From owner-freebsd-stable@FreeBSD.ORG Mon Apr 23 22:08:16 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9FEBF1065670 for ; Mon, 23 Apr 2012 22:08:16 +0000 (UTC) (envelope-from freebsd-stable@m.gmane.org) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) by mx1.freebsd.org (Postfix) with ESMTP id 5B5B88FC0C for ; Mon, 23 Apr 2012 22:08:16 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1SMRQb-0005dr-Sv for freebsd-stable@freebsd.org; Tue, 24 Apr 2012 00:08:13 +0200 Received: from www01.lwilke.de ([78.47.159.91]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 24 Apr 2012 00:08:13 +0200 Received: from lw by www01.lwilke.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 24 Apr 2012 00:08:13 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-stable@freebsd.org From: Lars Wilke Date: Mon, 23 Apr 2012 21:42:39 +0000 Lines: 79 Message-ID: References: <542d8a7ba1b614d2260f117a29e412cb.squirrel@mail.digital-infotech.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: www01.lwilke.de User-Agent: slrn/0.9.9p1 (Linux) Subject: Re: FreeBSD_9.0_Port_Upgrade X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Apr 2012 22:08:16 -0000 * Prabhpal S. Mavi wrote: > Dear FreeBSD Friends, > > i have FreeBSD 9.0 Stable Running the following roles for past four > months. Everything is functioning smooth alright. I read that system > should be upgraded frequently. i am afraid that if i upgrade something can > break. > > i am planing to run it like that until FreeBSD 9.2 is out, perhaps two > years before upgrade. i am not sure if this is a good idea. i seek your > advice about the upgrade. > > ROLE: Postfix Mail Server With Virtual Users Support Using MySQL Database, > Apache Web Server, Certificate Authority (CA). Squirrelmail, Postfix > Admin, Maia MailGuard Postfix-Admin, SPF, Postgray Filter, spamassassin, > Clamav. > [...] First you have to be aware that the stable tree in FBSD means something completly different than a release in Red Hat/CentOS land. Here stable is the stable branch which gets updates, bugfixes and new features. From this branch the next release is created. These updates and new features might not be as disruptive as in the development branch but still things change. So you might consider using a release branch instead, which only gets security and critical bugfixes. Critical really means critical here and not every bugfix around. In this regard a release branch is very stable :) So with stable you are really tracking a rolling release more like Debian testing or say a rolling release repository like the fasttrack repo in CentOS/Scientific Linux. While the release branch is more like staying on the same minor release in Red Hat. But the minor release in Red Hat gets far more updates even for not so serious bugs and sometimes even driver updates. The last part is AFAIU the reason that many people recomend the stable branch in FBSD, b/c you get bugfixes and some driver updates faster or even at all. If you would be on the release branch you would either have to switch to stable or wait for the next release branch to get these updates and fixes. As you are on stable i would suggest a test machine with the same setup, or at least a virtual machine with the same setup. Maybe a jail will do for you, else you could use something like virtualbox. Backups, always have backups and do some backups before doing something. Under Linux there is a nifty tool called etckeeper, it basically hooks into the package manager and tracks changes to /etc via version control. No idea if something like this is available under FBSD but you could roll your own ... If you use ZFS snapshots are easy and cheap, also there is basic Live Upgrade/Boot Environment support. http://anonsvn.h3q.com/projects/freebsd-patches/wiki/manageBE If you use ZFS, i really suggest you look into this one, b/c it allows you to switch your complete system around at will. Also, the updates can be tested on an exact production copy without affecting the running system. On the security side i would suggest some form of host basesd intrusion detection and some common sense hardening. Generally monitoring (alarming+capacity/trending) for a live service is a good idea, too. Accompanied by following the security advisories and using portaudit should be enough, i guess ... hth --lars