From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JCJLO-0005n9-QH for garchives@archives.gentoo.org; Tue, 08 Jan 2008 18:38:35 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E867CE0C03; Tue, 8 Jan 2008 18:36:39 +0000 (UTC) Received: from webmail.arhont.com (arhont4.eclipse.co.uk [82.153.204.4]) by pigeon.gentoo.org (Postfix) with ESMTP id E5874E0C03 for ; Tue, 8 Jan 2008 18:36:38 +0000 (UTC) Received: from dyno.core.arhont.com ([192.168.77.6]) by webmail.arhont.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1JCJJV-0005Fb-IB for gentoo-server@lists.gentoo.org; Tue, 08 Jan 2008 18:36:37 +0000 Message-ID: <4783C2B0.50703@arhont.com> Date: Tue, 08 Jan 2008 18:36:32 +0000 From: "Konstantin V. Gavrilenko" Organization: Arhont Ltd - Information Security User-Agent: Thunderbird 2.0.0.9 (X11/20080104) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org MIME-Version: 1.0 To: gentoo-server@lists.gentoo.org Subject: Re: [gentoo-server] I search a Gentoo Linux "update system" References: <478238C3.1010201@ng-lab.org> <20080107150442.GA4924@bpkroth-tux.hslc.wisc.edu> <47829F45.9030208@ng-lab.org> <20080107225836.GA13233@omnius.wisc.edu> In-Reply-To: <20080107225836.GA13233@omnius.wisc.edu> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: 67d688a2-5a01-454c-b71e-da925e92c5c7 X-Archives-Hash: 19798655881f6bda7fa4c3bca5f2dc24 I have a similar setup to you, with binary updates for the class. owever, the script for generating the update commands ios slightly more complicated than just simple glsa-check -p affected. I've posted it several month ago on oneof the gentoo lists. kos #!/bin/bash tmp="/tmp/`cat /proc/sys/kernel/random/uuid`" update="/root/run-to-update.sh" glsa="/usr/portage/metadata/glsa" if [ -f $tmp ] ; then rm -f $tmp fi if [ -f $update ] ; then rm -f $update fi emerge --sync >/dev/null 2>&1 glsa-check -n --list affected 2> /dev/null > $tmp arr=(`cat $tmp | awk '{print $1}'`) BUGCOUNT=${#arr[@]} if [ $BUGCOUNT -gt "0" ] ; then echo -e '#!/bin/bash' > $update echo -ne '#relevant as for ' >> $update echo `date +%D` >> $update n=0 while (($n < $BUGCOUNT)); do echo "/usr/bin/glsa-check -f" ${arr[$n]} >> $update cat $glsa/glsa-${arr[$n]}.xml | grep "# emerge" | grep -v "emerge --sync" | \ sed 's/\"\;/\"/g' | sed 's/\>\;/\>/g' | sed 's/<\/code>//g' >> $update echo >> $update let n+=1 done echo -e "\nRun $update to update the system" >> $tmp cat $tmp | /bin/mail -s GLSA_UNAPPLIED YOUR@EMAIL.com rm -rf $tmp fi -------- Original Message -------- Subject: Re: [gentoo-server] I search a Gentoo Linux "update system" From: Brian Kroth To: sysspoof CC: gentoo-server@lists.gentoo.org Date: Mon Jan 07 2008 22:58:36 GMT+0000 (BST) > Forgot to copy the list originally: > > sysspoof : > Hi Brian > > Your work sounds interesting to me. > 2 questions so far: > - Is it also possible to "download" the portage tree and pre-compiled > packages, perhaps with modified mirror url in make.conf? I use different > networks for the servers, so sharing is not an option. > >> man make.conf, PORTAGE_BINHOST is what you want. In the tar below there's >> a script, emerge-binpkg, that makes downloading those packages a little >> quicker than emerge -g, which tries to maintain a cache. > > - You wrote other features are planned, will you work them out? > >> At some point, when I have time. The database schema should show you what >> I have planned. Everything is just a name value pair for the post part. > > Unfortunately I have no perl experience and I haven't got time to > contribute with perl. But I would appreciate to see your work. Why not make > it public? If I am possible to use your scripts I'd like to give you report > and constructive input based on practical experience. > >> Well, this is my second or third perl project as well. Don't learn unless >> you try, right? I think all the relevant scripts should be in there. >> Probably need to emerge/cpan some perl modules. > >> https://mywebspace.wisc.edu/bpkroth/web/update-summary-scripts/update-summary-scripts.tar.bz2 > >> Anyone else out there do something similar? > >> Brian > > Brian Kroth wrote: > | I imagine you're looking for something along the lines of WSUS. There > are > | lots of ways to organize a set of (gentoo) servers, so I don't know if > | there's one common tool out there to accomplish this just yet. However, > | since it can be a chore to manage many of them individually, I've been > | working on something kinda like this in my spare time. The current model > | is as follows: > | > | - A build server for each class of servers. They build updates for their > | clients nightly. > | > | - "Client" servers (auto) nfs mount the portage tree and packages dir for > | their build server. Each client runs some reports each night that are > | emailed to a common account. The reports include the output from the > | following: emerge -NDu world, glsa-check -p affected, revdep-rebuild -p > | > | - Some procmail filters/perl scripts take each of those emails and dump > | them into a database for web viewing. Various other features are > | planned for the web end, like inventory information, diffs of these > | reports, etc. Logwatch data is also split up by type and dumped in > | here. > | > | - Another cron script sifts through the reports in the database from that > | day and compiles a summary report. > | > | Originally there were only a few servers, so a few emails to check a day > | was no biggie, but eventually I needed a way to summarize it. I admit > | this is isn't the most efficient way of getting that, but its been > | evolving rather slowly. > | > | Anyways, if anyone's interested I can post the procmailrc, scripts, and > db > | schema somewhere. > | > | Here's an example of a security-check summary report. Currently the > output is > | split up by server class via data from the database and is formatted to > allow > | copy and paste execution on all hosts via cssh. > | > | gentoo-i686ws update list: > | You can perform the following command(s) to update the hosts with > their updates: > | # cssh \ > | rocket > | > | # emerge -1ka \ > | =net-analyzer/wireshark-0.99.7 > | > | > | gentoo-ppcencoder update list: > | You can perform the following command(s) to update the hosts with > their updates: > | # cssh \ > | ppcencoder01 \ > | ppcencoder02 \ > | ppcencoder03 \ > | ppcencoder04 \ > | ppcencoder05 \ > | ppcencoder06 \ > | ppcencoder07 \ > | ppcencoder08 \ > | ppcencoder09 \ > | ppcencoder10 \ > | ppcencoder11 > | > | # emerge -1ka \ > | =app-admin/syslog-ng-2.0.6 > | > | > | gentoo-p4srv update list: > | You can perform the following command(s) to update the hosts with > their updates: > | # cssh \ > | mysql1 \ > | mysql2 \ > | gentest > | > | # emerge -1ka \ > | =app-admin/syslog-ng-2.0.6 > | > | Brian > | > | sysspoof : > | Hello ML members, > | > | I am curious if there is any update system available for Gentoo Linux > | server for corporate use. > | With update system I mean a full concept with dist host, perhaps a > | webinterface where you can see all available server and what packages are > | out of date, cron job for daily --sync and world update. It should also > | contain a guide, shows how to configure the Gentoo server for those > | updates. For example it should recommend settings like > | FEATURES="protect-collisions" etc. > | > | Any input? > | > | Thank you, > | > |> >> -- gentoo-server@lists.gentoo.org mailing list >> -- gentoo-server@lists.gentoo.org mailing list