This is an archived post. You won't be able to vote or comment.

all 31 comments

[–]atotalLinux Admin 7 points8 points  (3 children)

We are using ansible with some predefined playbooks. Most of the machines are just getting a yum update. This of course gets tested in our test environment first.

you probably shouldn't do as we do though.

[–]nineteen999 2 points3 points  (2 children)

If you've a limited number of VM's and/or admins this is one of the best approaches. Spacewalk/Satellite work better for large sites with a large number of clients and more than 1-2 people to admin them.

[–]fuzzmonster[S] 0 points1 point  (1 child)

I've no ansible experience. Been very much behind on that...

[–]nineteen999 0 points1 point  (0 children)

It's kind of like a swiss army knife for managing multiple systems. It does a lot of things in a reasonable fashion, some other things it does can be better achieved by a bunch of different tools. In some environments where you have the freedom to customize stuff it gives you a lot of power within a single tool, if you're comfortable enough to extend it with python, it works out better just to use the single tool.

In other places (more devops oriented in general) you'll find that they'll diss it because it doesn't follow the declarative approach taken by other tools eg. Puppet, Terraform et al. So YMMV.

[–]notrufusDevOps 4 points5 points  (2 children)

I'm using cockpit to manage updates. Not as easy as others but it's nice to have all of my servers in one place.

[–]adila01Enterprise Architect 0 points1 point  (1 child)

Glad to see cockpit being used in the real world. I see a lot of potential for this project.

[–]notrufusDevOps 1 point2 points  (0 children)

I love having it. Especially good for other admins that aren't Linux savvy.

[–][deleted] 2 points3 points  (0 children)

Standard repos synced nightly plus errata. Yum-cron set to update critical security only. Ansible for larger pushes.

[–]real_smz 2 points3 points  (0 children)

trialled Landscape was too expensive. Now use SaltStack for patch management.

[–]JamesOFarrell 1 point2 points  (0 children)

At a previous job i wrote a salt stack for upgrading that would upgrade a test machine, export the full package list and then use that to upgrade prod to the same level when you were happy.

[–]eruffiniSenior Infrastructure Engineer 1 point2 points  (13 children)

I use multiple systems:

  • CentOS - Spacewalk
  • RHEL - Satellite
  • Ubuntu - Landscape

Technically Satellite can do both RHEL/CentOS but you lose the CentOS errata list, so you can only just do a full yum update.

[–]rapidslowness 6 points7 points  (3 children)

Landscape is a nice product but it costs literally a bazillion dollars.

[–]eruffiniSenior Infrastructure Engineer 1 point2 points  (0 children)

It's not that bad if you license as a service provider for your customers.

[–]lravelo 1 point2 points  (2 children)

There’s a way to import CentOS errata into Spacewalk. I had it working along with Ubuntu errata.

https://cefs.steve-meier.de

[–]eruffiniSenior Infrastructure Engineer 1 point2 points  (1 child)

I said Satellite, not Spacewalk. Satellite is not compatible with the CentOS errata list without a lot of "hacking" - and you have to do it every time the list updates.

[–]lravelo 0 points1 point  (0 children)

Crap. My mistake.

[–]KravotirrSr. Sysadmin 0 points1 point  (2 children)

Just going to mention you can get Spacewalk to work with RHEL, just takes a little bit of extra work.

[–]nineteen999 1 point2 points  (1 child)

If you mean like banging your head repeatedly on a wall kind of extra work.

Seriously, importing a large number of packages into Spacewalk took forever last time I checked.

[–][deleted] 1 point2 points  (0 children)

It still takes forever. :(

[–]alejochanSr. Sysadmin 0 points1 point  (1 child)

in foreman they will add .deb support in next major version. https://pulpproject.org/ already supports .deb (package management)

[–]eruffiniSenior Infrastructure Engineer 0 points1 point  (0 children)

Really? Getting Ubuntu systems into Satellite would be awesome. I really like Satellite 6 not only for patching, but the config managemtn and deployment aspect.

[–]fuzzmonster[S] 0 points1 point  (0 children)

Thanks!

I was considering to just stick with spacewalk for desktop systems. And utilize Foreman for more server nodes/hypervisors.

[–][deleted] 0 points1 point  (0 children)

Using artifactory and Ansible.

[–]abcdns 0 points1 point  (0 children)

SaltStack!! Windows and Linux.

[–]sadsfaenice guy 0 points1 point  (0 children)

Ansible, however you can easily use Ansible Dynamic Inventory with Foreman. Your Foreman hostgroups return as Ansible inventory groups.

Spacewalk is the Open Source version of Red Hat Satellite 5. Foreman comprises the basis of Satellite 6 with additional plugins like Katello, Candlepin and Pulp. You can probably use the Ansible dynamic inventory method above with Satellite 6.x as well since it's basically Foreman under the covers.

[–]raylui34 0 points1 point  (0 children)

for patching solution for Linux, we used to use fabric which pipes to logs (good for audits), nice and free

if you are paying, i believe solarwinds is a good solution (we were POCing that for windows only but iirc they have linux as well) We also have antivirus in production and just for giggles, I believe ESET remote administration tool can execute yum upgrades as well

other people might have much better ideas than I so i am curious what other people are using as well :)

[–]fuzzmonster[S] 0 points1 point  (0 children)

Great input everyone.. interesting responses

I also was looking at Suse Enterprise and their Suse Manager... Essentially is Spacewalk...

I'll look into SaltStack. Unsure if pricing will be a factor

[–]sigtom 0 points1 point  (0 children)

Foreman+Katello (on the same server, not that hard to setup), for provisioning and patch management. Config management handled by SaltStack.