12.3 YUM Repositories Derived from a Frozen Patch Level
Frozen patch levels created as described in Section 12.1.2, Creating a Frozen Patch Level require a ZENworks Configuration Management agent on the target device. If a ZENworks Configuration Management agent cannot be installed or if the frozen patch level is to be deployed as part of the initial installation, an update source of type ZENworks cannot be used because of the non-standard APIs used by ZENworks Configuration Management.
However, ZENworks Configuration Management has the ability to convert patch bundles into an open format understandable by the standard zypp libraries. This is called a YUM repository.
A YUM repository can be used by zypper, which is the main patch management tool provided by SLES 11. It allows you to update devices without a full agent. In addition, YUM repositories can be consumed during the initial installation phase of a device because the libraries that are used (libzypp) do understand the repository format.
Novell Consulting recommends that you use YUM repositories to deploy frozen patch levels during unattended installations (AutoYaST) to reduce administrative overhead. A device installed in this way does not need to be patched until the next patching cycle. For more information, see Add-On Products.
A YUM repository should always be created from a bundle group such as SLES11-SP1-Updates-PROD, containing a generic frozen bundle that represents the actual patch level used in production. Date strings or other dynamic identifiers must be avoided as part of the name for YUM repositories because the URL accessed by zypper or within AutoYaST must always remain the same. The alternative is to synchronize scripts or control files every time the name of the repository changes, which is not recommended.
Figure 12-37 through Figure 12-40 demonstrate how to create a YUM repository from a frozen patch bundle.
The creation process must be initiated from the summary page of a Linux bundle group.
Figure 12-37 Creating a YUM Service for a Bundle Group
In the following dialog window, leave the check box selected. In addition, at least one Primary Server that hosts the YUM service must be selected before you click .
Figure 12-38 Creating a YUM Service for a Bundle Group - Select Auto Update Option and Primary Servers
An icon like a bouncing ball is displayed for a time, depending on the bundle size
Figure 12-39 Creating a YUM Service for a Bundle Group - Summary
The YUM repository has now been created and the URL through which the new repository can be accessed is displayed.
Figure 12-40 Creating a YUM Service for a Bundle Group - Status And URL
The YUM repository created in the example above can be accessed by zypper, using the following command:
zypper ar https://<servername>/zenworks-yumrepo/SLES11-SP1-UPDATE-PROD sles11sp1_prod
To use the YUM repository within AutoYaST, an add_on_products section must be specified, similar to the following control file:
<add-on>
<add_on_products config:type="list">
<listentry>
<media_url>%%YUM_SERVER%%/zenworks-yumrepo/SLES11-SP1-UPDATE-PROD</media_url>
<product>SLES11-SP1-UPDATES</product>
<product_name>sles11sp1_prod</product_name>
<product_dir>/</product_dir>
</listentry>
</add_on_products>
</add-on>
IMPORTANT:YUM repositories created by ZENworks Configuration Management are not signed by the current ZENworks Configuration Management versions (ZCM 11 SP2). In practice, this means that every access to the YUM repository creates a warning issued by the client (for example, zypper or YaST) about an unsigned repository.
To avoid these messages, the ZCM repository can be manually signed by using gpg, as explained in the Cool Solutions article “How to digitally sign a YUM repository created with ZCM11”.
If a new patch cycle occurs, the frozen patch bundle representing the new patch level must be added to the bundle group assigned to the target devices. At the same time, the bundle representing the old frozen patch level must be removed from this same bundle group. This changes the status of the YUM service from green to yellow, indicating that the YUM service is not updated with the latest content on one or more servers. The update happens automatically at the time configured in your YUM Service Settings (see Section 10.4, Configuring the Inventory Schedule).
If you want to start the update immediately, just select the link and the button. This triggers the update process indicated by the bouncing ball (see Figure 12-39).