Question: Manage updates of more then one machine?
Posted by Anonymous on Wed 4 May 2005 at 07:49
In my home network I have 2 Debian Sarge machines: one acting as a server (web, samba, cvs, etc), the other one as a client (KDE). To keep up with all updates I regularly perform 'aptitude update; aptitude upgrade'. Separately, for each machine.
So, many times I fetch updated package more then once over my internet connection.
It seems to me there must be a more economical way, so I am wondering how the pros, who manage many debian machines, do this.
Can I configure aptitude to look for the packages in a particular place in the network?
[ Send Message | View Steve's Scratchpad | View Weblogs ]
There are two obvious solutions to this problem:Use a proxy server
Use a toolSetup a caching proxy server with squid, and then point the second machine's apt configuration to it. Do this by adding the following to the file /etc/apt/apt.conf (creating it if necessary):
Acquire::http::Proxy "http://proxy.host.name:port/"; Acquire::ftp::Proxy "http://proxy.host.name:port/";
apt-proxy is designed to do this job.
Steve
-- Steve.org.uk
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
And no one works ! (or better said : I can't figure out to make one of these works !)
- has anyone good feedback with these tools ?
- which one works well ?
- which version is recommended (eg : apt-proxy, i read somewhere that stable version 1.3 is recommended and not testing/unstable one (1.9)) ?
thanks everyone
and sorry for bad english ;-)
[ Parent | Reply to this comment ]
Advantages of using this method are:
- 1) users can use the "caching proxy mirror" like any other full mirror. i.e. no proxy settings required in the clients, and users can browse the mirror tree like they could a full mirror.
2) you don't have to run a public squid service, only an apache proxy.
3) clients won't "miss" files in the proxy cache because they weren't using the same mirror to fetch their packages.
4) it only downloads packages in real time as they are needed, and then they're cached for future requests (based on the size of your squid cache).
5) multiple "caching proxy mirrors" can be setup with just a few lines of apache config (i.e. other distros, etc)
(I also put an index.html in the DocumentRoot explaining how to use the mirror. -And don't forget to add a robots.txt to prevent search engines from trying to index your entire cache!)
ServerName debian.proxy.example.com DocumentRoot /var/www/debian.proxy.example.com NoCache * RewriteEngine on RewriteRule ^/debian-non-US(.*) http://non-us.debian.org/debian-non-US$1 [P] RewriteRule ^/debian-security(.*) http://security.debian.org/debian-security$1 [P] RewriteRule ^/debian(.*) http://ftp.us.debian.org/debian$1 [P] ProxyRemote * http://127.0.0.1:3128/
-Thor Kooda
[ Parent | Reply to this comment ]
"apt-get update"
updates it's own packages list
and when runs
"apt-get upgrade"
check if the package is allready downloaded, else get it.
REMEMBER: I guess this, not done it, I manage 4 computers and my ISP is so fast that upgrading takes about 6min each, so no need to, however, if somebody does this, and work, please let me know (posting here).
[ Parent | Reply to this comment ]
You can find this script here: http://chris.quietlife.net/tmp/check-apt.txt
It depends on apt-listchanges (if you want to get the changes in the new packages).
It downloads the new updates, e-mails you the changes, but *does not* install them (since I'm lazy, not insane).
It still requires you to actually log in and do "apt-get upgrade" to actually install the packages.
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
Yes, I wrote debian-updates specifically to test for Security updates.
It'll need adjusting post-Sarge probably, but it looks like the script posted earlier will work. Assuming that the apt.sources list only contains "stable" and "security" sections the only changes every night will be as a result of DSAs.
Steve
-- Steve.org.uk
[ Parent | Reply to this comment ]
I use cron-apt directly for this. It will only e-mail me when a box has pending upgrades (and will tell me what are they).
Then an apt-upgrade coupled with apt-listbugs output and there you go.
And it works properly on Sarge too!
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
Another possibility - NFS mount /var/cache/apt so all machines share the same package cache.
Re. pushing updates to machines - I have a script which I run daily which sshes to each machine I administer in turn, and runs 'apt-get upgrade -u -y' on each. (It's probably not a good idea to run this automatically in case there are any configuration questions - in the past I've accidentally caused a database server to be down for several hours by not realising apt was asking me what to do about a changed config file...)
[ Parent | Reply to this comment ]
[ Send Message | View Serge's Scratchpad | View Weblogs ]
I must be lazy or stupid :) Any hints?
--
Serge
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Send Message | View Serge's Scratchpad | View Weblogs ]
the priority to the highest setting. That'll get rid of most questions, but not necessarily all of them.
That must be what I'm experiencing, but then I still don't know what's missing or how this stuff works exactly.
I like to go deep on certain details :-)
--
Serge van Ginderachter
[ Parent | Reply to this comment ]
#!/bin/sh
apt-get update
export DEBIAN_FRONTEND=noninteractive
yes '' | apt-get -y -o 'DPkg::Options={"--force-confdef";"--force-confold"};' upgrade But not always a very good solution... Cheers Julien
[ Parent | Reply to this comment ]
(you may want to check the spelling)
[ Parent | Reply to this comment ]
I also have a cron script on most of my machines:
apt-get update
apt-get upgrade -d -y
apt-get dist-upgrade -d -y
The key here is the -d this way it downloads the packages to each machine and I don't need to wait for the download when I manually do an upgrade later so that I can answer and configuration questions.
The other advantage of this is if I have a new machine I'm installing or a machine without the script. My apt-proxy is always kept up to date for the most common packages.
[ Parent | Reply to this comment ]
Useful stuff :-)
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
apt-move is used to move a collection of Debian package files into a proper archive hierarchy as is used in the official Debian archive.
Configuring it in the file /etc/apt-move.conf is not to hard.
After doing
$ apt-get upgrade
the command
$ apt-move update
puts the just downloaded archives in the archive directory specified in the configuration file.
This archive can be transferred (CDROM, rsync, NFS, ..) to other machines. On that machine you point apt-get to the archive directory, e.g., with the line
deb file:/home/pub/debian testing main contrib non-free
in /etc/apt/sources.list.
apt-move has also other useful options like "sync" which gets all the packages installed on the system into the archive hierarchy.
[ Parent | Reply to this comment ]
Configuring /etc/apt/sources.list pointing to local mirror (i.e. mounting NFS ), I only have to download once each .deb
[ Parent | Reply to this comment ]
I have pretty much the same setup as you have, except that both machines are used as desktop. If the update is quite big, I just scp the package cache from one machine to the other. The package set isn't exactly the same, but that's not a problem if you clean the cache every once in a while.
There are many other methods, better methods, as mentioned in the other comments, but I like to keep it simple. For two machines I'm not going to install a proxy.
[ Parent | Reply to this comment ]
Rgds, the anonymous question poser.
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]