From owner-freebsd-questions Mon Jul 22 9:51:49 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA51E37B401 for ; Mon, 22 Jul 2002 09:51:44 -0700 (PDT) Received: from kanga.honeypot.net (kanga.honeypot.net [208.162.254.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id B4B0E43E4A for ; Mon, 22 Jul 2002 09:51:41 -0700 (PDT) (envelope-from kirk@strauser.com) Received: from pooh.int (mail@pooh.int [10.0.1.2]) by kanga.honeypot.net (8.12.5/8.12.5) with ESMTP id g6MGpXNw016920 for ; Mon, 22 Jul 2002 11:51:34 -0500 (CDT) (envelope-from kirk@strauser.com) Received: from kirk by pooh.int with local (Exim 3.35 #1 (Debian)) id 17WgPF-00014l-00 for ; Mon, 22 Jul 2002 11:51:33 -0500 To: freebsd-questions@freebsd.org Subject: Re: FreeBSD upgrade maintenance vs. debian (please help) References: <20020722094844.D9023@cygnus.wks.Gallup.cia-g.com> From: Kirk Strauser Date: 22 Jul 2002 11:51:33 -0500 In-Reply-To: <20020722094844.D9023@cygnus.wks.Gallup.cia-g.com> Message-ID: <87heirg0yy.fsf@pooh.int> Lines: 50 X-Mailer: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 2002-07-22T15:48:44Z, David Wilk writes: > The recent security probs (libc, libdns, ssh) have given me quick lessons > on FreeBSD updates on a pre-production box. I'm not terribly thrilled > with the amount of downtime necessary to keep a FreeBSD box up to date. > I'm talking about the 'shutdown to single user mode, make installworld, > reboot to new GENERIC, test, reboot to CUSTOM and yer back in production'. I've always skipped the 'shutdown to single user' step, and I've been over three years trouble-free (although I realize that's no guarantee). > I'm also concerned with what will happen in about a year when security > updates are nolonger available for 4.6.1. An upgrade to the latest 4.x or > 5.x will undoubtedly be a big deal with substantial downtime. I've been tracking -STABLE since about a week after I first installed FreeBSD without substantial issues. I mean, updating from 3.4 to 4.0 was... interesting... but /usr/src/UPDATING covered everything that needed to be done. > How do you guys deal with this? warm-failover systems to take over during > downtimes? Or do you just accept that the system will go down for a while > at least once/year? For my servers, "a while" has never been longer than a normal reboot. > I come from a debian background where during the 1.5-2 year development > cycle and then 6 mos after, security updates to the system are as simple > as apt-get update&&apt-get upgrade with zero downtime. It's really not much different for FreeBSD. If the update was to, say, /usr/bin/passwd, you can probably get by with: cd /usr/src/usr.bin/passwd; make install > I'm currently lusting after the superior performance (in so many respects) > of the FreeBSD kernel (and I prefer the BSD style init) but am > apprehensive about the update/upgrade process. > so, FreeBSD advocates and experienced sysadmins, convince me to go > FreeBSD, Please! I can only offer anecdotal evidence. FreeBSD has always been a breeze to update. With the one exception of the time I had trouble updating vinum (which was easily fixed), updates have never been more than a quick reboot away. -- Kirk Strauser The Strauser Group - http://www.strausergroup.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message