28. Januar 2019

Errata für debian-basierte Systeme in orcharhino

Release 4.0.0 of orcharhino brought not only a completely reworked interface, but another hotly anticipated feature: the Errata management of Debian and Ubuntu hosts.

This sets a new milestone in orcharhinodevelopment. For over a year now we have been continuously working on the expansion of the Debian/Ubuntu support. A short overview can be found here.

The perfect day for the presentation of the newly integrated Errata Support for Debian-based systems was of course the Open Source Automation Day last October.

Excursus:

Errata are, so to speak, package inserts that offer a solution for a known problem. With an erratum you want to provide the admin with the information which packages have to be updated to fix a (security) problem.


In the Debian world, the concept of errata is not very common. The common motto here is the regular automatic installation of all updates of „debian-security“ (or ubuntu-security). However, this approach is doubtful, especially for servers in business-critical environments. You should consider very carefully whether you really want to install or renew packages like „nginx“ or „openssl“ automatically overnight on all productive web servers of a web application.

Since the release of orcharhino;4.0.0 the admin now has full control over the Debian / Ubuntu systems managed by orcharhino. He can now decide which servers should receive which security updates at which time. The Errata support for Debian / Ubuntu systems allows us to support every admin via a uniform interface.


The configuration of the Debian/Ununtu Errata feature is very simple: The Debian / Ubuntu security updates are provided via the „debian-security“ (or „ubuntu-securtiy“) repository. Add the errata to this repository by using the „Errata-URL: https://dep.atix.de/dep/api/v1/debian“. Via this URL the errata information is prepared for Debian or Ubuntu and made available in a machine-readable format for orcharhino. The overview page of the repositories available in a product now shows the number of errata in a repository.

The errata is processed the next time the repository is synchronized.


In addition, the system automatically calculates whether an existing Debian / Ubuntu host is affected by an errata. This answers the question whether this errata has to be installed on the host to solve the (security) problem.


In the orcharhino;Management UI you can display a list of all errata. This list can also be limited to applicable or installable errata for the already existing Debian/Ubuntu hosts.


If you select an erratum directly, you will get additional information like detailed description, affected packages, corresponding CVE (Common Vulnerabilities and Exposures), affected hosts, etc. This overview list can also be used to initiate an errata installation on one or more affected hosts.

Selecting the affected host will display the errata for the Debian / Ubuntu host. Of course, you can also start the installation of one or more errata here. orcharhino;checks whether an incremental content view version is required for the installation. This will contain all packages of the errata. The RemoteExecution plugin, which is standard in version 4.0.0, can now be used to install the erratum on the host.

With the administration of Errata for debian-based systems in orcharhino;we managed to complete the Debian / Ubuntu support. Of course we will continue to develop it further and report about it.

Weitere Beiträge

Bereit loszulegen?

Starten Sie noch heute Ihre
kostenlose Testphase!

Bei Fragen zu unseren Produkten und Leistungen oder allen
anderen Themen stehen wir selbstverständlich gerne zur Verfügung.

Suche