User Tools

Site Tools


cs471:cs_471_-_software_management

Software Installation & Maintenance


  • See the section of General Admin Principles that deals with software and system maintenance.
  • Software can be evil.
    • Can open doors to system intrusion through exploitable weaknesses in software, network ports needed by the software.
    • Can results in system instability, performance degradation, loss of disk space.
    • User demand requires software to be installed.
    • But the administrator should avoid installing software, as far as it is possible.

Package management systems

Packaged pre-compiled binaries

RPM - Red Hat Package Manager format

  • widely used
    • used on rockhopper, since its a Fedora Linux system
  • To install a RPM package
        rpm -i package.rpm
  • To upgrade a RPM package
        rpm -U package.rpm
  • To uninstall a RPM package
        rpm -e package.rpm
  • To query all RPM packages currently installed
        rpm -qa
  • RPM does not resolve package dependencies by itself
    • Tools to resolve RPM dependencies
      • yum (Red Hat, Fedora), up2date (Red Hat Network), autoupdate

Dpkg (DEB) - Debian's binary package format

  • widely used
  • Many popular, third party applications (firefox, google-chrome) are available now in both RPM and DEB format.

BSD package management

  • FreeBSD ports system
    • automatically download/compile/install from source
  • NetBSD tgz packages
    • pkgsrc system
  • Mac OS X
  • Gentoo Linux
    • Uses a BSD ports-like system

Scripting language-specific module management

  • Scripting languages have had their own module management systems for a while.
    • Perl modules can be installed via CPAN.
    • Python modules can be installed using easy_install or pip.
    • Ruby modules can be installed using RubyGems.
    • Normal users can use these systems without admin intervention, at the cost of possibly using more disk space per user and causing version conflicts.

Advantage of (most) package management systems

  • conflicts between packages are supposed to be resolved
  • package maintainers work with each other and the package maintainer community to resolve file naming conflicts
    • official Red Hat RPM repository
    • official Debian deb repository
      • assures quality control and conflict resolution

Doing it yourself from the source code

  • The GNU build system (autoconf/automake)
    • Software installs from source can often be reduced to a simple series of commands
      • the './configure; make; make install' routine
        • usually installs to the '/usr/local' directory tree
    • Newer alternatives to the GNU build system exist
      • Any type of scripted configuration/compilation system is preferable to having to deal with raw Makefiles or hand-editing the source code.
  • Source-installed software sandboxing systems
    • sandboxing: each program exists only in its own separate subdirectory (and only one subdirectory)
      • user-controlled sandboxing
    • BSD/Gentoo ports, pkgsrc, fink, macports, homebrew system may also use sandboxing systems of their own.

Making software available

  • making executables available
    • Add new bin directories to global $PATH in /etc/profile
  • making libraries available (Linux)
    • Add new lib directories to /etc/ld.so.conf & run ldconfig (Linux)
    • Add new lib directories to LD_LIBRARY_PATH in /etc/profile (old)
  • Other environment variables that need to be globally set
    • MANPATH, CLASSPATH (Java)

Commercial software

  • Licenses
  • Ethical issues
    • Buy single user license and use for a whole class
      • Legal? Ethical?
  • License daemons
    • Run in background to ensure that license is not violated
      • enforce per user licenses
      • enforce connection limits to an OS or service

Maintaining a lab or a large group of machines

  • Making sure all machines have same software and same versions of software and get upgraded/patched at the same time
    • cssh and similar solutions have their uses but can require a lot of screen real estate
      • They have an advantage that you can see what's going on on each machine.
      • Mostly suited to labs and clusters in which the machines use the same OS on the same or similar hardware.
    • simple shell script that visits each machine via ssh and runs a job in the background as root
      • a “push” solution
      • requires every machine to be up and running, else miss an update (as with cssh-like solutions)
        • wake-on-lan can take care of machines that are powered off
          • but can't help machines that are locked up/crashed
    • a scheduled update script run via cron that downloads and runs an update script at bootup or nightly
      • a “pull” solution
    • much more sophisticated and flexible “configuration management systems
    • “imaging” software, exemplified by software such as Norton Ghost, in which a group of machines are made to be in sync with a “golden image” (a machine on which a desired and set system configuration and software are installed).
      • good for lab environments on which you want to return all lab machines to a desired state after a day of student usage
      • also good for major system upgrades

Upgrading software

  • How should upgrades be performed?
    • Questions that should be considered:
      • When is it appropriate to upgrade software?
        • Is the upgrade needed now or can it wait?
          • How critical is the upgrade?
        • Is there a maintenance window?
          • How long will the upgrade take?
      • Has the upgrade been sufficiently tested?
      • Is there a backout path in case the upgrade causes problems or goes wrong?
        • Is there a reliable backup of the system?
      • Also see Software section of System Administration Principles.

Lab Activity

Software packages: Google Chrome

Install the Google Chrome web browser on your virtual Linux systems.

  • Record the details of the installation in your admin journals.
  • Download the appropriate package from http://www.google.com/chrome.
  • Note the software license that is used by Google Chrome. Also, see the EULA and fine print.
    • Is there an open-source alternative to or version of Google Chrome?
  • Where does Google Chrome install itself?
    • Can this information be found in the package file you downloaded?
    • Note also the software repository changes that the Google Chrome installation made.

Software packages: Rootkit Hunter

Install Rootkit Hunter on your virtual Linux systems.

  • Record the details of the installation in your admin journals.
  • Download the source code from http://rkhunter.sourceforge.net to a Downloads directory.
  • Run rkhunter.
  • An older version of Rootkit Hunter is available for installation via apt-get on your Linux VMs. In the case of this software package, why might downloading and running from the source code preferable?

Software packages: drjava and bluej

Install the drjava and bluej java IDEs on your virtual Linux systems.

  • Download the most recent packages from http://drjava.org and http://bluej.org. (Link to drjava jar file)
    • Neither of these software packages is available for download using apt-get.
  • See the Linux lab machines on which both drjava and bluej are installed.
  • Record the details of the installation in your admin journals.

Software packages: puppet & puppet master

Install the puppet and puppetmaster packages on your virtual Linux systems (VMs). Install just the puppet package on your Linux containers.


cs471/cs_471_-_software_management.txt · Last modified: 2018/03/24 17:39 by jchung

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki