Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Centralized update management (WSUS-like) for Debian-based systems?
2,975 views
Skip to first unread message
Philipp Born
Oct 28, 2013, 8:00:03 AM10/28/13
to
Hi,
we're looking for something a bit WSUS-like for Debian (and Ubuntu) to
roll out updates etc on our Debian- and Ubuntu-based infrastructure.
We've already tried Landscape (the licensing fees are not economically
for us) and Spacewalk (which would be perfect, if it would correctly
recognize all packages..)
What we definitely need is
- webinterface
- should do its own update lookups
- should tell all and/selected clients to install/update all/selected
packages
- communication needs to be client-initiated (internal routing won't
allow anything else)
- Permissions (limit certain users to certain systems, user xy can see
updates but not start a rollout)
- logging (very important, every action done needs to be logged somewhere)
Also LDAP-Authentification would be a nice-to-have.
Would be great if it would be an (active) open source project.
Maybe you know something usable that would fit somehow these requirements?
Thanks for your help!
Greetings from Germany
- Philipp
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/526E4FF...@tamcore.eu
we're looking for something a bit WSUS-like for Debian (and Ubuntu) to
roll out updates etc on our Debian- and Ubuntu-based infrastructure.
We've already tried Landscape (the licensing fees are not economically
for us) and Spacewalk (which would be perfect, if it would correctly
recognize all packages..)
What we definitely need is
- webinterface
- should do its own update lookups
- should tell all and/selected clients to install/update all/selected
packages
- communication needs to be client-initiated (internal routing won't
allow anything else)
- Permissions (limit certain users to certain systems, user xy can see
updates but not start a rollout)
- logging (very important, every action done needs to be logged somewhere)
Also LDAP-Authentification would be a nice-to-have.
Would be great if it would be an (active) open source project.
Maybe you know something usable that would fit somehow these requirements?
Thanks for your help!
Greetings from Germany
- Philipp
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/526E4FF...@tamcore.eu
Colin
Oct 29, 2013, 6:30:02 AM10/29/13
to
Did Landscape support Debian ?
And apart from the cost, what issues did you encounter with it ? It seems by your requirements are very specific and that you will need to invest your time or someone else's but I doubt you can do it without some sort of compensation...
And apart from the cost, what issues did you encounter with it ? It seems by your requirements are very specific and that you will need to invest your time or someone else's but I doubt you can do it without some sort of compensation...
Cheers
Philipp Born
Oct 29, 2013, 9:40:03 AM10/29/13
to
problem we have/had with Landscape are the licensing fees. Boss said no
and thats what I accept.
The requirements I listed are already minimized to the must-haves. Our
internal list is a bit longer :D
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Colin
Oct 29, 2013, 10:50:02 AM10/29/13
to
Right...Would love to know if anyone has done too :-)
On Tue, Oct 29, 2013 at 1:33 PM, Philipp Born <phi...@tamcore.eu> wrote:
On 29.10.2013 11:29, Colin wrote:
Did Landscape support Debian ?
And apart from the cost, what issues did you encounter with it ? It
seems by your requirements are very specific and that you will need to
invest your time or someone else's but I doubt you can do it without
some sort of compensation...
Cheers
If you get it to work, it works. But not officially supported. The only problem we have/had with Landscape are the licensing fees. Boss said no and thats what I accept.The requirements I listed are already minimized to the must-haves. Our internal list is a bit longer :D
Archive: http://lists.debian.org/526FB913...@tamcore.eu
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Juan Sierra Pons
Oct 29, 2013, 12:00:02 PM10/29/13
to
2013/10/28 Philipp Born <phi...@tamcore.eu>:
Hi
With time and work you can fill more or less all your request using:
puppet+git+apticron+nagios/icinga+etc.
> - webinterface
Puppet Dashboard + Puppetdb + gitweb
> Would be great if it would be an (active) open source project.
