From owner-freebsd-questions Tue Aug 6 20:22:28 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F72337B400 for ; Tue, 6 Aug 2002 20:22:25 -0700 (PDT) Received: from rambo.simx.org (rambo.simx.org [80.65.205.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F1E043E72 for ; Tue, 6 Aug 2002 20:22:24 -0700 (PDT) (envelope-from listsub@401.cx) Received: from 401.cx (rocky [192.168.0.2]) by rambo.simx.org (8.12.5/8.12.5) with ESMTP id g773MCd3083087; Wed, 7 Aug 2002 05:22:13 +0200 (CEST) (envelope-from listsub@401.cx) Message-ID: <3D5092C1.10906@401.cx> Date: Wed, 07 Aug 2002 05:23:45 +0200 From: "Roger 'Rocky' Vetterberg" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc2) Gecko/20020618 Netscape/7.0b1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: BSD Freak Cc: FreeBSD Questions Subject: Re: There must be a better way to maintain older systems References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG BSD Freak wrote: > Hi all, > > I am responsible for maintaining 14 FreeBSD, 1 Windows 2000 and 1 > Solaris servers at three sites. While I am certianly no fan of Windows > 2000 or the commercial UNIX distributions I have to say they take up a > lot less of my time to maintain. For example I can download (binary > packages) patches and "Service Packs"/hotfixes to patch bugs and > vulnerabilities and then I forget about it. Upgrades of OS happen once > every 3-4 years (and usually accomany a hardware upgrade which makes it > a bit neater and less risky). > > With FreeBSD however I find myself upgrading every six months or so > when a new version is released. I spend half my time upgrading the 14 > production servers (in the middle of the night usually!), then by the > time I have gotten around to the last system, I'm usually only a month > or so away from the next -RELEASE and I I have to do it all again if I > am to keep my systems secure and current. > > I find myself thinking there *MUST* be a better way. I am quite happy > with the stability/features of older versions (ie 4.4-R 4.5-R etc). > Surely I don't have go through this upgrade cycle every six months! It > would be great to just run a pkg_add which would overwrite any insecure > binaries with newer patched ones (and do an actual binary upgrade only > when absolutely required - e.g. every 2-3 years). I am even thinking of > starting such a project myself. > > Am I missing something? (i.e. is there a better way?) > (If someone tells me to cvsup and do a makeworld on my busy production > servers I will scream!) I understand that you do not wish to run make buildworld on a lot of production machines, but there is another way. I have a machine whichs only task in life is to run make buildworld. It does nothing but cvsup its sources and build binaries to share with other machines. Doing a make installworld takes only a few minutes, reboot included, which is acceptable or atleast unavoidable even on production machines. Im sure a lot of the binary patches for your win2k server requires you to reboot too, dont they? With 14 machines, I would dedicate one of them as a 'builder'. Let it buildworld, share /usr/src and /usr/obj via NFS, mount them on the other machines and I would guess you could upgrade all 14 machines with 40-50 minutes of work. A few simple scripts and you could do it in 10. -- R To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message