On 1/2/08, Jim Ankenbrandt wrote:
We are considering installing yum and defining our own repositories, but any experience or group insight would be welcome
You can't do this sort of thing without running your own repository. We did that at AOL for all patches to HP-UX on the production servers. The OS support guys would qualify the patches internally (getting them direct from HP, after HP had put them through their own custom qualification service that they built for us), and would make them available on the internal repo. From there, they would go through a "normal" QA process, and then finally out onto production.
There were dedicated people who did nothing but these tasks, and did them across all machines for all workgroups, and where certain workgroups had their own dependancies and couldn't necessarily just take the standard QA'ed patches from the repo, they would go through the extra steps necessary to make sure that everything would actually work correctly before pushing them out.
I don't see any other way to do this process on a large scale, at least not in an environment where everything absolutely positively must be on the precise same revision of each and every patch in existence.
The other way is to design the system so that you can have variability in what versions of what patches are running where, and build the application so that it can handle those kinds of situations. I think that's the sort of thing that Google and Yahoo! do, as opposed to the way we used to do things when I was at AOL.
-- Brad Knowles <brad@xxxxxxxxxxxxxxxxx> LinkedIn Profile: <http://tinyurl.com/y8kpxu>