It is available an open source version [1]
[1]http://puppetlabs.com/puppet/puppet-open-source
Best regards
--------------------------------------------------------------------------------------
Juan Sierra Pons ju...@elsotanillo.net
Linux User Registered: #257202 http://www.elsotanillo.net
GPG key = 0xA110F4FE
Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE
--------------------------------------------------------------------------------------
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/CABS=y9sLAJqi2+6YpUAa8D4NXer...@mail.gmail.com
With time and work you can fill more or less all your request using:
puppet+git+apticron+nagios/icinga+etc.
> - webinterface
Puppet Dashboard + Puppetdb + gitweb
> - should do its own update lookups
Puppet + apticron or puppet + nagios/icinga check-apt
> - should tell all and/selected clients to install/update all/selected
> packages
Puppet + apticron or puppet + nagios/icinga check-apt
> packages
> - communication needs to be client-initiated (internal routing won't allow
> anything else)
Puppet client starts the communication
> anything else)
> - Permissions (limit certain users to certain systems, user xy can see
> updates but not start a rollout)
Can be achieve using gitolite or other git crontrol system (not tested)
> updates but not start a rollout)
> - logging (very important, every action done needs to be logged somewhere)
All is looged on the puppetmaster logs and reports
> Also LDAP-Authentification would be a nice-to-have.
Puppet dashboard support apache/ldap authentication
> Would be great if it would be an (active) open source project.
[1]http://puppetlabs.com/puppet/puppet-open-source
Best regards
--------------------------------------------------------------------------------------
Juan Sierra Pons ju...@elsotanillo.net
Linux User Registered: #257202 http://www.elsotanillo.net
GPG key = 0xA110F4FE
Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE
--------------------------------------------------------------------------------------
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Rob Owens
Oct 29, 2013, 6:40:02 PM10/29/13
to
On Mon, Oct 28, 2013 at 12:52:30PM +0100, Philipp Born wrote:
> Hi,
>
> we're looking for something a bit WSUS-like for Debian (and Ubuntu)
> to roll out updates etc on our Debian- and Ubuntu-based
> infrastructure. We've already tried Landscape (the licensing fees
> are not economically for us) and Spacewalk (which would be perfect,
> if it would correctly recognize all packages..)
>
> What we definitely need is
> - webinterface
> - should do its own update lookups
> - should tell all and/selected clients to install/update
> all/selected packages
> - communication needs to be client-initiated (internal routing won't
> allow anything else)
> - Permissions (limit certain users to certain systems, user xy can
> see updates but not start a rollout)
> - logging (very important, every action done needs to be logged somewhere)
>
> Also LDAP-Authentification would be a nice-to-have.
>
> Would be great if it would be an (active) open source project.
>
> Maybe you know something usable that would fit somehow these requirements?
>
What if you created your own repository with only approved packages?
> Hi,
>
> we're looking for something a bit WSUS-like for Debian (and Ubuntu)
> to roll out updates etc on our Debian- and Ubuntu-based
> infrastructure. We've already tried Landscape (the licensing fees
> are not economically for us) and Spacewalk (which would be perfect,
> if it would correctly recognize all packages..)
>
> What we definitely need is
> - webinterface
> - should do its own update lookups
> - should tell all and/selected clients to install/update
> all/selected packages
> - communication needs to be client-initiated (internal routing won't
> allow anything else)
> - Permissions (limit certain users to certain systems, user xy can
> see updates but not start a rollout)
> - logging (very important, every action done needs to be logged somewhere)
>
> Also LDAP-Authentification would be a nice-to-have.
>
> Would be great if it would be an (active) open source project.
>
> Maybe you know something usable that would fit somehow these requirements?
>
Then you could configure all your machines to update based on that
repository only.
To avoid replicating the entire debian repository, maybe you could
duplicate only the security and updates repos, and let the machines have
access to repositories like this:
deb http://ftp.us.debian.org/debian/ wheezy main #should be pretty much static
deb http://localsecurityrepo/ wheezy main
deb http://localupdatesrepo/ wheezy main
I realize this doesn't address a lot of the needs you listed, but maybe
the answer is to just set your machines to automatically update every
night, and they'll get whatever updates you have put into your local
repository.
