Yum package Resource and Red Hat Network Threshold


#1

I run chef-client frequently (ever 2 minutes or so) on a REL Linux box and I stumbled upon a " error because RHN has detected an abuse of service from this system" (See
https://access.redhat.com/knowledge/solutions/8165 for complete Error Message).
This happens in a simple package resource ('package “unzip” ').
It looks like the yum provider maintains a cache (http://www.rubydoc.info/github/opscode/chef/master/Chef/Provider/Package/Yum/YumCache) which is invalidated on every chef run and thus hits
the network.
Is there a way to avoid hitting the RHN every time? Checking if a package is already installed should be a local operation.
My use case for frequent runs is continuous deployment. I guess I could implement a semi push model by having the build server flip a flag and poll the flag with “chef free” cron job,
that in turn starts chef-client; But I’d like to avoid this if possible.

Regards,

Martin


#2

RHN limits you to one API query per hour per machine. If it isn’t in
your budget to get a Satellite subscription. Then your best option
might be to convert that continuous deployment machine requiring runs
every 2 mins. to a CentOS machine.

Eric G. Wolfe
Senior Linux Administrator,
IT Infrastructure Systems

Marshall University Computing Services
Drinko Library 428-K
One John Marshall Dr.
Huntington, WV 25755
Phone: 304.942.3970
Email: eric.wolfe@marshall.edu

You will be recognized and honored as a community leader.

On 02/19/2013 02:38 PM, Martin Eigenbrodt wrote:

I run chef-client frequently (ever 2 minutes or so) on a REL Linux box and I stumbled upon a " error because RHN has detected an abuse of service from this system" (See
https://access.redhat.com/knowledge/solutions/8165 for complete Error Message).
This happens in a simple package resource ('package “unzip” ').
It looks like the yum provider maintains a cache (http://www.rubydoc.info/github/opscode/chef/master/Chef/Provider/Package/Yum/YumCache) which is invalidated on every chef run and thus hits
the network.
Is there a way to avoid hitting the RHN every time? Checking if a package is already installed should be a local operation.
My use case for frequent runs is continuous deployment. I guess I could implement a semi push model by having the build server flip a flag and poll the flag with “chef free” cron job,
that in turn starts chef-client; But I’d like to avoid this if possible.

Regards,

Martin


#3

That is amazingly awesome.

Would it make sense to try and hack something up to refuse to run more
often than that?

Adam

On 2/19/13 11:47 AM, “Eric G. Wolfe” eric.wolfe@marshall.edu wrote:

RHN limits you to one API query per hour per machine. If it isn’t in
your budget to get a Satellite subscription. Then your best option
might be to convert that continuous deployment machine requiring runs
every 2 mins. to a CentOS machine.

Eric G. Wolfe
Senior Linux Administrator,
IT Infrastructure Systems

Marshall University Computing Services
Drinko Library 428-K
One John Marshall Dr.
Huntington, WV 25755
Phone: 304.942.3970
Email: eric.wolfe@marshall.edu

You will be recognized and honored as a community leader.

On 02/19/2013 02:38 PM, Martin Eigenbrodt wrote:

I run chef-client frequently (ever 2 minutes or so) on a REL Linux box
and I stumbled upon a " error because RHN has detected an abuse of
service from this system" (See
https://access.redhat.com/knowledge/solutions/8165 for complete Error
Message).
This happens in a simple package resource ('package “unzip” ').
It looks like the yum provider maintains a cache
(http://www.rubydoc.info/github/opscode/chef/master/Chef/Provider/Package
/Yum/YumCache) which is invalidated on every chef run and thus hits
the network.
Is there a way to avoid hitting the RHN every time? Checking if a
package is already installed should be a local operation.
My use case for frequent runs is continuous deployment. I guess I
could implement a semi push model by having the build server flip a flag
and poll the flag with “chef free” cron job,
that in turn starts chef-client; But I’d like to avoid this if possible.

Regards,

Martin


#4

You could clone the repository and change your machines to point at the
local yum repository instead of the one at RHN (we’ve done this, 500+
machines all updating their caches against a remote server was getting
expensive…)
then you can set up an rsync job to keep the local repository up to date on
a daily or weekly basis.

-jesse

On Tue, Feb 19, 2013 at 2:47 PM, Eric G. Wolfe eric.wolfe@marshall.eduwrote:

RHN limits you to one API query per hour per machine. If it isn’t in your
budget to get a Satellite subscription. Then your best option might be to
convert that continuous deployment machine requiring runs every 2 mins. to
a CentOS machine.

Eric G. Wolfe
Senior Linux Administrator,
IT Infrastructure Systems
------------------------------**--------
Marshall University Computing Services
Drinko Library 428-K
One John Marshall Dr.
Huntington, WV 25755
Phone: 304.942.3970
Email: eric.wolfe@marshall.edu

You will be recognized and honored as a community leader.

On 02/19/2013 02:38 PM, Martin Eigenbrodt wrote:

I run chef-client frequently (ever 2 minutes or so) on a REL Linux box
and I stumbled upon a " error because RHN has detected an abuse of service
from this system" (See
https://access.redhat.com/**knowledge/solutions/8165https://access.redhat.com/knowledge/solutions/8165for complete Error Message).
This happens in a simple package resource ('package “unzip” ').
It looks like the yum provider maintains a cache (
http://www.rubydoc.info/github/opscode/chef/master/
Chef/Provider/Package/Yum/**YumCachehttp://www.rubydoc.info/github/opscode/chef/master/Chef/Provider/Package/Yum/YumCache)
which is invalidated on every chef run and thus hits
the network.
Is there a way to avoid hitting the RHN every time? Checking if a package
is already installed should be a local operation.
My use case for frequent runs is continuous deployment. I guess I could
implement a semi push model by having the build server flip a flag and poll
the flag with “chef free” cron job,
that in turn starts chef-client; But I’d like to avoid this if possible.

Regards,

Martin