I retired a bit more than a year ago, so I don't have scripting details to share, but here's a conceptual outline of how we did it.
Had the same situation when we first deployed spacewalk/Satellite. We (okay, I) created RHSA-test and RHSA-prod patch channels for each base OS. Scripted forced registration to one or the other based on group membership, defaulted to prod group if no existing membership. On monthly day 1 at 00:01am, cron script ran to clone RHSA updates into the patch panels. There were procedures for using set management functions to schedule test patching and production patching per overall security policy and scripts to report unpatched systems at appropriate intervals. If "real time" software (i.e. from latest) installation/update became necessary for a system or group of systems, they could be resubscribed to the "real" channel and the install done, with blacklisting of *release packages as necessary to maintain base OS point. Robots checked whether a system had been left in such a subscription state for more than 24 hours, and forced them back to their patch channels. This was all in a medium scale (<10000 clients) environment, and the policy stances were driven by service level agreement with the prime customer and by their security policy. On 2017-01-12 15:36, Shaw, Michael wrote: > Hello, > > I walked into an environment that had no frozen channels and monthly patching > happened by whatever was available in the channel at the time, i.e. if there > was a kernel upgrade then the kernel upgraded. This has ended up causing > issues. > > I have since then locked all of the hosts and created base OS channels, i.e. > RHEL5.11, RHEL6.8, RHEL7.1, RHEL7.2, etc. I have also started creating a > monthly patch channels but how can I merge the channels? > > I need to keep the hosts at certain release level, i.e. RHEL7.2, but still > apply monthly patches. It doesn't seem like there is a straight forward way > to do this? > > Regards, > > Mike > > --- > > Mike Shaw - Linux Systems Administrator > > ITS - Production Operations - PaaS > > Phone-919.541.6003 Skype-live:mdshaw89 > > RTI International > > [email protected] > > _______________________________________________ > Spacewalk-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/spacewalk-list [1] Links: ------ [1] https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
