Yes, I am more than well aware of pdsh while handling dozens of clusters. The point is, we have a process in place already that does not involve these kinds of changes because all other vendors understand that some processes need to change with high impact security issues arise. I've had to revoke certificates for every research across the nation due to heatbleed, so I know this isn't always easy. The fact remains that Dell should have processes to deal with these issues like other vendors do. Full stop.
----- On 11 Jan, 2018, at 05:58, PJ Welsh <pjwe...@gmail.com> wrote: | ... || Date: Wed, 10 Jan 2018 17:03:25 -0700 || From: Stephen Dowdy < [ mailto:sdo...@ucar.edu | sdo...@ucar.edu ] > || To: Patrick Boutilier < [ mailto:bouti...@ednet.ns.ca | bouti...@ednet.ns.ca ] || >, [ mailto:linux-poweredge@dell.com | linux-poweredge@dell.com ] || Subject: [Linux-PowerEdge] FYI using pdsh for mass execution (Re: dsu || woes) || Message-ID: < [ mailto:e21300c5-f4c4-5abc-b150-fc4963985...@ucar.edu | || e21300c5-f4c4-5abc-b150-fc4963985...@ucar.edu ] > || Content-Type: text/plain; charset=utf-8 || On 01/10/2018 03:27 PM, Patrick Boutilier wrote: ||> What I would do is download the BIOS update file once and then create a script ||> to rsync it to the 1500 hosts and run the update. I presume you || > would?have?a?script?to?run?dsu?on?the?1500?hosts?anyway? || First: i gave up on using Dell's enterprise management tools due to constant || heartache/headache/frustration. It definitely makes me sad that these tools || continually change, but never actually get much better. (okay, it looks like || they are finally attacking the BASHisms in some of their scripts that borked || Debian/Ubuntu systems badly, but the continual lack of correctness/current-cy, || etc just pains me). || Second: || FYI, LLNL's 'pdsh' works great for this. requires ssh public key trust for || 'root' in my following examples to do the following (running DUPs requires || 'root'): || ** note that your public key should be offline until loaded in your ssh-agent || (oof, Meltdown/Spectre, sigh) || WARNING: as any tool that allows mass-execution, if you screw up, you've now || multiplied that screwup to a large number of systems, so always be careful. || If you have a file of hostnames already: || pdsh -lroot -g {file} 'command-to-run-on-all-remote-systems' || (file is usually dshgroup module selected so ~/.dsh/group/{file} or || /etc/dsh/group/{file}) | pdsh is a great tool... but with 1500 systems, I bet he knows about it. | DSU should be fixed, of course! | A critical or high impact release update for BIOS/firmware *.BIN files should | cause the Dell magic internal process to update the DSU repo! | Yes the bosses likely decided once-per-whatever is good enough, but clearly it's | not (good enough). All distributions have the concept of security/severity for | packages and updates in repositories; utilize those options. Keep your stable | once-per-whatever but give these high impact/high profile updates some legs to | move out more quickly and effectively for your Dell customers. | DSU has grown for the better... continue the growth in a positive direction. | Thanks | PJWelsh | _______________________________________________ | Linux-PowerEdge mailing list | Linux-PowerEdge@dell.com | https://lists.us.dell.com/mailman/listinfo/linux-poweredge -- James A. Peltier Manager - Research Computing Group | IT Services Simon Fraser University | ASB10973 8888 University Dr., Burnaby, B.C. V5A 1S6 T: 778.782.6573 | M: 604.365.6432 | sfu.ca/itservices Twitter: @sfu_it
_______________________________________________ Linux-PowerEdge mailing list Linux-PowerEdge@dell.com https://lists.us.dell.com/mailman/listinfo/linux-poweredge
