Do you run Tomcat on multiple AlmaLinux servers? If so, how do you handle keeping it up to date?
My team has about twenty CentOS 7 servers with Tomcat on. Tomcat is included in RHEL and hence CentOS 7, so we don’t do anything to keep Tomcat specifically up to date, it’s handled as part of the OS update process. There’s lots of blog posts out there about how to install Tomcat on AlamaLinux and it’s obviously not difficult to do. But then you have a Tomcat install that never gets updated unless someone goes through that whole process again. Monitoring Tomcat releases and taking manual steps to update it on twenty servers seems like it would get very tedious very quickly.
That is indeed the challenge with all applications that are not provided by (trusted) repositories. There are up to three steps:
Monitor upstream
Build binaries
Deploy to systems
With distro’s own packages Red Hat monitors upstream and modifies sources, AlmaLinux builds packages, and we “deploy” by running dnf up regularly.
For third-party content one should create a procedure that builds RPMs. Put those on local repository, from which the systems can ‘dnf up’.
If [Apache Tomcat] cannot be upgraded by simple ‘dnf up’, then indeed Ansible (or other Configuration Management System) should be able to do the necessary steps for any number of servers.
build your own rpm’s , makje a company repo rpm
en voila dnf update all your server
several methods crontab is the simpliest every day do a dnf update --skip-broken -y
prepare rpm and distribute through custom repository setup with repository disabled state. updates are left to users as per requirement. however advisors are sent out if it is critical to update.
You can use Anitya to watch upstream or something of your own if Anitya is overkill for you. I use Drone for building and publishing RPM in my own repo. The whole process is not completely automated and I still need to commit the RPM spec manually that will trigger a build. Koji is somewhat overkill for my purpose. You can also look into Almalinux ALBS. Although you probably also want to create an automated test of those packages and roll when they are stable.
