No. Not quite. Currently all of the hosts get their packages from a single host with a yum repository on it. In order to update/add a package, we first have to download it to this host and then update the repository. The developers wanted it this way, but it is making it extremely difficult for the system admnistrators to maintain updates with security fixes. I want to move us to having a satellite server that is connected to various satellite servers and control updates to the systems via content-views.
I’m trying to figure out a method to get the first content-view as close as possible to what is currently in the yum repository as possible. After I do that, then we can start adding incremental updates.
I did the following for an initial stab at it, but some of the content-views do not appear to have any packages in them (which was the reason for my other post - List Packages in a content-view.
On several hosts, I ran:
rpm -qa --queryformat ‘%{NAME} %{VERSION} %{RELEASE} %{EPOCH} %{ARCH}\n’ | grep -v gpg-pubkey | sort > /var/tmp/packages
I put those on the satellite server and combined into one file:
cat packages* | sort -u > cur-packages
Then I tried to build filter rules.
cd /var/tmp
mkdir content;cd content
TMPF=%(mktemp)
HTTP=‘http://mirror.umd.edu/centos/7/’
cat > filter.awk << EOF
/^–.– http://.[^/]$/ { u=$3; }
/^Length: [[:digit:]]+/ { print u; }
EOF
wget -r -np --spider ${HTTP}/os/x86_64/Packages/ 2>&1 | awk -r filter.awk | xargs -I % basename % | sort -u > centos-os
CVID=$(hammer content-view list | grep el7_content | awk ‘{ print $1 }’)
hammer content-view filter create --name “OS Filter” --type rpm --inclusion false
–description “Filter for OS Paackages” --content-view ${CVID}
CVFID=$(hammer content-view filter list --content-view ${CVID} | grep -vE ‘-----|FILTER ID’ | grep OS | awk ‘{ print $1 }’)
for ARCH in x86_64 noarch i686 ; do
IFS=$’\n’; for f in $(grep ${ARCH} cur-packages) ; do
set -a rpm
IFS=’ ’ read -r rpm[{0…4}] < <(echo ${f})
if [[ $(grep -c “^${rpm[0]}-${rpm[1]:0:2}” centos-os) -gt 0 ]]; then
yum --showduplicates list available ${rpm[0]} | grep “${rpm[0]}.${rpm[4]}” |
sed -e ‘s|32:||’ -e ‘s|12:||’ -e ‘s|14:||’ -e ‘/^$/d’ -e ‘s|10:||’ -e ‘s|1:||’ -e ‘s|2:||’ -e ‘s|4:||’
sort -g -k 2,2 > ${TMPF}
set -a vers
vers=( $(awk ‘{ print $2 }’ ${TMPF}) )
l=$(echo ${#rpm[1])
i=0
j=$(echo ${#vers[@]})
CANDIDATE=’’
while [[ $(i} -lt ${j} && -z ${CANDIDATE} ]]; do
if [[ ${rpm[1] < ${vers[${i}]:0:${l}} || ${rpm[1]} == ${vers[${i}]:0:${l}} ]]; then
CANDIDATE=${vers[$(i}]}
fi
((i++))
done
if [[ -z ${CANDIDATE} ]]; then
echo “A candidate for ${rpm[0]} was not found”
else
echo “The chosen candidate is: ${CANDIDATE}”
hammer content-view filter rule create
–content-view-id ${CVID}
–content-view-filter-id ${CVFID}
–architecture ${ARCH}
–name ${rpm[0]}
–max-version ${CANDIDATE:0:${l}}
–min-version ${rpm[1]}
fi
fi
cat /dev/null > ${TMPF}
unset rpm
unset vers
done
hammer content-view filter rule list --content-view-id ${CVID} --content-view-filter-id ${CVFID}
done
hammer content-view publish --id ${CVID} --async
This appears to work fine for the CentOS repository, but I’m not getting any packages in for the saltstack , docker, or centrify repositories.
Just wondering if anyone sees a flaw in my logic?