-Rob
Wawrzek Niewodniczanski
Oct 29, 2013, 6:50:02 PM10/29/13
to
On 29 October 2013 22:38, Rob Owens <row...@ptd.net> wrote:
On Mon, Oct 28, 2013 at 12:52:30PM +0100, Philipp Born wrote:
> Hi,
>
> we're looking for something a bit WSUS-like
What is WSUS?
From bit and pieces of discussion I think that you mike like to look into foreman:
http://theforeman.org/
http://theforeman.org/
Cheers,
--
Dr Wawrzyniec Niewodniczański or Wawrzek for short
PhD in Quantum Chemistry & MSc in Molecular Engineering
WWW: http://wawrzek.name E-MAIL: jo...@wawrzek.name
Linux User #177124
basti
Oct 30, 2013, 3:00:01 AM10/30/13
to
On 29.10.2013 23:43, Wawrzek Niewodniczanski wrote:
> What is WSUS?
http://en.wikipedia.org/wiki/Windows_Server_Update_Services
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
berenge...@neutralite.org
Oct 30, 2013, 6:50:01 AM10/30/13
to
Le 30.10.2013 07:57, basti a écrit :
> On 29.10.2013 23:43, Wawrzek Niewodniczanski wrote:
>> What is WSUS?
>
> http://en.wikipedia.org/wiki/Windows_Server_Update_Services
than what can be achieved by apt*.
I read that link when the OP asked, but the short description does not
seems to meet all the requirements the OP have. Otherwise, I would also
have replied to use a LAN repo (as sooner in this thread).
I think most of those needs could be achieved by using a collection of
tools in Debian, like (ana)cron (automatic lookup),
apt*(install/updage/etc)*, openldap/ssh (permissions), etc.
The main problems are that I have no idea about how to have a
centralized web interface for such a collection of tools and that there
will be a lot of work ( writing, testing and deploying the scripts could
not be trivial ).
I do not think that it is what the OP wants.
*: note that it would mean some playing with /etc/apt/sources.list.d
and /etc/apt/preferences.d, on "every" (but that sync could probably be
achieved automatically by using git/svn automatic sync at computer
startup, depending on the computer's role) client computers.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Colin
Oct 30, 2013, 7:30:02 AM10/30/13
to
On Mon, Oct 28, 2013 at 11:52 AM, Philipp Born <phi...@tamcore.eu> wrote:
>
> Hi,
>
> we're looking for something a bit WSUS-like for Debian (and Ubuntu) to roll out updates etc on our Debian- and Ubuntu-based infrastructure. We've already tried Landscape (the licensing fees are not economically for us) and Spacewalk (which would be perfect, if it would correctly recognize all packages..)
btw, what specific problem did you had with Spacewalk ? it seems to
>
> Hi,
>
> we're looking for something a bit WSUS-like for Debian (and Ubuntu) to roll out updates etc on our Debian- and Ubuntu-based infrastructure. We've already tried Landscape (the licensing fees are not economically for us) and Spacewalk (which would be perfect, if it would correctly recognize all packages..)
fit your needs...
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Philipp Born
Oct 30, 2013, 7:50:02 AM10/30/13
to
Am Mi 30 Okt 2013 12:19:49 CET schrieb Colin:
> On Mon, Oct 28, 2013 at 11:52 AM, Philipp Born <phi...@tamcore.eu> wrote:
>>
>> Hi,
>>
>> we're looking for something a bit WSUS-like for Debian (and Ubuntu) to roll out updates etc on our Debian- and Ubuntu-based infrastructure. We've already tried Landscape (the licensing fees are not economically for us) and Spacewalk (which would be perfect, if it would correctly recognize all packages..)
>
> btw, what specific problem did you had with Spacewalk ? it seems to
> fit your needs...
