Updating SL Roll
The ROCKS roll agl-update-sl58 contains the current set of security updates for the base OS (SL58) used in the ROCKS builds. The rolls mechanism allows relative easy updates of these rpms, mainly because the security update rpms are not intermixed with rpms added to the ROCKS setup to supply additional features. The process of updating the ROCKS build provides control over when security updates are applied to the configuration. Generally, security updates are meant to not change function, but testing and reviewing the deployment is beneficial of course.
The upstream repo can accumulate multiple versions of an rpm package if the package gets multiple updates over time. In the ROCKS roll, we wish to have just the latest version, so older versions in the yum repo are dropped from the roll.
Recipe Using Local Mirror
Have a copy of the SL58 yum repo on msut3-rx.msulocal. This recipe will use filesystem access to that repo. Note that there is an automatically regenerated (during roll build) file "roll-agl-update-sl58-usersguide*rpm" this is not checked into SVN, we can delete it without issue here.
First update the local repo mirror, run the "do-mirror.sh" script to performance an rsync from the servers are FNAL.
cd /var/www/html/mirror/scientific
sh do-mirror.sh
Want the yum-utils package, it isn't in the ROCKS repo (not on SL58 disk 1?), anyways can fetch from the SL repo:
yum localinstall /var/www/html/mirror/scientific/58/x86_64/SL/yum-utils-1.1.16-21.el5.noarch.rpm
Here is a helper script, "generate-rpm-list.sh":
#!/bin/bash
# this uses rpmquery, part of yum-utils rpm
# local copy of the repo
SRC_REPO=/var/www/html/mirror/scientific/58/x86_64/updates/security/
# disable all defined repos, point to "slsec" at specified location,
# print in format that matches rpm filenames
repoquery --disablerepo='*' --enablerepo=slsec --all --qf="%{name}-%{version}-%{release}.%{arch}.rpm" --repofrompath=slsec,$SRC_REPO | grep '\.rpm' | sort
Now, we want to do a regular (not via SVN) delete of all the existing RPMS, then copy in all the current RPMS. This will leave the carryover RPMS ok in SVN, deleted (replaced by updated version) ones will be shown as missing (with '!') and new versions will be shown as unknown (with '?'). We'll svn add * and then svn remove the missing ones. Then we're done.
# cd /export/rocks/svn-trunk/rolls-src/agl-update-sl58
# /bin/rm RPMS/x86_64/*rpm
# export SRC_REPO=/var/www/html/mirror/scientific/58/x86_64/updates/security
# sh generate-rpm-list.sh | xargs -I QQQ cp ${SRC_REPO}/QQQ RPMS/x86_64
# svn add RPMS/x86_64/*
# svn status RPMS/x86_64 | grep '!' | awk '{print $2}' | xargs -I QQQ svn remove QQQ
These make sense?
# ls RPMS/x86_64/*rpm | wc
# svn status RPMS/x86_64 | grep '^A' | wc
# svn status RPMS/x86_64 | grep '^D' | wc
Bump the version in version.mk and commit to SVN and rebuild and install roll.
A test of the updates can be done by rebuilding (and also) updating an existing worker node from the ROCKS FE and then checking that there are no available updates against the normal SL security repo.
--
TomRockwell - 31 Oct 2012