Date: Thu, 28 May 2009 12:06:48 +0200 From: Angelo <nglrossi@gmail.com> To: "Tonix (Antonio Nati)" <tonix@interazioni.it> Cc: freebsd-isp@freebsd.org Subject: Re: Avoiding source code on production servers Message-ID: <6c1e076a0905280306q3457242q311e0f8a0c2cff38@mail.gmail.com> In-Reply-To: <4A166B29.1070202@interazioni.it> References: <4A166B29.1070202@interazioni.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, May 22, 2009 at 11:06 AM, Tonix (Antonio Nati) <tonix@interazioni.it > wrote: > I'm in the phase of planning my new generation of FreeBSD servers, and I > would love to make them more easy to upgrade. > Main problem I have currently is I do not want any source code on > production server, so freebsd-update is welcome, but... what about packages? > I would use packages, but they are not easy to upgrade, while ports can be > easy to upgrade, but need to have sources an servers. > > What do you suggest me? What is currently done on other environments? > > Thanks, > > Tonino > > -- > ------------------------------------------------------------ > Inter@zioni Interazioni di Antonio Nati > http://www.interazioni.it tonix@interazioni.it > ------------------------------------------------------------ > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > Hi, some good solutions have been suggested. I personally like and find easy to maintain these two: - having a build server where to compile code, pkg_create and then distribute the packages and pkg_add them (what I was doing at the last shop where I was working on FreeBSD) - when you need to install/upgrade software you nfsmount volumes from a non critical host that hosts the source code All the installation/upgrades can be pushed with a tool like cfengine; this way you can test the process on testing servers and then decide when and how to push the changes on the other machines in the order you wish. With cfengine you can perform whatever actions you want so you can actually include pre and post installation scripts and checks. This also makes really easy to add new machines, install a fresh OS and apply ALL the changes you applied to the other server without forgetting a single package or setting. To keep things simple I try to have the base freebsd setup as clean as possible on the server and install only the packages that are really needed for infrastructural purposes: monitoring tools, cfengine and a host based firewall. Every non infrastructural service goes on its own into a minimal jail This makes trivial to migrate services from a server to another and prevents to have package conflicts (never tried to make different versions of php or perl coexist?) on the base system. My 2 cents :) Angelo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6c1e076a0905280306q3457242q311e0f8a0c2cff38>