From owner-freebsd-isp@FreeBSD.ORG Tue Sep 14 10:14:28 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D7B916A4CE for ; Tue, 14 Sep 2004 10:14:28 +0000 (GMT) Received: from mailbox.wingercom.dk (mailbox.easyspeedy.dk [81.19.240.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A59443D77 for ; Tue, 14 Sep 2004 10:14:27 +0000 (GMT) (envelope-from per@xterm.dk) Received: from mailbox.wingercom.dk (localhost.wingercom.dk [127.0.0.1]) by mailbox.wingercom.dk (Postfix) with SMTP id 0E22D9316C for ; Tue, 14 Sep 2004 12:18:39 +0200 (CEST) Received: from 62.242.151.142 (SquirrelMail authenticated user per) by mailbox.wingercom.dk with HTTP; Tue, 14 Sep 2004 12:18:39 +0200 (CEST) Message-ID: <63183.62.242.151.142.1095157119.squirrel@mailbox.wingercom.dk> Date: Tue, 14 Sep 2004 12:18:39 +0200 (CEST) From: "Per Engelbrecht" To: In-Reply-To: <20040913143550.GC45085@wjv.com> References: <20040913143550.GC45085@wjv.com> X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: src update without console access X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 10:14:28 -0000 Hi Bill >> When running 'installworld', 'mergemaster -p' and 'mergemaster' >> the server needs to be in single-user mode. > > Recommended but not needed. sysctl kern.securelevel value >0 should determin that. That I was told in a previous mail and fbsd documentation back's it up. -1, 0 = ok with multi-user 1, 2= single-user only > I only manage a handful of servers and I've not had to go to the > colo for any work. I do make sure someone is there >IF< things go > wrong. > > The only time there was a problem was one older mobo that always > had the control keyboard connected and someone decided to stick > that on aother machine. > >> That is not possible for out customers! They often sit on the >> other side of the world on a ssh connection and in single-user >> mode you don't have ssh.That's the problem! > > I run the buildworld and buildkernel under nohup so I have a > complete lot. I start them up, and then log out, and check later > for any errors. nohup ? (sounds like a make.conf thing) > I then install the kernel and hope it comes up. That part has > never failed for me. > The problem is that you have no control over what your customers do > and they could easily modify things and wind up with a non-booting > kernel. > > Perhaps it would be good to set a policy so that customers notify > you when they are going to reinstall and have them do that only > when data center operators are there to copy the old kernel back > to a running one so the customer can sort things out. Our admin./install-setup (PXE / Java) is quite impressive. Customers can make cold/warm reboot's, power off/on(!), make reinstalls of same or other OS's, make backups and can get all kind of informations on their system(if they don't disable it from their default install). Customers get a mail on reinstall and reboot events. We have a log (from the PXE part) where we can see reinstalls and OS version on each node. All in all our customers are give a lot of options/features that make their lifes easier and documentation on top of that. My major concern was the src upgrade part. It's "fix'ed" now. > When I do the remote updated [almost always after 1AM] I'm down for > about 2 minutes rebooting the new kernel. Then I perform > the installworld, then run mergemaster, then a second reboot. > > So down time is about two periods of 2 minutes separated by > a 1/2 hour time frame. I can get to the facility in about > 20 minutes after 1AM so maybe that's why I never have a problem. > The machines must know that I can get there to fix them so they > don't bother breaking :-) :) Thank you for your input Bill and thank you to all you guys that replied on this thread. respectfully /per per@xterm.dk > > Bill > > > -- > Bill Vermillion - bv @ wjv . com