From owner-freebsd-isp@FreeBSD.ORG Mon May 18 10:46:33 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 739E1106564A for ; Mon, 18 May 2009 10:46:33 +0000 (UTC) (envelope-from tonix@interazioni.it) Received: from mx02.interazioni.net (mx02.interazioni.net [80.94.114.204]) by mx1.freebsd.org (Postfix) with ESMTP id 9C04D8FC19 for ; Mon, 18 May 2009 10:46:27 +0000 (UTC) (envelope-from tonix@interazioni.it) Received: (qmail 75553 invoked by uid 88); 18 May 2009 10:46:23 -0000 Received: from unknown (HELO ?192.168.56.198?) (tonix@interazioni.it@85.18.206.139) by relay.interazioni.net with ESMTPA; 18 May 2009 10:46:23 -0000 Message-ID: <4A113C7C.506@interazioni.it> Date: Mon, 18 May 2009 12:46:20 +0200 From: "Tonix (Antonio Nati)" User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: <4A080851.3090101@interazioni.it> <4A080927.2080307@eenet.ee> <4A080C45.7010003@interazioni.it> <4A09D839.9040908@ngc.net.ua> In-Reply-To: <4A09D839.9040908@ngc.net.ua> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Questions on clustered FS + NFS X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2009 10:46:33 -0000 Actually, we are thinking to test ocfs2 + nfs in ths way: * a couple of Linux servers using ocfs2 sharing the same partition * NFS running on both, with heartbeat enabling only one, because we don't know how NFS can share locks among more NFS servers. To be more complete, we don't like how locks are handled by any of previously mentioned products. Ideally, there sould be a Distribuited Lock Manager (DLM), among all servers, and all layered products, both FS and NFS server, should use that DLM in order to manage/share locks. Is there any idea to develop a DLM on FreeBSD, to be integrated in kernel? Tonino Zinevich Denis ha scritto: > The same issue for me. I have SAN connected to 4 servers. I was > searching for such fs for about a week several month ago. I have not > found anything matching this task. What was close - CODA. Now i do not > exactly remember why it was not suitable for me... > If you found how to solve this question - mail me please, I`m very > interested in it too. > > Link. > > Tonix (Antonio Nati) пишет: >> Joel Jans ha scritto: >>> Tonix (Antonio Nati) wrote: >>>> I'd love to put all my storage on a clustered NFS (with a ridondant >>>> iSCSI controller and storage), FreeBSD based of course, but I see >>>> there is not any clustered FS on FreeBSD. >>>> >>>> So, the solution seems to run a couple of GFS or OCFS2 on some >>>> Linux servers, more some NFS servers handled by heartbeat. >>>> >>>> Is there any FreeBSD solution I could adopt? >>>> >>> >>> Glusterfs, http://www.gluster.org/docs/index.php/GlusterFS >>> http://www.freebsdwiki.net/index.php/GlusterFS >>> >>> Joel Jans >>> >>> >> GlusterFS looks to be a distribuited FS. >> What I need is to have two/three servers which are mounting in >> read/write exactly the same storage (an external iSCSI subsystem), >> exactly like wonderful old VMS did, or like GFS or OCFS2 seems to do >> now. >> Both servers must mount the same iSCSI partitions, so they work on >> the same data. >> >> Tonino >> >> > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > -- ------------------------------------------------------------ Inter@zioni Interazioni di Antonio Nati http://www.interazioni.it tonix@interazioni.it ------------------------------------------------------------ From owner-freebsd-isp@FreeBSD.ORG Tue May 19 05:04:31 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 40CDC1065677 for ; Tue, 19 May 2009 05:04:31 +0000 (UTC) (envelope-from devnull@clara.net) Received: from cgi31-ch.uk.clara.net (cgi31-ch.uk.clara.net [195.8.66.58]) by mx1.freebsd.org (Postfix) with ESMTP id 06CA88FC1D for ; Tue, 19 May 2009 05:04:30 +0000 (UTC) (envelope-from devnull@clara.net) Received: from localhost ([127.0.0.1] helo=cgi31-ch.uk.clara.net ident=Debian-exim) by cgi31-ch.uk.clara.net with esmtpa (Exim 4.63) (envelope-from ) id 1M6G7V-0008NZ-C9 for freebsd-isp@freebsd.org; Tue, 19 May 2009 04:36:01 +0100 Received: from web48739 by cgi31-ch.uk.clara.net with local (Exim 4.63) (envelope-from ) id 1M6G7T-0008NW-L1 for freebsd-isp@freebsd.org; Tue, 19 May 2009 04:35:59 +0100 To: freebsd-isp@freebsd.org From: Dr.Barry Smith MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit Message-Id: Sender: web48739 Date: Tue, 19 May 2009 04:35:59 +0100 Subject: Do You Need Financial Assistance X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: drbarrysmith002@gmail.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 May 2009 05:04:31 -0000 Do you need financial Assistance? We offer the following financial services 1. Personal Loans Quick & Secure! 2. Unsecured Personal Loans With Bad Credit. No Faxing of Documents and NO Credit Checks. Please send us an email with your contact information as below: * Name Of Applicant: * Country:- * Age: * Sex: * Occupation: * Tel: * Mobile: * Amount Requested : * Loan Duration: * Purpose of the Loan: Dr.Barry Smith For: Smith Financials drbarrysmith002@gmail.com From owner-freebsd-isp@FreeBSD.ORG Tue May 19 18:35:55 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 465FE106567A for ; Tue, 19 May 2009 18:35:55 +0000 (UTC) (envelope-from monitor@1stnewsletters.com) Received: from smtp.1stinfosystems.com (ns1.1stinfosystems.com [207.178.197.212]) by mx1.freebsd.org (Postfix) with ESMTP id 208BB8FC08 for ; Tue, 19 May 2009 18:35:49 +0000 (UTC) (envelope-from monitor@1stnewsletters.com) Received: from mail pickup service by smtp.1stinfosystems.com with Microsoft SMTPSVC; Tue, 19 May 2009 11:35:34 -0700 From: "David B. Kagan, DMD" X-NEWSLETTER1R: pTmmgXO3F4C78zgpFlpFOOcGt+c= X-NEWSLETTER2A: 000035225 To: "freebsd-isp@freebsd.org" Message-ID: Date: Tue, 19 May 2009 11:34:53 -0700 MIME-Version: 1.0 X-OriginalArrivalTime: 19 May 2009 18:35:34.0834 (UTC) FILETIME=[98EDE120:01C9D8B0] Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Beach Barbeque X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: appointment.dcbr@snappydsl.net, d4b8k557@aol.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 May 2009 18:35:55 -0000 Beach Barbeque & Fireworks = Dr Kagan and Team Saturday July 4th, 2009 =20 = In appreciation for all of our loyal p= atients, their families=20 = and friends we would love you to= share a beach=20 = barbeque with us=2E = Location: 800 Briny Ave, Pompano= Beach = Time: 5pm =96 =91til firewor= ks ends!! = Please RSVP by June 27th by phon= e: 561-487-4440 From owner-freebsd-isp@FreeBSD.ORG Fri May 22 09:06:54 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D4AC7106566B for ; Fri, 22 May 2009 09:06:54 +0000 (UTC) (envelope-from tonix@interazioni.it) Received: from mx02.interazioni.net (mx02.interazioni.net [80.94.114.204]) by mx1.freebsd.org (Postfix) with ESMTP id 279368FC08 for ; Fri, 22 May 2009 09:06:53 +0000 (UTC) (envelope-from tonix@interazioni.it) Received: (qmail 74939 invoked by uid 88); 22 May 2009 09:06:51 -0000 Received: from unknown (HELO ?192.168.56.198?) (tonix@interazioni.it@85.18.206.139) by relay.interazioni.net with ESMTPA; 22 May 2009 09:06:51 -0000 Message-ID: <4A166B29.1070202@interazioni.it> Date: Fri, 22 May 2009 11:06:49 +0200 From: "Tonix (Antonio Nati)" User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Subject: Avoiding source code on production servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2009 09:06:55 -0000 I'm in the phase of planning my new generation of FreeBSD servers, and I would love to make them more easy to upgrade. Main problem I