From owner-freebsd-current@FreeBSD.ORG  Sun Jul 20 11:15:16 2014
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id F337EA60
 for <freebsd-current@freebsd.org>; Sun, 20 Jul 2014 11:15:15 +0000 (UTC)
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7EBB52A27
 for <freebsd-current@freebsd.org>; Sun, 20 Jul 2014 11:15:15 +0000 (UTC)
Received: from list by plane.gmane.org with local (Exim 4.69)
 (envelope-from <freebsd-current@m.gmane.org>) id 1X8p54-0005wb-Pm
 for freebsd-current@freebsd.org; Sun, 20 Jul 2014 13:15:02 +0200
Received: from 92.54.176.20 ([92.54.176.20])
 by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00
 for <freebsd-current@freebsd.org>; Sun, 20 Jul 2014 13:15:02 +0200
Received: from kevin.bowling by 92.54.176.20 with local (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00
 for <freebsd-current@freebsd.org>; Sun, 20 Jul 2014 13:15:02 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-current@freebsd.org
From: Kevin Bowling <kevin.bowling@kev009.com>
Subject: Re: HOWTO articles for migrating from Linux to FreeBSD, especially
 for pkg?
Date: Sun, 20 Jul 2014 04:08:13 -0700
Lines: 74
Message-ID: <lqg7ut$b1b$1@ger.gmane.org>
References: <CAG=rPVcyqq2072+gF_X91BocxykJB6+U0cMhaNexxfVFpVqUbA@mail.gmail.com>
 <CAJ-Vmo=p6-7KCL8C09O4dPq04pitW5wDbtsDAyz-u4Qtr7rpRA@mail.gmail.com>
 <CAGZBXN8-Gq1=w8SBHCw26ZX4a29KHBx+4FV9XGK1HJiCOGuJ9A@mail.gmail.com>
 <CAJ-Vmo=8uAXqmX8D+oP+63dHWVKN6cn8wBH0HNsVmUciNRF1BA@mail.gmail.com>
 <53C920EA.7050604@freebsd.org> <53C9812D.90703@mu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: 92.54.176.20
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:31.0) Gecko/20100101 Thunderbird/31.0
In-Reply-To: <53C9812D.90703@mu.org>
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Jul 2014 11:15:16 -0000

On 7/18/2014 1:18 PM, Alfred Perlstein wrote:
>
> On 7/18/14, 6:28 AM, Allan Jude wrote:
>> On 2014-07-17 16:12, Adrian Chadd wrote:
>>> On 17 July 2014 13:03, Alberto Mijares <amijaresp@gmail.com> wrote:
>>>> On Thu, Jul 17, 2014 at 2:58 PM, Adrian Chadd <adrian@freebsd.org>
>>>> wrote:
>>>>> Hi!
>>>>>
>>>>> 3) The binary packages need to work out of the box
>>>>> 4) .. which means, when you do things like pkg install apache, it
>>>>> can't just be installed and not be enabled, because that's a bit of a
>>>>> problem;
>>>>
>>>> No. Please NEVER do that! The user must be able to edit the files and
>>>> start the service by himself.
>>> Cool, so what's the single line command needed to type in to start a
>>> given package service?
>>>
>>>
>>>
>>> -a
>>> _______________________________________________
>>> freebsd-current@freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-current
>>> To unsubscribe, send any mail to
>>> "freebsd-current-unsubscribe@freebsd.org"
>>>
>> We could make 'service apache22 enable'
>>
>> which can run: sysrc -f /etc/rc.conf apache22_enable="YES"
>>
>> and 'service apache22 disable'
>>
>> that can use sysrc -x
>>
>> And then ports can individually extend the functionality if they require.
>>
> I like this a lot.
>
> That said, if other distros are setting up apache in 2 steps and we
> require 3 then we require 50% MORE STEPs!
>
> Or they require 33% LESS steps than us.
>
> Just to put it into perspective.  Should FreeBSD be 50% more difficult
> or time consuming to configure?
>
> -Alfred

Yes.  As someone who works on a large fleet of Ubuntu systems, the worst 
thing dpkg does is auto-start services and it even auto-restarts them on 
updates in some cases.

* Starting a service is a security risk.  Especially before it has been 
configured, either manually or with tools.  This is potentially true 
even with "sane defaults" - for instance, the pkg may be installed from 
an image/media and need to be updated from an internet repo because the 
image has aged.
* Mandatory (re)starting of a service may happen before all deps are 
upgraded/installed, requiring multiple pointless and time consuming 
restarts.
* Likewise, starting a service before the manual or CM policy hits can 
cause all sorts of problems, difficulties, and again even security 
implications.

The way of doing things for large infrastructure is using some type of 
config management or orchestration tool like Puppet, Chef, Salt, 
Ansible, cfengine.  This is even the case for small deployments for the 
types of users Craig was talking about in the initial post.

Regards,
Kevin