From owner-freebsd-isp@FreeBSD.ORG Fri May 22 22:18:05 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 53A961065677 for ; Fri, 22 May 2009 22:18:05 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from zoom.lafn.org (zoom.lafn.ORG [206.117.18.8]) by mx1.freebsd.org (Postfix) with ESMTP id 33E168FC15 for ; Fri, 22 May 2009 22:18:05 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from [10.0.1.4] (pool-71-109-162-173.lsanca.dsl-w.verizon.net [71.109.162.173]) (authenticated bits=0) by zoom.lafn.org (8.14.3/8.14.2) with ESMTP id n4MLhc5a099614 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 22 May 2009 14:43:38 -0700 (PDT) (envelope-from bc979@lafn.org) Message-Id: <3B06A176-1B66-4858-B67B-2D9D832B2104@lafn.org> From: Doug Hardie To: Tonix (Antonio Nati) In-Reply-To: <4A166B29.1070202@interazioni.it> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v935.3) Date: Fri, 22 May 2009 14:43:37 -0700 References: <4A166B29.1070202@interazioni.it> X-Mailer: Apple Mail (2.935.3) X-Virus-Scanned: clamav-milter 0.95.1 at zoom.lafn.org X-Virus-Status: Clean Cc: freebsd-isp@freebsd.org Subject: Re: Avoiding source code on production servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2009 22:18:05 -0000 On 22 May 2009, at 02:06, Tonix (Antonio Nati) wrote: > I'm in the phase of planning my new generation of FreeBSD servers, > and I would love to make them more easy to upgrade. > Main problem I have currently is I do not want any source code on > production server, so freebsd-update is welcome, but... what about > packages? > I would use packages, but they are not easy to upgrade, while ports > can be easy to upgrade, but need to have sources an servers. I maintain one, non-production, servers whose role is to keep the source and build the production kernels, userland, and ports. /usr/ src, /usr/ports, and /usr/obj are setup for NFS access. The production servers have empty directories for /usr/src, /usr/obj, and / usr/ports. For an upgrade I nfs mount those and do the upgrade. For locally developed software, it is maintained and tested on the non- production server. When its ready, there is a makefile entry for each production server that rcps the binary to the production server. This also helps in backups because the production servers only need to have their application data backed up. All the system/port backups are done on the non-production server.