full concept with dist host, perhaps a
> | webinterface where you can see all available server and what packages are
> | out of date, cron job for daily --sync and world update. It should also
> | contain a guide, shows how to configure the Gentoo server for those
> | updates. For example it should recommend settings like
> | FEATURES="protect-collisions" etc.
> |
> | Any input?
> |
> | Thank you,
> |
> |>
>>
-- 
gentoo-server@lists.gentoo.org mailing list
>>
-- 
gentoo-server@lists.gentoo.org mailing list