From owner-freebsd-net  Wed Jan 26  2:36:18 2000
Delivered-To: freebsd-net@freebsd.org
Received: from vidle.i.cz (vidle.i.cz [193.179.36.138])
	by hub.freebsd.org (Postfix) with ESMTP id 3E50B150E1
	for <freebsd-net@freebsd.org>; Wed, 26 Jan 2000 02:36:15 -0800 (PST)
	(envelope-from mm@i.cz)
Received: from ns.i.cz (brana.i.cz [193.179.36.134])
	by vidle.i.cz (Postfix) with ESMTP id A1BD230702
	for <freebsd-net@freebsd.org>; Wed, 26 Jan 2000 11:36:13 +0100 (CET)
Received: from woody.i.cz (woody.i.cz [192.168.18.29])
	by ns.i.cz (Postfix) with ESMTP id 215E236417
	for <freebsd-net@freebsd.org>; Wed, 26 Jan 2000 11:36:13 +0100 (CET)
Content-Length: 1441
Message-ID: <XFMail.000126113613.mm@i.cz>
X-Mailer: XFMail 1.3 [p0] on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=iso-8859-2
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <71DA16F18D32D2119A1D0000F8FE9A9402B5A3D2@mbtlipnt01.btlabs.bt.co.uk>
Date: Wed, 26 Jan 2000 11:36:13 +0100 (MET)
Reply-To: mm@i.cz
From: Martin Machacek <mm@i.cz>
To: freebsd-net@freebsd.org
Subject: RE: distributing software updates to boxes on a network
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On 26-Jan-00 graeme.n.brown@bt.com wrote:
> In the past I have tried doing this 
> 
> (i) via NFS where master version of S/W is held on an NFS server with 
> individulal routers mounting exported directory for the s/w and thus 
> all routers can execute same uptodate version of code
> 
> OR
> 
> (ii) via each router running a PERL script which does an ftp download
> of the s/w from an ftp server and then compiles/runs new version of
> code.

OR

have a master that keeps binaries and configuration for all routers/servers and
uses rsync (preferrably over ssh) to distribute them to target machine. This
scheme of course assumes that target machines have local harddisks. The big
advantage of this scheme is security. Target machines have to trust the master
but the master need not to trust anybody. Every action (with regards to changing
binaries and/or configuration on target machines) is invoked from the master.
Of course the master machine must be properly secured. I'm using this scheme to
manage over 40 servers (DNS/mail servers and firewalls) for one of our
customers. An extra goodie of this setup is that I can reinstall any machine
remotely. I only need somebody to exchange crashed disk for new one and insert
a boot floppy with minimal system (derived from picobsd). I'm working on using
netboot instead of the floppy. So far I'm very happy with this setup.

As usual YMMV :-)

        Martin 

---
[PGP KeyID F3F409C4]


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message