Spacewalk would be perfect, it fits most of our list. But it seems that
> On Mon, Oct 28, 2013 at 11:52 AM, Philipp Born <phi...@tamcore.eu> wrote:
>>
>> Hi,
>>
>> we're looking for something a bit WSUS-like for Debian (and Ubuntu) to roll out updates etc on our Debian- and Ubuntu-based infrastructure. We've already tried Landscape (the licensing fees are not economically for us) and Spacewalk (which would be perfect, if it would correctly recognize all packages..)
>
> btw, what specific problem did you had with Spacewalk ? it seems to
> fit your needs...
Spacewalk has some problems when it comes to correctly managing
debian/ubuntu packages.
When a system reports his currently installed packages to Spacewalk,
Spacewalk stores the list and tries to "link" each reported package
against known package metadata from the official repos.. But on some
packages (58 of 326 on a new system) Spacewalk lists them as unknown
and is not able to include them in update checks.
Hope my problem description is not too confusing :)
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Philipp Born
Oct 30, 2013, 8:00:02 AM10/30/13
to
On 29.10.2013 23:43, Wawrzek Niewodniczanski wrote:
>
>
>
>
>
>
> On 29 October 2013 22:38, Rob Owens <row...@ptd.net
> <mailto:row...@ptd.net>> wrote:
>
> On Mon, Oct 28, 2013 at 12:52:30PM +0100, Philipp Born wrote:
> > Hi,
> >
> > we're looking for something a bit WSUS-like
>
>
> What is WSUS?
>
> From bit and pieces of discussion I think that you mike like to look
> into foreman:
>
> http://theforeman.org/
>
>
> Cheers,
> Wawrzek
> --
> Dr Wawrzyniec Niewodniczański or Wawrzek for short
> PhD in Quantum Chemistry & MSc in Molecular Engineering
> WWW: http://wawrzek.name E-MAIL: jo...@wawrzek.name
> <mailto:jo...@wawrzek.name>
>
> On Mon, Oct 28, 2013 at 12:52:30PM +0100, Philipp Born wrote:
> > Hi,
> >
> > we're looking for something a bit WSUS-like
>
>
> What is WSUS?
>
> From bit and pieces of discussion I think that you mike like to look
> into foreman:
>
> http://theforeman.org/
>
>
> Cheers,
> Wawrzek
> --
> Dr Wawrzyniec Niewodniczański or Wawrzek for short
> PhD in Quantum Chemistry & MSc in Molecular Engineering
> WWW: http://wawrzek.name E-MAIL: jo...@wawrzek.name
> Linux User #177124
Do you have any experience with TheForeman in use for update management
on Debian-/ubuntu-systems?
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Henrique de Moraes Holschuh
Oct 30, 2013, 2:40:02 PM10/30/13
to
On Wed, 30 Oct 2013, Philipp Born wrote:
> Am Mi 30 Okt 2013 12:19:49 CET schrieb Colin:
> >On Mon, Oct 28, 2013 at 11:52 AM, Philipp Born <phi...@tamcore.eu> wrote:
> >>we're looking for something a bit WSUS-like for Debian (and Ubuntu) to roll out updates etc on our Debian- and Ubuntu-based infrastructure. We've already tried Landscape (the licensing fees are not economically for us) and Spacewalk (which would be perfect, if it would correctly recognize all packages..)
> >
> >btw, what specific problem did you had with Spacewalk ? it seems to
> >fit your needs...
> Spacewalk would be perfect, it fits most of our list. But it seems
> that Spacewalk has some problems when it comes to correctly managing
> debian/ubuntu packages.
> When a system reports his currently installed packages to Spacewalk,
> Spacewalk stores the list and tries to "link" each reported package
> against known package metadata from the official repos.. But on some
> packages (58 of 326 on a new system) Spacewalk lists them as unknown
> and is not able to include them in update checks.
Can you post a list of those 58 packates (preferably with version
> Am Mi 30 Okt 2013 12:19:49 CET schrieb Colin:
> >On Mon, Oct 28, 2013 at 11:52 AM, Philipp Born <phi...@tamcore.eu> wrote:
> >>we're looking for something a bit WSUS-like for Debian (and Ubuntu) to roll out updates etc on our Debian- and Ubuntu-based infrastructure. We've already tried Landscape (the licensing fees are not economically for us) and Spacewalk (which would be perfect, if it would correctly recognize all packages..)
