Re: Mass update deployment strategy
On Tue, 2006-11-28 at 00:38 +0200, Mikko Rapeli wrote: > On Mon, Nov 27, 2006 at 03:52:40PM -0500, Morgan Walker wrote: > > There is also a package called cron-apt which will automatically update > > your debian machines and send you an email regarding what it updated. > > And upgraded, if you really trust your package sources: > > $ cat /etc/cron-apt/action.d/9-dist-upgrade > dist-upgrade -y -V -u -o Dpkg::Options::=--force-confold > > -Mikko > > Maybe this is not as fine-grained as you want it to be.. for instance, suppose only one file changes for the given machine. Is it really necessary to update the package? Is it certain that the service, that needs the file for e.g. its configuration, will be restarted? Also, you have no monitoring tools about the current state of your machine(s). What if developers/administrators change files on the servers but forget to update the packages relating to it. These changes will be lost without anyone knowing it (or knowing it too late). I use Puppet for a configuration propagation tool. It has no stable release yet, but imho vs. cfengine, it has a smoother language (more uniform), and gives more abstraction to the system. Also the language itself is easier to use, and therefore more easier to generate by using scripts. - Koen Vereeken -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mass update deployment strategy
On Mon, Nov 27, 2006 at 03:52:40PM -0500, Morgan Walker wrote: > There is also a package called cron-apt which will automatically update > your debian machines and send you an email regarding what it updated. And upgraded, if you really trust your package sources: $ cat /etc/cron-apt/action.d/9-dist-upgrade dist-upgrade -y -V -u -o Dpkg::Options::=--force-confold -Mikko -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: texinfo update?
Noah Meyerhans schrieb: On Sun, Nov 26, 2006 at 12:47:55AM +0100, Alexander Klauer wrote: there has been a texinfo update for sarge available from security.debian.org for a few days now. The changelog in the source package says something about arbitrary code execution. The GPG signature by Noah Meyerhans is good, as are the MD5 sums. Yet, I cannot find any accompanying advisory on this mailing list or on http://www.debian.org/security/. Why? There's a revision of the security update on its way that fixes another vulnerability that I discovered when preparing the DSA text for 2.2sarge1. Technical issues within the buildd network (an overloaded arm build machine and a failed MIPSel build machine) have delayed this. I hope to release -2.2sarge2 within the next 24 hours, along with a DSA. Aha, then I just need to be a bit more patient next time ;) Thank you! Best regards, Alexander -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mass update deployment strategy
On Mon, Nov 27, 2006 at 08:37:42PM +0100, mario wrote: > i am responsible for 10 (ubuntu and debian) installations so far. > I have installed apticron which informs me about updates frequently. > Actually, its that often that i sometimes need to invest 1h a day just > doing updates. Given the choice I'd much prefer identical distributions, even with a little pain. Since things differ between Ubuntu & Debian (and Redhat/SuSE/etc). Having two or more security update schedules and two lots of testing is more painful. > Do you have a strategy or anything to automate this task a little more? cfengine. I'm interested in puppet, but it wasn't (isn't yet?) stable at the time I started automation on a decent sized farm. Steve -- Debian GNU/Linux System Administration http://www.debian-administration.org/ signature.asc Description: Digital signature
RE: Mass update deployment strategy
