Make the Fedora/CentOS/RHEL update service the fastest

Posted on Sun 06 April 2014 in CentOS

Since I played with some publish and subscribe protocols in the last months, I came to an idea to speed up the notification and delivery of software updates over the existing mechanism while reducing, or better optimizing, the needed resources.

Here a graphic to show what I try to implement:

Drawing software update push service

As an example in RHEL/CentOs or Fedora you can start yum and pull the latest updates frequently to see if there are some new packages. This can be done with manual cron jobs or the yum-updatesd. Every machine pulls in a defined frequency the complete package index and looks if something new was released. In my understanding it would be more efficient if the system gets notified that some new package is available or even better the system is listening only to updates and information of packages that are installed on that specific machine and need  be monitored. This not only can speed up and optimize the client-server communication this also could be a good way of optimizing the distribution of packages between repository mirrors. Each mirror can be notified if there is a new package and gets it pushed to make the package available as fast as possible.

I am aware that distribution of packages does not need to be optimized by milliseconds but in some environments such a notification mechanism can save money and bandwidth if a lot of clients need to be updated.

My plan is to discuss this with a proposal for a concrete implementation for yum based systems an the developers mailing list of Fedora to get a feeling if this is a real world requirement or if there is no need in optimizing this situation.

Up to now MQTT looks quite promising for me to do the notification mechanism or even push packages to the subscribed machines. With some control server in back this can make package deployment more efficient and faster. The package verification mechanism can work as now only the transport mechanism or the notification of a new package needs to be added to the existing infrastructure. Since MQTT supports SSL/TLS based connections and Websockets there should no bigger problem with security or blocked ports then today.