5

How do I make sure that when I run apt-get update, apt-get upgrade on 2 different servers at different times, that I will get the same packages? How do I autotmate/enforce this?

The (simplified) use case I am currently looking at is if I upgrade everything to the newest version on a development instance, and test all of my custom software against it, this make take a day or 2. When I run updates/upgrades on a production machine, I'd like to only upgrade to the versions that I have previously tested. This would allow me build a process to iterate newer patches more quickly and safely than I currently do.

Ideally, I love to take a timestamp for the first upgrade, then enforce updates up to that timestamp on subsequent upgrades. (But any other suggestions would be great)

I've considered investigating a few options, but I'm not sure if they are promising yet and they require a bit of engineering time, and am curious if there is a more simple way of doing this.

1) Creating some sort of local apt repo that both caches the versions. That repo could pull all recent versions for the first pull, then only return those when subsequently queried.

2) Seeing if a configuration management tool like ansible/chef could capture all the versions that were updated on the first pull, then force the second pull to pull those exact versions.

Thanks.

Improve this question

2 Answers 2

Reset to default
6

You need to run your own apt repository using a tool like apt-mirror or aptly. With a simple tool like apt-mirror you can sync your repository before updating your development environment and not sync it again until you've updated your production environment. With a more sophisticated tool like aptly you can implement that or more complex package flows.

Improve this answer
1
  • A local mirror is the way to go. When you use public mirrors, it all depends on how "fresh" they are; some are delayed by a few hours, others update right away. Commented Apr 23, 2014 at 0:22
1
  1. Clean out /var/cache/apt/archives/. Not strictly necessary, but saves space and time copying in future steps.
  2. On a target system, perform an update using -d (download only) to pull down packages without applying them.
  3. Copy these files to /var/cache/apt/archives/ prior to the night of the environment upgrade.
  4. Run the update on all systems using --no-download, forcing the system to use your upgrade candidates.

Disclaimer: I have not tested this myself, but this is analogous to how I use yum in my own production environments to avoid problems with unplanned channel updates.

The local mirror method that sciurus mentions would be superior unless you don't have complete control over your local mirror and want to ensure that a sync does not occur between cluster patches.

Improve this answer
1
  • If you don't control the channel contents, you may want to look into an approach like polibyte.com/blog/applying_old_updates_via_yum . That depends on the time metadata being correct, though. Commented Apr 23, 2014 at 0:57

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.