There is also a package called cron-apt which will automatically update your debian machines and send you an email regarding what it updated. ~Morgan -Original Message- From: George Georgalis [mailto:[EMAIL PROTECTED] Sent: Monday, November 27, 2006 3:37 PM To: debian-security@lists.debian.org Subject: Re: Mass update deployment strategy On Mon, Nov 27, 2006 at 08:37:42PM +0100, mario wrote: >Hello List, > >i am responsible for 10 (ubuntu and debian) installations so far. >I have installed apticron which informs me about updates frequently. >Actually, its that often that i sometimes need to invest 1h a day just >doing updates. > >Do you have a strategy or anything to automate this task a little more? >The server farm is growing and i might have to look after 20 or 30 >installations soon. I can already see myself updating ubuntu/debian >installations all day long :(. > >My installations are most of the time small firewalls and samba servers. > >Any comments or field reports about this? on your master computer you could run a script somthing like this... #!/bin/sh set -e set -x ENV="set -e && export TERM=$TERM && . /etc/profile" UPD="echo && hostname && Updating Package Lists... && apt-get -qq update || true" UPG="apt-get upgrade --show-upgraded" UPC="apt-get clean" for n in host1 host2 hostz; do ssh [EMAIL PROTECTED] "$ENV && $UPD ; $UPG && $UPC" done don't forget to have ssh-agent working beforehand. // George -- George Georgalis, systems architect, administrator < -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mass update deployment strategy
On Mon, Nov 27, 2006 at 08:37:42PM +0100, mario wrote: >Hello List, > >i am responsible for 10 (ubuntu and debian) installations so far. >I have installed apticron which informs me about updates frequently. >Actually, its that often that i sometimes need to invest 1h a day just >doing updates. > >Do you have a strategy or anything to automate this task a little more? >The server farm is growing and i might have to look after 20 or 30 >installations soon. I can already see myself updating ubuntu/debian >installations all day long :(. > >My installations are most of the time small firewalls and samba servers. > >Any comments or field reports about this? on your master computer you could run a script somthing like this... #!/bin/sh set -e set -x ENV="set -e && export TERM=$TERM && . /etc/profile" UPD="echo && hostname && Updating Package Lists... && apt-get -qq update || true" UPG="apt-get upgrade --show-upgraded" UPC="apt-get clean" for n in host1 host2 hostz; do ssh [EMAIL PROTECTED] "$ENV && $UPD ; $UPG && $UPC" done don't forget to have ssh-agent working beforehand. // George -- George Georgalis, systems architect, administrator < -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Fwd: Mass update deployment strategy
-- Forwarded message -- From: Manuel García <[EMAIL PROTECTED]> Date: Nov 27, 2006 3:46 PM Subject: Re: Mass update deployment strategy To: mario <[EMAIL PROTECTED]> Well, if every machine have the same hardware you may use systemimager to do the upgrade, read about systemimager in [1] [1] http://www.systemimager.org/documentation/ On 11/27/06, mario <[EMAIL PROTECTED]> wrote: Hello List, i am responsible for 10 (ubuntu and debian) installations so far. I have installed apticron which informs me about updates frequently. Actually, its that often that i sometimes need to invest 1h a day just doing updates. Do you have a strategy or anything to automate this task a little more? The server farm is growing and i might have to look after 20 or 30 installations soon. I can already see myself updating ubuntu/debian installations all day long :(. My installations are most of the time small firewalls and samba servers. Any comments or field reports about this? Thanks, Mario -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Manuel Garcia. Jefe de Informática CASEP. Administrador de redes Consultor independiente Debian GNU/Linux Testing codename "Etch" -- Manuel Garcia. Jefe de Informática CASEP. Administrador de redes Consultor independiente Debian GNU/Linux Testing codename "Etch"
Mass update deployment strategy
Hello List, i am responsible for 10 (ubuntu and debian) installations so far. I have installed apticron which informs me about updates frequently. Actually, its that often that i sometimes need to invest 1h a day just doing updates. Do you have a strategy or anything to automate this task a little more? The server farm is growing and i might have to look after 20 or 30 installations soon. I can already see myself updating ubuntu/debian installations all day long :(. My installations are most of the time small firewalls and samba servers. Any comments or field reports about this? Thanks, Mario -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Fabien Trauchessec est absent(e).