> >
> >btw, what specific problem did you had with Spacewalk ? it seems to
> >fit your needs...
> Spacewalk would be perfect, it fits most of our list. But it seems
> that Spacewalk has some problems when it comes to correctly managing
> debian/ubuntu packages.
> When a system reports his currently installed packages to Spacewalk,
> Spacewalk stores the list and tries to "link" each reported package
> against known package metadata from the official repos.. But on some
> packages (58 of 326 on a new system) Spacewalk lists them as unknown
> and is not able to include them in update checks.
information as well)?
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Philipp Born
Oct 31, 2013, 3:30:01 AM10/31/13
to
On 30.10.2013 19:34, Henrique de Moraes Holschuh wrote:
> On Wed, 30 Oct 2013, Philipp Born wrote:
>> Am Mi 30 Okt 2013 12:19:49 CET schrieb Colin:
>>> On Mon, Oct 28, 2013 at 11:52 AM, Philipp Born <phi...@tamcore.eu> wrote:
>>>> we're looking for something a bit WSUS-like for Debian (and Ubuntu) to roll out updates etc on our Debian- and Ubuntu-based infrastructure. We've already tried Landscape (the licensing fees are not economically for us) and Spacewalk (which would be perfect, if it would correctly recognize all packages..)
>>>
>>> btw, what specific problem did you had with Spacewalk ? it seems to
>>> fit your needs...
>> Spacewalk would be perfect, it fits most of our list. But it seems
>> that Spacewalk has some problems when it comes to correctly managing
>> debian/ubuntu packages.
>> When a system reports his currently installed packages to Spacewalk,
>> Spacewalk stores the list and tries to "link" each reported package
>> against known package metadata from the official repos.. But on some
>> packages (58 of 326 on a new system) Spacewalk lists them as unknown
>> and is not able to include them in update checks.
>
> Can you post a list of those 58 packates (preferably with version
> information as well)?
>
Sure. To keep the conversation clean, I've used my nopaste site. Hope
> On Wed, 30 Oct 2013, Philipp Born wrote:
>> Am Mi 30 Okt 2013 12:19:49 CET schrieb Colin:
>>> On Mon, Oct 28, 2013 at 11:52 AM, Philipp Born <phi...@tamcore.eu> wrote:
>>>> we're looking for something a bit WSUS-like for Debian (and Ubuntu) to roll out updates etc on our Debian- and Ubuntu-based infrastructure. We've already tried Landscape (the licensing fees are not economically for us) and Spacewalk (which would be perfect, if it would correctly recognize all packages..)
>>>
>>> btw, what specific problem did you had with Spacewalk ? it seems to
>>> fit your needs...
>> Spacewalk would be perfect, it fits most of our list. But it seems
>> that Spacewalk has some problems when it comes to correctly managing
>> debian/ubuntu packages.
>> When a system reports his currently installed packages to Spacewalk,
>> Spacewalk stores the list and tries to "link" each reported package
>> against known package metadata from the official repos.. But on some
>> packages (58 of 326 on a new system) Spacewalk lists them as unknown
>> and is not able to include them in update checks.
>
> Can you post a list of those 58 packates (preferably with version
> information as well)?
>
that's ok. http://paste.tamcore.eu/07db2d9864.txt
That's the exact output I get when I open the systems "Extra
Packages"-list in Spacewalk. What Spacewalk doesn't shows, is that many
(if not, most) of these packages have an epoch set. Idk if that's
somehow related to the problem.
Don't wonder about the -X as pkgrel. I found out, that when the clients
replace pkgrel 0 with X when reporting their installed packages, they
Extra Packages listing is a bit shorter (if I let them report the
correct 0, the list is 89 entries long)
The unmodified output with -0 instead of -X is on
http://paste.tamcore.eu/3beac8d14a.txt
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
0 new messages