I’m looking into the best way to have locked version repos for my CentOS
systems. The systems are all set up with Chef and have a couple different recopies/roles. I’d like to have locked version repos for each role with tested RPMs. Then perhaps quarterly apply any updates. It would be nice to have something showing which updates are available for these locked repos. I’d also want to be able to just push single update RPMs into the repo (think heartbleed)
I’ve had a look at spacewalk and katello, but they seem a bit complicated. Katello seems closer to what I’m looking for with its versioned “Content Views”, but I don’t see how I could selectively include some new packages in it. It seems like it only handles making new snapshots of the underlying repos.
Maybe I’d be better off just setting up some repos on a web server and manually adding packages? I’d probably want a way to symlink packages to prevent disk bloat.
What are other people doing out there?