Application:

If you have a need in your environment to apply updates without having a new Kernel being applied, or apply updates that are deemed security only then the following should help you accomplish this goal.

Explanation:

The following scripts use zypper the command line tool of choice for updating in the SUSE Linux Enterprise 11 platform, with the idea of using the patch method instead of the update method for fully updating a system with the latest patches. All scripts will first check for any available software management patches and apply those first before proceeding with any other patches. This method insures that any pre or post patch scripts get executed and applied to the system and that the patching process is being executed optimally.

zypper_up_everything.sh Script:

This script will update everything.

Copy the text below into a file preferably named zypper_up_everything.sh or download it here.

#!/bin/bash

zypperbin=`which zypper`
softmgmt=`$zypperbin lp | awk '{ print $3 }' | grep softwaremgmt`
patches=`$zypperbin lp`

if [ -e $zypperbin ]; then
# Just in case there are more than one software management patch in a row
# i use a while loop to check until there are none

while [[ $softmgmt == *softwaremgmt* ]]
do
        $zypperbin -n up -t patch
done
# Execute zypper up -t patch again to execute after all
# software management patches have been applied

if [[ $patches != *"No updates found."* ]]; then
$zypperbin up -t patch
else
echo "No Updates Available."
fi
fi

zypper_up_nokernel.sh Script:

This script will update everything except the kernel.

Copy the text below into a file preferably named zypper_up_nokernel.sh or download it here.

#!/bin/bash

zypperbin=`which zypper`
softmgmt=`$zypperbin lp | awk '{ print $3 }' | grep softwaremgmt`
patches=`$zypperbin lp | awk '!/kernel/'`

if [ -e $zypperbin ]; then
# Just in case there are more than one software management patch in a row
# i use a while loop to check until there are none

while [[ $softmgmt == *softwaremgmt* ]]
do
        $zypperbin -n up -t patch
done
# Execute zypper up -t patch again to execute after all
# software management patches have been applied, and in this instance
# we will look for all categories of patches and exclude the kernel and only apply those.

if [ "$patches" != "" ]; then
$zypperbin lp | awk '!/kernel/ {print "zypper -n in -t patch "$3}' | sh +x
else
echo "No Updates Available."
fi
fi

zypper_up_security.sh Script:

This script will apply security patches only.

Copy the text below into a file preferably named zypper_up_security.sh or download it here.

#!/bin/bash

zypperbin=`which zypper`
softmgmt=`$zypperbin lp | awk '{ print $3 }' | grep softwaremgmt`
patches=`$zypperbin lp | awk '$7=="security"'`

if [ -e $zypperbin ]; then
# Just in case there are more than one software management patch in a row
# i use a while loop to check until there are none

while [[ $softmgmt == *softwaremgmt* ]]
do
        $zypperbin -n up -t patch
done
# Execute zypper up -t patch again to execute after all
# software management patches have been applied, and in this instance
# we will look for all security patches and only apply those.
if [ "$patches" != "" ]; then
$zypperbin lp | awk '$7=="security" {print "zypper -n in -t patch "$3}' | sh +x
else
echo "No Updates Available."
fi
fi

zypper_up_security_nokernel.sh Script:

This script will apply security patches with no kernel.

Copy the text below into a file preferably named zypper_up_security_nokernel.sh or download it here.

#!/bin/bash

zypperbin=`which zypper`
softmgmt=`$zypperbin lp | awk '{ print $3 }' | grep softwaremgmt`
patches=`$zypperbin lp | awk '!/kernel/ && $7=="security"'`

if [ -e $zypperbin ]; then
# Just in case there are more than one software management patch in a row
# i use a while loop to check until there are none

while [[ $softmgmt == *softwaremgmt* ]]
do
        $zypperbin -n up -t patch
done
# Execute zypper up -t patch again to execute after all
# software management patches have been applied, and in this instance
# we will look for all security patches and exclude the kernel and only apply those.

if [ "$patches" != "" ]; then
$zypperbin lp | awk '!/kernel/ && $7=="security" {print "zypper -n in -t patch "$3}' | sh +x
else
echo "No Updates Available."
fi
fi

Once you have these scripts created you can save them in /root/bin or something with the chmod 755 permissions on it. Now you are ready to set it up to run as a Cron Job or use it as you desire. You may want to add some logging to the script and have its output get logged to a separate file in /var/log.

Enjoy!!

(Visited 1 times, 1 visits today)
Tags:
Category: SUSE Linux Enterprise Server, Technical Solutions
This entry was posted Thursday, 25 February, 2010 at 5:35 pm
You can follow any responses to this entry via RSS.

Comments

  • asafmagen says:

    how can i install security updates by severity ( Critical, Moderate … ) if its even possible?

    in redhat ther is this command that lets you install security update by severity ( example: yum update –security –sec-severity=Critical
    )

    any chance SUSE has this too?

  • cseader says:

    Ah ok, your right. Yes that is not a functionality of zypper currently. I will put in a feature enhancement for this. We usually operate on the knowledge that everything with security is critical in nature.

  • eclipseagent says:

    $7 is no longer the delimiter for SLES 12. Additionally, your script will try to install the leading output of zypper lp, which isn’t ideal.

    An overall cleaner solution is to lock the RPMs, however, if that’s not the approach one wants to take, it’s best to grep for Updates (which for now is common across the standard SCC/NCC repository names).

  • Leave a Reply

    Your email address will not be published. Required fields are marked *