Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am posting this query to get your point of view or guidance in terms of Linux Upgrade techniques.
So we have a collection of Linux Servers which we use in our development environment. The policy so far was , since we use many of the Clients Application which can only run on Older Linux Servers Linux , we have never gone and upgrade SuSE Linux 10 Servers. Recently we have started using SLES 12 Servers and trying to migrate the older Server one by one.
But still we must keep few SLES 10 Servers. So now we have combination of SLES10 + SLES 12 Servers. With no mechanism of automatic OS upgrade.
SLES12 copy that we use is a licensed copy and hence we could register the systems with SuSE Network and these servers can receive updates via Zypper.
I would like to change this setup , as it prevents us from applying any critical security patches, making the systems vulnerable.
Now my question is, I would like to setup a OS Upgrade mechanism at our place and I need a direction to start the same. Hence I seek suggestions from you all.
I can categorise this mechanism of upgrade to avoid security vulnerabilities.
1. SLES 10 Systems ---> No updates/patches are released from SuSE --> ???
2. SLES 12 Systems ---> Updates/Upgrade are available ---> Zypper ??
I have following questions in my mind.
Every week or so there are ~ 50 Security Vulnerabilities and respective patches from SAMBA, Apache, OS , Kernel , VMWare etc etc. How you people keep track of these? What method you use? What happens if post upgrade / upgrade something goes wrong/ system does not come up after reboot? Application does not start/ Users are not able to use the application/ How do you do complete OS upgrade?
Kindly provide me this information so that I can prepare one action plan for our systems.
It is as well ok if you just point me to a proper weblink. I will start from there then.
If you are using SLE you should be asking for support from SUSE under your support contract, not from any kind of FOSS support channels, such as here.
If you don't have a SUSE support contract, the right OS choice is openSUSE, for which there are no support contracts available, but for which security fixes are quick to appear through normal free updates, either with YaST or zypper or a mix thereof. I use zypper mostly, and leave it up to the developers to decide what needs fixing and when. Many of these openSUSE fixes are created by SUSE developers shared with openSUSE due to SLE being a foundational base for openSUSE. Those updates that are not are usually for software not offered by SUSE.
Zypper is an excellent tool for system upgrades, since it gets lots of practice from use in openSUSE's rolling release Tumbleweed. I get great results with it, as do the vast majority of other TW users. If you're of a somewhat experimental mind you might wish to try upgrading one server or a clone thereof from SLE 12 to openSUSE Leap 15.0 or 15.1.
If you are using SLE you should be asking for support from SUSE under your support contract, not from any kind of FOSS support channels, such as here.
Yes we use SLE. Like mentioned, SLES 10 und SLES 12. SLES 10 has reached EOL. And SLES 12 we do have licensed version.
Quote:
If you don't have a SUSE support contract, the right OS choice is openSUSE, for which there are no support contracts available, but for which security fixes are quick to appear through normal free updates, either with YaST or zypper or a mix thereof. I use zypper mostly, and leave it up to the developers to decide what needs fixing and when.
So update is applied as per specific requirement? So those Security Vulnerabilities and their patch announcements , getting declared every week are ignored in this approach?
Quote:
Zypper is an excellent tool for system upgrades, since it gets lots of practice from use in openSUSE's rolling release Tumbleweed. I get great results with it, as do the vast majority of other TW users.
It seems Zypper is the tool. I have some experience with it. Thanks for suggestion though.
Quote:
If you're of a somewhat experimental mind you might wish to try upgrading one server or a clone thereof from SLE 12 to openSUSE Leap 15.0 or 15.1.
Yes I think, before a complete OS upgrade , the recommended approach would be preparing a clone system and testing everything before actual upgrade of the actual system.
All in all I would like to say thanks for your suggestion and comments.
Hello Mrmazda,
Yes we use SLE. Like mentioned, SLES 10 und SLES 12. SLES 10 has reached EOL. And SLES 12 we do have licensed version.
So as said, contact SuSE.
Quote:
So update is applied as per specific requirement? So those Security Vulnerabilities and their patch announcements , getting declared every week are ignored in this approach?
As with most things, if you don't pay for it, you don't get it. SLES is a commercial, PAY FOR distribution. You pay for support and stability, much the same as Red Hat Enterprise Linux. You can use it freely, but if you don't pay, you don't get support/patches/bugfixes/security updates. Which is why things like CentOS and Leap exist...the FREE versions that do receive those updates. If you use SLES/RHEL, you need to pay...otherwise, there's no point.
Quote:
It seems Zypper is the tool. I have some experience with it. Thanks for suggestion though.
Right; that's not changed with ANY version of SuSE.
Quote:
Yes I think, before a complete OS upgrade , the recommended approach would be preparing a clone system and testing everything before actual upgrade of the actual system.
Right, and that's why you can download SLES or RHEL freely...to test it on your systems, and make sure things are working, before you pay. Doing an upgrade like you propose is by far the best and safest thing to do. Good luck.
There is also a tool SMT which is recommended here. I am currently reading about SMT. Some questions I do have are ,
1. SMT tools has to be downloaded from registered SUSE account and then setup? So basically we do have a registered Server. I just download the tool SMT on it and configure it. So that it connects to the SuSE Network and get the latest/required updates. This means , only this server has to be registered with SuSE Network or all the SuSE clients (with valid registration code) must also be registered through this Proxy SMT Host? Then henceforth the clients in turn can get the required updates/patches from the Proxy SMT Host. Am I right?
2. The Patches can be downloaded on Proxy System and then as and when required could be pulled off by clients?
3. How different is a SMT Host from a non-SMT Host registered with SuSE Network and which can download the required updates, to be able to use on other SuSE Systems. I ask this question as I already have one Host which is registered with SuSE network. So basically my question is what is the need of SMT Host when any registered host can connect to SuSE network and download the patches for the rest of the clients.
Pure SMT Host <---> SuSE Network
Non SMT Host <---> SuSE Network
Thank you for your comments TB0ne.
There is also a tool SMT which is recommended here. I am currently reading about SMT. Some questions I do have are ,
1. SMT tools has to be downloaded from registered SUSE account and then setup? So basically we do have a registered Server. I just download the tool SMT on it and configure it. So that it connects to the SuSE Network and get the latest/required updates. This means , only this server has to be registered with SuSE Network or all the SuSE clients (with valid registration code) must also be registered through this Proxy SMT Host? Then henceforth the clients in turn can get the required updates/patches from the Proxy SMT Host. Am I right?
2. The Patches can be downloaded on Proxy System and then as and when required could be pulled off by clients?
3. How different is a SMT Host from a non-SMT Host registered with SuSE Network and which can download the required updates, to be able to use on other SuSE Systems. I ask this question as I already have one Host which is registered with SuSE network. So basically my question is what is the need of SMT Host when any registered host can connect to SuSE network and download the patches for the rest of the clients.
Pure SMT Host <---> SuSE Network
Non SMT Host <---> SuSE Network
Again, you need to contact SuSE support, and you also need to read the docs. You get a 60 day trial of SMT free....after that, nothing, so having downloaded/configured/used it doesn't mean you're paying for SLES. https://www.suse.com/products/subscr...nagement-tool/
Further, if you pay for/register ONE server, that's it...you don't get to put a dozen servers out there for free and have them all under support. Contact SuSE support/sales, and ask them how their subscription model works.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.