Date: Mon, 23 Apr 2012 21:42:39 +0000 From: Lars Wilke <lw@lwilke.de> To: freebsd-stable@freebsd.org Subject: Re: FreeBSD_9.0_Port_Upgrade Message-ID: <fvug69-r8v.ln1@lwilke.de> References: <542d8a7ba1b614d2260f117a29e412cb.squirrel@mail.digital-infotech.net>
next in thread | previous in thread | raw e-mail | index | archive | help
* Prabhpal S. Mavi wrote: > Dear FreeBSD Friends, > > i have FreeBSD 9.0 Stable Running the following roles for past four > months. Everything is functioning smooth alright. I read that system > should be upgraded frequently. i am afraid that if i upgrade something can > break. > > i am planing to run it like that until FreeBSD 9.2 is out, perhaps two > years before upgrade. i am not sure if this is a good idea. i seek your > advice about the upgrade. > > ROLE: Postfix Mail Server With Virtual Users Support Using MySQL Database, > Apache Web Server, Certificate Authority (CA). Squirrelmail, Postfix > Admin, Maia MailGuard Postfix-Admin, SPF, Postgray Filter, spamassassin, > Clamav. > [...] First you have to be aware that the stable tree in FBSD means something completly different than a release in Red Hat/CentOS land. Here stable is the stable branch which gets updates, bugfixes and new features. From this branch the next release is created. These updates and new features might not be as disruptive as in the development branch but still things change. So you might consider using a release branch instead, which only gets security and critical bugfixes. Critical really means critical here and not every bugfix around. In this regard a release branch is very stable :) So with stable you are really tracking a rolling release more like Debian testing or say a rolling release repository like the fasttrack repo in CentOS/Scientific Linux. While the release branch is more like staying on the same minor release in Red Hat. But the minor release in Red Hat gets far more updates even for not so serious bugs and sometimes even driver updates. The last part is AFAIU the reason that many people recomend the stable branch in FBSD, b/c you get bugfixes and some driver updates faster or even at all. If you would be on the release branch you would either have to switch to stable or wait for the next release branch to get these updates and fixes. As you are on stable i would suggest a test machine with the same setup, or at least a virtual machine with the same setup. Maybe a jail will do for you, else you could use something like virtualbox. Backups, always have backups and do some backups before doing something. Under Linux there is a nifty tool called etckeeper, it basically hooks into the package manager and tracks changes to /etc via version control. No idea if something like this is available under FBSD but you could roll your own ... If you use ZFS snapshots are easy and cheap, also there is basic Live Upgrade/Boot Environment support. http://anonsvn.h3q.com/projects/freebsd-patches/wiki/manageBE If you use ZFS, i really suggest you look into this one, b/c it allows you to switch your complete system around at will. Also, the updates can be tested on an exact production copy without affecting the running system. On the security side i would suggest some form of host basesd intrusion detection and some common sense hardening. Generally monitoring (alarming+capacity/trending) for a live service is a good idea, too. Accompanied by following the security advisories and using portaudit should be enough, i guess ... hth --lars
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fvug69-r8v.ln1>