Novell Home

Mirroring Update Servers

Novell Cool Solutions: Feature
By Berthold Gunreben

Digg This - Slashdot This

Posted: 28 Jun 2007
 

Contents:

  1. Requirements
  2. Using yup to Mirror Updates
  3. Updating the Clients

In some situations, such as enterprises with security concerns, Internet connections are not permitted or possible. Despite this restriction, systems in the local network still need updates for their SUSE Linux Enterprise operating systems. To enable updates, a mirror update server must be set up to provide the updates in the internal network.

Note: The following procedures describe how to set up an update server in an environment where Internet access is not available. This has been tested and should work flawlessly, but it is not supported by Novell. yup is a script that sets up a mirror of an existing update server for SUSE Linux Enterprise products on the local hard disk. It must be configured to use your Novell Customer Center account and offers several more parameters that normally do not need to be touched.

Requirements

Before starting to configure yup, get mirror credentials for your subscription. To do this, visit http://www.novell.com/center, select your subscription, and press Mirror Credentials. Using the standard NCC (Novell Customer Center) credentials is not sufficient, because those credentials are assigned to a specific GA or SP version of SUSE Linux Enterprise.

To create an update server that is independent from the Internet, two computers with SUSE Linux Enterprise Server are needed. One must be connected to the Internet. The other needs to be accessible from the internal network.

Depending on the number of distributions mirrored, quite some disk space must be available. To be sure to have enough, provide 10 GB of hard disk space for each distribution mirrored with a minimum of 30 GB. There are many possibilities for transferring the data from the external to the internal server. For example, it is possible to use a removable mass storage device, such as an USB disk, or transfer the data with the help of a tape drive. Depending on your implementation, more hardware may be needed.

Transfer of the Data
All the patches that are provided by Novell are supported in the same way as if they came directly from the update server. However, the responsibility for copying the data from the mirror server and providing the patches in the internal network is completely in the hands of the respective administrator. This is not supported by Novell.

Using yup to Mirror Updates

yup is configured in the central configuration file /etc/sysconfig/yup. Make sure that this file has read and write flags available only for the root user. To be sure that all the permissions are set to system defaults, run SuSEconfig --module permissions.

In the default configuration, yup mirrors all distributions that are available to the mirror credentials obtained from the Novell Customer Center. Before starting, at least three parameters should be configured, the YUP_ID, YUP_PASS, and YUP_DEST_DIR. Do this either in the configuration file /etc/sysconfig/yup with a text editor of your choice or, if you prefer a graphical front-end, with the YaST sysconfig editor (System > /etc/sysconfig Editor in the YaST control center).

YUP_ID
This value is provided by the Novell Customer Center. It is part of the mirror credentials.

YUP_PASS
This value is provided by the Novell Customer Center. It is part of the mirror credentials.

YUP_DEST_DIR
The default directory for yup to store the mirrored update sources is /var/cache/yup. If you do not change this, make sure that you have sufficient disk space in this directory.

After the configuration is finished, run yup as root without any additional parameters to start the download. The time needed depends on the available bandwidth, but even with fast connections, it takes some time to transfer the update sources.

Now transfer the downloaded update sources to the internal server. It is up to the administrator how this can be achieved. Removable hard disks, like USB, FireWire, or removable SCSI, or tape drives could be used. All the data must be available on the internal server.

The internal update server may be provided as a ZLM server or as a normal HTTP or FTP server. To use ZLM, read the documentation at /usr/share/doc/packages/yup/Advanced_SLES10_Patching_0.2.pdf on how to set up this service.

To set up a normal installation server on the internal mirror, YaST provides a module that handles this functionality. The exact procedure is described in the Installation and Administration guide of the official SUSE Linux Enterprise Server documentation in "Setting Up the Server Holding the Installation Sources".

To get regular updates, it is necessary to run yup at regular intervals. It is the responsibility of the administrator to provide all mirrored data to the internal server when needed.

Find more information about yup in the man page for yup and in the package documentation (/usr/share/doc/packages/yup).

Updating the Clients

The update procedure consists of two major steps. First, the clients must be updated from SUSE Linux Enterprise GA version to SP1 version. Afterward, they must be prepared for regular security updates and bug fixes.

Updating to SP1

After the internal mirror server is prepared, the update of a SUSE Linux Enterprise system is straightforward.

  1. Add the catalog SLES10-SP1-Online for SUSE Linux Enterprise Server or SLED10-SP1-Online for SUSE Linux Enterprise Desktop of the internal mirror to the installation sources of the computer.
  2. Start YaST online update and perform the update of the packages that are relevant for the update system and package management.
  3. Restart YaST online update to perform the remaining updates needed for SP1.
  4. Disable the registration on boot feature. This cannot succeed, because Novell Customer Center cannot be reached from the client. As user root, disable the feature with the command touch /var/lib/suseRegister/neverRegisterOnBoot.
  5. Reboot the system.

Preparing Regular Updates

After the update to SP1 has been completed, remove the SLES10-Updates or SLED10-Updates catalog and add the SLES10-SP1-Updates or SLED10-SP1-Updates catalog. Although it is no problem to keep the SLE?10-Updates catalog, removing this catalog saves quite some time in future update processes.

All further update tasks may be done exactly the same way as they on machines directly connected to the Internet. Updates are only available if the administrator of the mirror server regularly updates the mirror with the latest patches.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell