- From: Jeffrey Hulten <
>
- To:
- Cc: Brad Knowles <
>
- Subject: [chef] Re: apt_package_hold or preventing version critical packages from being upgraded
- Date: Wed, 19 Dec 2012 09:52:34 -0800
I also tend to set up my own copy of the repository in this case. If everyone
is using that repo and I change files under a controlled process you don't
tend to see that happen.
This is, however, why I am against cookbooks adding repositories as a rule. I
would rather have to specify yum::epel in the run list than have a cookbook
add it for me.
--
Jeffrey Hulten
Principal Consultant at Automated Labs, LLC
206-853-5216
Skype: jeffhulten
On Dec 19, 2012, at 8:58 AM, Brad Knowles wrote:
>
On Dec 19, 2012, at 8:22 AM, Holger Amann
>
<
>
>
wrote:
>
>
>> That way, Chef would never try to upgrade a package in the first place.
>
>
>
> Yeah, chef is not the problem in that case. But sometimes there are more
>
> or less tons of system packages which are to be upgraded due to bug or
>
> security fixes. If you're (or a staff member) doing 'apt-get upgarde' and
>
> you're seeing about 80 packages to be upgraded, how do you manage that?
>
>
Don't allow anyone to do that manually. All package management should be
>
done exclusively through Chef. In fact, all systems management of all
>
types should be done exclusively through Chef.
>
>
If there is ever an emergency need to have an exception to this rule, and
>
that same emergency happens more than once, you should think about updating
>
your Chef recipes to be able to handle that emergency so that you don't
>
have to do that manually anymore. Or, at the very least, you should be
>
able to manually kick off the appropriate Chef process.
>
>
--
>
Brad Knowles
>
<
>
>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
>
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Archive powered by MHonArc 2.6.16.