Hi Fabien, On Mon Nov 27, 2006 at 10:31:59 -0500, [EMAIL PROTECTED] wrote: > My auto-reply software sends severals messages to the debian-security > mailing-list. > Now my address is on google and I began to recieve some spam. The Debian-Listarchives-Policy is to NOT remove or alter any postings if they are published. Even if we would, it wouldn't help, as our lists are archived elsewhere, so once an email has been accepted it is out in the wild with its entire content and addresses and theres no way to get it back. Please see http://www.debian.org/MailingLists/#disclaimer and http://www.debian.org/MailingLists/disclaimer Greetings Martin, with his listmaster's hat on -- [EMAIL PROTECTED] /root]# man real-life No manual entry for real-life -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Fabien Trauchessec est absent(e).
Hi, On Mon, 27 Nov 2006 10:31:59 -0500 [EMAIL PROTECTED] wrote: > I made the mistake to forget to unsubscribe when I was on holiday. > > My auto-reply software sends severals messages to the debian-security > mailing-list. Now my address is on google and I began to recieve some > spam. Blame your auto-reply for not detecting list-mails correctly ;-) > Could you remove messages with the header such as below, so when > google or any other search engine or any spammer address scanning > tool will run on web version of the mailling-list next time, there > will be no absent message from me. As I know listmasters do not remove any mails from the archive. But you could try to email them directly under [EMAIL PROTECTED] > To: debian-security@lists.debian.org > Subject: Fabien Trauchessec est absent(e). > From: [EMAIL PROTECTED] Huh, with this mail, which will be in the archive too, you just gave the spam-robots more food about your mailbox ;-) Regards, Evgeni PS: > Ce message est confidentiel, et est réservé à l'usage exclusif du > destinataire. Toute autre personne est par les présentes avisée qu’il > lui est strictement interdit de diffuser, distribuer ou reproduire ce > message. Si vous avez reçu cette communication par erreur, veuillez > la détruire immédiatement et en aviser l’expéditeur. This message is > confidential, may be privileged and is intended for the exclusive use > of the addressee. Any other person is strictly prohibited from > disclosing, distributing or reproducing this message. If you have > received this communication in error, please delete it and notify > immediately the sender. I don't really speak French, others here maybe too. But please either mark such "rubish" as signature or disable it. Nobody cares about the "l'usage exclusif du destinataire" on mailing-lists. -- ^^^| Evgeni -SargentD- Golov ([EMAIL PROTECTED]) d(O_o)b | PGP-Key-ID: 0xAC15B50C >-|-< | WWW: http://www.die-welt.net ICQ: 54116744 / \| IRC: #sod @ irc.german-freakz.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Fabien Trauchessec est absent(e).
Hello, I made the mistake to forget to unsubscribe when I was on holiday. My auto-reply software sends severals messages to the debian-security mailing-list. Now my address is on google and I began to recieve some spam. Could you remove messages with the header such as below, so when google or any other search engine or any spammer address scanning tool will run on web version of the mailling-list next time, there will be no absent message from me. To: debian-security@lists.debian.org Subject: Fabien Trauchessec est absent(e). From: [EMAIL PROTECTED] Thanks Next time, I'll take care of it, be sure ! Sincerely, Fabien Trauchessec Direction Exécutive Risques Opérationnels et Conformité Réglementaire Mouvement des Caisses Desjardins 1, Complexe Desjardins, C.P. 7 , Succursale Desjardins, Montréal (Québec), H5B 1B2 (514) 281-7000 poste 4872 Fax: (514) 281-9206 Courriel: [EMAIL PROTECTED] Ce message est confidentiel, et est réservé à l'usage exclusif du destinataire. Toute autre personne est par les présentes avisée qu’il lui est strictement interdit de diffuser, distribuer ou reproduire ce message. Si vous avez reçu cette communication par erreur, veuillez la détruire immédiatement et en aviser l’expéditeur. This message is confidential, may be privileged and is intended for the exclusive use of the addressee. Any other person is strictly prohibited from disclosing, distributing or reproducing this message. If you have received this communication in error, please delete it and notify immediately the sender.