Date: Wed, 07 Aug 2002 05:23:45 +0200 From: "Roger 'Rocky' Vetterberg" <listsub@401.cx> To: BSD Freak <bsd-freak@mbox.com.au> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: There must be a better way to maintain older systems Message-ID: <3D5092C1.10906@401.cx> References: <ddbe48dd7dec.dd7decddbe48@mbox.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
BSD Freak wrote: > Hi all, > > I am responsible for maintaining 14 FreeBSD, 1 Windows 2000 and 1 > Solaris servers at three sites. While I am certianly no fan of Windows > 2000 or the commercial UNIX distributions I have to say they take up a > lot less of my time to maintain. For example I can download (binary > packages) patches and "Service Packs"/hotfixes to patch bugs and > vulnerabilities and then I forget about it. Upgrades of OS happen once > every 3-4 years (and usually accomany a hardware upgrade which makes it > a bit neater and less risky). > > With FreeBSD however I find myself upgrading every six months or so > when a new version is released. I spend half my time upgrading the 14 > production servers (in the middle of the night usually!), then by the > time I have gotten around to the last system, I'm usually only a month > or so away from the next -RELEASE and I I have to do it all again if I > am to keep my systems secure and current. > > I find myself thinking there *MUST* be a better way. I am quite happy > with the stability/features of older versions (ie 4.4-R 4.5-R etc). > Surely I don't have go through this upgrade cycle every six months! It > would be great to just run a pkg_add which would overwrite any insecure > binaries with newer patched ones (and do an actual binary upgrade only > when absolutely required - e.g. every 2-3 years). I am even thinking of > starting such a project myself. > > Am I missing something? (i.e. is there a better way?) > (If someone tells me to cvsup and do a makeworld on my busy production > servers I will scream!) I understand that you do not wish to run make buildworld on a lot of production machines, but there is another way. I have a machine whichs only task in life is to run make buildworld. It does nothing but cvsup its sources and build binaries to share with other machines. Doing a make installworld takes only a few minutes, reboot included, which is acceptable or atleast unavoidable even on production machines. Im sure a lot of the binary patches for your win2k server requires you to reboot too, dont they? With 14 machines, I would dedicate one of them as a 'builder'. Let it buildworld, share /usr/src and /usr/obj via NFS, mount them on the other machines and I would guess you could upgrade all 14 machines with 40-50 minutes of work. A few simple scripts and you could do it in 10. -- R To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D5092C1.10906>