Date: Thu, 01 Feb 2007 11:42:51 +0200 From: Anton Blajev - Valqk <valqk@lozenetz.org> To: Paul Chvostek <paul+fbsd@it.ca> Cc: freebsd-ports@freebsd.org Subject: Re: Package management on many hosts Message-ID: <45C1B61B.1090904@lozenetz.org> In-Reply-To: <20070131204849.GL95758@it.ca> References: <20070131204849.GL95758@it.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hmzz.. currently I manage a bunch of servers - 2-3 machines with 5-6 jails on each running. I use make package-recursive on one single server and after that I simply define PACKAGEROOT=http://172.16.4.6/ in the env of the shell. after that portupgrade -PP package-name I prefer updating packages one-by-one because there are some failures sometimes. there is one more thing, I upgrade only when there is a vuln. never for new version except when a new feature will be used and upgrade is required. Unfortunately I've never heard of solution you are looking for, Andrew is right that the enterprise level of quite a lot of tasks is not at needed level. I'm looking forward to hear from you for such a nice tools, even 'a bunch of hacks' from the beginning the would be useful. About the portaudit - if you are running jails, then there is an app jailaudit, but I'm not sure that there is a remote servers auditing tool. As far as I've looked over the source of the jailaudit it's a sh script that uses portaudit for every single jail. Starting from this point it won't be very hard to make a script using scp and portaudit on the same algorithm. Please keep me up to date to your researches and tools. Paul Chvostek wrote: > So ... on the topic of large-scale FreeBSD deployment ... > > How are people handling package version consistency in large groups of > servers? If you have a web farm with 10 hosts, plus 3 hosts in a QA > farm, and you want to make sure you're using the same version everywhere > and upgrading production to the version you tested last week in QA, do > you just do it manually, perhaps using portdowngrade on each host, or > installing binary packages built on one host? > > Next, how are people dealing with portaudit info for groups of servers? > Is the old standard of a cronjob for daily `portaudit -a` results still > the best option? > > I'm putting together some tools to help with this stuff, but I'd hate to > duplicate a perfectly functional wheel. > > Thanks. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFwbYbzpU6eaWiiWgRAqAQAKDMWC31+qB4YsdpunJrFmW36mp++gCgh5uF f8UR5imDMJThGaW56XKNUb8= =yk/l -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45C1B61B.1090904>