LISA’11: Tech Sessions pkg repo managment at AMD

Print Friendly, PDF & Email

Chris St. Piere is a Bcfg2 user and works for AMD. This paper is all about separating out package repos for better and safer package management. They employ different package repositories for different stages of the deployment, e.g. dev/prod. Before choosing their current solution the alternatives they tried were; yum excludes, spacewalk, bcfg2 version spec and yum version lock. The final solution chosen was Pulp which is part of VMware Cloudforms. Repositories can be cloned efficiently, sync mediated with filters, or managed with some manual manipulation.

The workflow model as mentioned follows a tiered repos setup. The periodic update schedule follows these rules:

  • upstream – daily sync
  • unstable – a filtered sync from “upstream”
  • stable – one week later another filtered sync from “unstable”

Filters are really only blacklists and manual package promotion is used for urgent situations which is a simple operation of 2 commands to push to stable. Service affecting packages are selected manually. From some statistical analysis, hosts with available packages to install decreases with this method and machines using pulp have less vulnerabilities. What is planned for the future is to work more on a web front end called sponge, written in django and available via github.com/stpierre/sponge.

We certainly can do this right now with little work and a bit of disk space usage. We have local repos setup, and managed using the debian equivalent reprepro (which incidentally has been around for ages). We’d just need to set the update policies and configure the separate repo sources in bcfg2 for the correct host classes.