From owner-freebsd-isp@FreeBSD.ORG Fri May 22 14:45:20 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C9FE91065670 for ; Fri, 22 May 2009 14:45:20 +0000 (UTC) (envelope-from ericx@ericx.net) Received: from vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.freebsd.org (Postfix) with ESMTP id 9CCEF8FC16 for ; Fri, 22 May 2009 14:45:20 +0000 (UTC) (envelope-from ericx@ericx.net) Received: from localhost (loopback [127.0.0.1]) by vineyard.net (Postfix) with ESMTP id 83E809151D; Fri, 22 May 2009 10:28:05 -0400 (EDT) X-Virus-Scanned: by AMaViS-king1 at Vineyard.NET Received: from vineyard.net ([127.0.0.1]) by localhost (king1.vineyard.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id DPl9V853O8mq; Fri, 22 May 2009 10:28:05 -0400 (EDT) Received: from [204.17.195.104] (fortiva.vineyard.net [204.17.195.104]) by vineyard.net (Postfix) with ESMTPA id 3DD5991516; Fri, 22 May 2009 10:28:05 -0400 (EDT) Message-ID: <4A16B65F.4080603@ericx.net> Date: Fri, 22 May 2009 10:27:43 -0400 From: "Eric W. Bates" User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: "Tonix (Antonio Nati)" References: <4A166B29.1070202@interazioni.it> In-Reply-To: <4A166B29.1070202@interazioni.it> Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Avoiding source code on production servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2009 14:45:21 -0000 Tonix (Antonio Nati) wrote: > I'm in the phase of planning my new generation of FreeBSD servers, and I > would love to make them more easy to upgrade. > Main problem I have currently is I do not want any source code on > production server, so freebsd-update is welcome, but... what about > packages? > I would use packages, but they are not easy to upgrade, while ports can > be easy to upgrade, but need to have sources an servers. No source is a nice ideal; but you may not be able to stick to that and still get what you need. e.g. you may not want to always have the default options for every port. Just off the top of my head, I like SSL and English collation for mysql. You might consider using a single machine as your build machine and rsync your binaries out of it. If you really want to get rigorous and are maintaining a number of machines, then cfengine might help. > What do you suggest me? What is currently done on other environments? > > Thanks, > > Tonino > -- Eric W. Bates ericx@ericx.net (please note new address)