Updating SuSE Linux clients from a local update server

Find out how to gain greater IT security and manageability by connecting your SuSE clients to an enterprise SuSE YaST local update server.

In my last tip, we set up a single internal YaST Online Update (YOU) server to pick up updated software from the SuSE mirrors. Now, we're going to answer the question: How do clients connect to the server?

Let's review. In setting up the single internal YaST Online Update server, the idea was to minimize the load on the existing mirrors by having one machine hit the outside servers, instead of however many client machines you have, and enhance security by keeping updates inside your firewall.

So, your SuSE Linux Enterprise Server -- ideally configured as a Web/HTTP or FTP server, though YaST supports several other protocols -- hosts a copy of SuSE Linux 10. You locate a nearby YOU mirror from the list on Novell's SuSE Linux 10 mirrors page. Then, you open YaST to the YOU Server Configuration Module. Enter the appropriate information, including the YOU mirror (under Synchronization URL). If you intend to support multiple versions and/or architectures, add a new mirror for each.

Click Synchronize Now to pull down the current updates from your mirror. Enable automatic updates, then Start the Server.

Connecting clients

Having completed the server setup, we can now return to the question: how do your clients connect? Here's the process:

  1. On a client machine running SuSE Linux 10, open the YaST Online Update module (as the SuperUser, or using the sudo command), located on the default Software page. When the welcome page comes up, change the Installation Source to User-Defined Location. Now click New Server, then choose HTTP from the list, since the YOU server we set up last time is a web server.
  2. The Server and Directory dialog box should appear (see Figure 1). Type in the (case-sensitive) domain name or the IP address of your local YOU server, and the directory the update sits in (which should be /var/lib/YaST2/you).

  3. In the earlier example, we allowed anonymous connections, but if you have set up your server to require authentication, uncheck the Anonymous box and type in the appropriate username and password. Click OK to confirm the changes, and you should see the server name in the Location box.
  4. Start the update by clicking Next from this screen. YaST attempts to connect to the named server. If you have a problem connecting, make sure you typed in the correct information in the Server and Directory dialog box.

That's it! Now the best part: Let's say you've got 20 SuSE Linux desktops in your network, or even 200. You certainly don't want to open each and every desktop, run YaST and type in the directory information in a dialog box to get this update going. Fortunately, you don't have to. The dialog box is just a graphic interface for a simple text file located at /var/lib/YaST2/you/youservers. Copy this file (as Root) to each of your desktops, and you're done.

Well, you're almost done. Because each Linux box is a multi-user system, software installation and updates require Root permissions to execute. If you, as the system administrator, want to grant your users rights to run YaST, you will need to give them SuperUser access (with the Root password) to their machines, or use sudo to parcel out permissions accordingly.

Now, each time SuSE releases a security or other important patch, you or your users can pull them down at leisure, without worrying about hogging bandwidth.


This was first published in February 2006

Dig deeper on Linux system security best practices

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchDataCenter

SearchServerVirtualization

SearchCloudComputing

SearchEnterpriseDesktop

Close