SLE 11: Software Updating; Categories and Exclusions | SUSE Communities

SLE 11: Software Updating; Categories and Exclusions

Share
Share

Application:

If you have a need in your environment to apply updates without having a new Kernel being applied, or apply updates that are deemed security only then the following should help you accomplish this goal.

Explanation:

The following scripts use zypper the command line tool of choice for updating in the SUSE Linux Enterprise 11 platform, with the idea of using the patch method instead of the update method for fully updating a system with the latest patches. All scripts will first check for any available software management patches and apply those first before proceeding with any other patches. This method insures that any pre or post patch scripts get executed and applied to the system and that the patching process is being executed optimally.

zypper_up_everything.sh Script:

This script will update everything.

Copy the text below into a file preferably named zypper_up_everything.sh or download it here.

#!/bin/bash

zypperbin=`which zypper`
softmgmt=`$zypperbin lp | awk '{ print $3 }' | grep softwaremgmt`
patches=`$zypperbin lp`

if [ -e $zypperbin ]; then
# Just in case there are more than one software management patch in a row
# i use a while loop to check until there are none

while [[ $softmgmt == *softwaremgmt* ]]
do
        $zypperbin -n up -t patch
done
# Execute zypper up -t patch again to execute after all
# software management patches have been applied

if [[ $patches != *"No updates found."* ]]; then
$zypperbin up -t patch
else
echo "No Updates Available."
fi
fi

zypper_up_nokernel.sh Script:

This script will update everything except the kernel.

Copy the text below into a file preferably named zypper_up_nokernel.sh or download it here.

#!/bin/bash

zypperbin=`which zypper`
softmgmt=`$zypperbin lp | awk '{ print $3 }' | grep softwaremgmt`
patches=`$zypperbin lp | awk '!/kernel/'`

if [ -e $zypperbin ]; then
# Just in case there are more than one software management patch in a row
# i use a while loop to check until there are none

while [[ $softmgmt == *softwaremgmt* ]]
do
        $zypperbin -n up -t patch
done
# Execute zypper up -t patch again to execute after all
# software management patches have been applied, and in this instance
# we will look for all categories of patches and exclude the kernel and only apply those.

if [ "$patches" != "" ]; then
$zypperbin lp | awk '!/kernel/ {print "zypper -n in -t patch "$3}' | sh +x
else
echo "No Updates Available."
fi
fi

zypper_up_security.sh Script:

This script will apply security patches only.

Copy the text below into a file preferably named zypper_up_security.sh or download it here.

#!/bin/bash

zypperbin=`which zypper`
softmgmt=`$zypperbin lp | awk '{ print $3 }' | grep softwaremgmt`
patches=`$zypperbin lp | awk '$7=="security"'`

if [ -e $zypperbin ]; then
# Just in case there are more than one software management patch in a row
# i use a while loop to check until there are none

while [[ $softmgmt == *softwaremgmt* ]]
do
        $zypperbin -n up -t patch
done
# Execute zypper up -t patch again to execute after all
# software management patches have been applied, and in this instance
# we will look for all security patches and only apply those.
if [ "$patches" != "" ]; then
$zypperbin lp | awk '$7=="security" {print "zypper -n in -t patch "$3}' | sh +x
else
echo "No Updates Available."
fi
fi

zypper_up_security_nokernel.sh Script:

This script will apply security patches with no kernel.

Copy the text below into a file preferably named zypper_up_security_nokernel.sh or download it here.

#!/bin/bash

zypperbin=`which zypper`
softmgmt=`$zypperbin lp | awk '{ print $3 }' | grep softwaremgmt`
patches=`$zypperbin lp | awk '!/kernel/ && $7=="security"'`

if [ -e $zypperbin ]; then
# Just in case there are more than one software management patch in a row
# i use a while loop to check until there are none

while [[ $softmgmt == *softwaremgmt* ]]
do
        $zypperbin -n up -t patch
done
# Execute zypper up -t patch again to execute after all
# software management patches have been applied, and in this instance
# we will look for all security patches and exclude the kernel and only apply those.

if [ "$patches" != "" ]; then
$zypperbin lp | awk '!/kernel/ && $7=="security" {print "zypper -n in -t patch "$3}' | sh +x
else
echo "No Updates Available."
fi
fi

Once you have these scripts created you can save them in /root/bin or something with the chmod 755 permissions on it. Now you are ready to set it up to run as a Cron Job or use it as you desire. You may want to add some logging to the script and have its output get logged to a separate file in /var/log.

Enjoy!!

Share
(Visited 17 times, 1 visits today)

Comments

  • Avatar photo asafmagen says:

    how can i install security updates by severity ( Critical, Moderate … ) if its even possible?

    in redhat ther is this command that lets you install security update by severity ( example: yum update –security –sec-severity=Critical
    )

    any chance SUSE has this too?

    • Avatar photo cseader says:

      You absolutely can.

      Check out zypper patch –help for the category option.

      categories would be security, optional, recommended.

  • Avatar photo cseader says:

    Ah ok, your right. Yes that is not a functionality of zypper currently. I will put in a feature enhancement for this. We usually operate on the knowledge that everything with security is critical in nature.

  • Avatar photo eclipseagent says:

    $7 is no longer the delimiter for SLES 12. Additionally, your script will try to install the leading output of zypper lp, which isn’t ideal.

    An overall cleaner solution is to lock the RPMs, however, if that’s not the approach one wants to take, it’s best to grep for Updates (which for now is common across the standard SCC/NCC repository names).

  • Leave a Reply

    Your email address will not be published. Required fields are marked *

    Avatar photo
    10,735 views
    cseader Senior Innovative Technologist with over 15 years of experience delivering creative, customer-centric value and solutions. Broad experience in many different verticals, architectures, and data center environments. Proven leadership experience ranging from evaluating technology, collaborating across engineering teams and departments, competitive analysis, and strategic planning. Highly-motivated with a track record of success in consistent achievement of projects and goals, and driving business function and management. Skilled problem identifier and troubleshooter, continually learning and adapting, and strong analytical skills. Efficient, organized leader with success in coordinating efforts within internal-external teams to reach and surpass expectations. Expert-level skills in the implementation, analysis, optimization, troubleshooting, and documentation of mode 1 and mode 2 data center systems.