have currently is I do not want any source code on production server, so freebsd-update is welcome, but... what about packages? I would use packages, but they are not easy to upgrade, while ports can be easy to upgrade, but need to have sources an servers. What do you suggest me? What is currently done on other environments? Thanks, Tonino -- ------------------------------------------------------------ Inter@zioni Interazioni di Antonio Nati http://www.interazioni.it tonix@interazioni.it ------------------------------------------------------------ From owner-freebsd-isp@FreeBSD.ORG Fri May 22 10:30:16 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 217DE1065672 for ; Fri, 22 May 2009 10:30:16 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: from mail-fx0-f168.google.com (mail-fx0-f168.google.com [209.85.220.168]) by mx1.freebsd.org (Postfix) with ESMTP id A0CDC8FC1F for ; Fri, 22 May 2009 10:30:15 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: by fxm12 with SMTP id 12so1629909fxm.43 for ; Fri, 22 May 2009 03:30:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=vMyRYngw/2lisY1HrUl3pgauZWaGeYj6eUtUsKR2rkw=; b=dtjCJrIgKYyXZZXzG0nj83iY3utzLnxbmz/V1umb7BkDbQiL/ArTWA8OON7FvASXP2 6/n9QxwU576n4p5Ktsabl6ql+8kKKy6iubzrMzIm5hPZMgmy2Enmr8+0dOsJn62wmKsn XRHCzybzCLp+Iul6RsYFFqjsy1yYDFAJ6PNBI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=vEc3NQpWWDopLh2wg0Ugn3JbSigcOoUBmLp+QUxABHUjYWOGuMLJY+HtaP4/mKa9Yi SK3Qzbv1y3VBH1cdtzRAwXcqcWDSf1ReP5wqBL+1f8OeZV24Bvf7wl9g5cVsC4w2dQtU lqFN3vN42Ml40t41+/6NIsW2/JJDXEeChST7g= MIME-Version: 1.0 Received: by 10.223.114.208 with SMTP id f16mr2173994faq.91.1242987009944; Fri, 22 May 2009 03:10:09 -0700 (PDT) In-Reply-To: <4A166B29.1070202@interazioni.it> References: <4A166B29.1070202@interazioni.it> Date: Fri, 22 May 2009 13:10:09 +0300 Message-ID: <991123400905220310hec8f311kca96583e062d1d1b@mail.gmail.com> From: =?UTF-8?B?T2RoaWFtYm8gIOODr+OCt+ODs+ODiOODsw==?= To: "Tonix (Antonio Nati)" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-isp@freebsd.org Subject: Re: Avoiding source code on production servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2009 10:30:16 -0000 On Fri, May 22, 2009 at 12:06 PM, Tonix (Antonio Nati) wrote: > I'm in the phase of planning my new generation of FreeBSD servers, and I > would love to make them more easy to upgrade. > Main problem I have currently is I do not want any source code on > production server, so freebsd-update is welcome, but... what about packages? > I would use packages, but they are not easy to upgrade, while ports can be > easy to upgrade, but need to have sources an servers. > > What do you suggest me? What is currently done on other environments? Chicken & Egg situation there! -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Clothes make the man. Naked people have little or no influence on society." -- Mark Twain From owner-freebsd-isp@FreeBSD.ORG Fri May 22 11:20:05 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A3748106566C for ; Fri, 22 May 2009 11:20:05 +0000 (UTC) (envelope-from bsam@kfs.ru) Received: from kfs.ru (kfs.kfs.ru [194.186.81.194]) by mx1.freebsd.org (Postfix) with ESMTP id 53B4E8FC0A for ; Fri, 22 May 2009 11:20:05 +0000 (UTC) (envelope-from bsam@kfs.ru) Received: from bsam by kfs.ru with local (Exim 4.67 (FreeBSD)) (envelope-from ) id 1M7SHr-000Bt3-26; Fri, 22 May 2009 14:47:39 +0400 To: "Tonix (Antonio Nati)" References: <4A166B29.1070202@interazioni.it> From: Boris Samorodov Date: Fri, 22 May 2009 14:47:39 +0400 In-Reply-To: <4A166B29.1070202@interazioni.it> (tonix@interazioni.it's message of "Fri, 22 May 2009 11:06:49 +0200") Message-ID: <79934372@serv3.int.kfs.ru> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: "Boris B. Samorodov" Cc: freebsd-isp@freebsd.org Subject: Re: Avoiding source code on production servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2009 11:20:05 -0000 On Fri, 22 May 2009 11:06:49 +0200 Tonix (Antonio Nati) wrote: > I'm in the phase of planning my new generation of FreeBSD servers, and > I would love to make them more easy to upgrade. > Main problem I have currently is I do not want any source code on > production server, so freebsd-update is welcome, but... what about > packages? > I would use packages, but they are not easy to upgrade, while ports > can be easy to upgrade, but need to have sources an servers. > What do you suggest me? What is currently done on other environments? We use ports-mgmt/tinderbox to build custom packages and then install them via "portupgrade -PP". But we are planning to switch to pkg_upgrade from sysutils/bsdadminscripts for package upgrading. The latter needs only INDEX file fetched from a package server. WBR -- bsam From owner-freebsd-isp@FreeBSD.ORG Fri May 22 11:24:06 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2E449106564A for ; Fri, 22 May 2009 11:24:06 +0000 (UTC) (envelope-from "e1019@network-i.net"@relay.network-i.net) Received: from relay.network-i.net (relay.network-i.net [212.21.121.179]) by mx1.freebsd.org (Postfix) with ESMTP id E97A48FC1C for ; Fri, 22 May 2009 11:24:05 +0000 (UTC) (envelope-from "e1019@network-i.net"@relay.network-i.net) Received: from nat1.network-i.net ([212.21.99.52] helo=[10.1.1.134]) by relay.network-i.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <"e1019@network-i.net"@relay.network-i.net>) id 1M7SQn-000PKC-GY; Fri, 22 May 2009 11:56:53 +0100 Message-ID: <4A1684E7.4050108@thingy.com> Date: Fri, 22 May 2009 11:56:39 +0100 From: Howard Jones User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: "Tonix (Antonio Nati)" References: <4A166B29.1070202@interazioni.it> In-Reply-To: <4A166B29.1070202@interazioni.it> Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Sender: "e1019@network-i.net"@relay.network-i.net Cc: freebsd-isp@freebsd.org Subject: Re: [freebsd-isp] Avoiding source code on production servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2009 11:24:06 -0000 Tonix (Antonio Nati) wrote: > I'm in the phase of planning my new generation of FreeBSD servers, and > I would love to make them more easy to upgrade. > Main problem I have currently is I do not want any source code on > production server, so freebsd-update is welcome, but... what about > packages? > I would use packages, but they are not easy to upgrade, while ports > can be easy to upgrade, but need to have sources an servers. > > What do you suggest me? What is currently done on other environments? We have a local build server, which is the source for PXE installation of FreeBSD with our chosen set of packages, and also the server that builds local packages (things that don't have packages in the standard distro). It doesn't have to be anything fancy, and in fact ours is a VM since it gets used fairly rarely. I haven't got a nice way to do distribution of the packages though (like portsnap/freebsd-update/yum). That would make it more useful! As it is, we still update servers the 'old way'. From owner-freebsd-isp@FreeBSD.ORG Fri May 22 14:45:20 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C9FE91065670 for ; Fri, 22 May 2009 14:45:20 +0000 (UTC) (envelope-from ericx@ericx.net) Received: from vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.freebsd.org (Postfix) with ESMTP id 9CCEF8FC16 for ; Fri, 22 May 2009 14:45:20 +0000 (UTC) (envelope-from ericx@ericx.net) Received: from localhost (loopback [127.0.0.1]) by vineyard.net (Postfix) with ESMTP id 83E809151D; Fri, 22 May 2009 10:28:05 -0400 (EDT) X-Virus-Scanned: by AMaViS-king1 at Vineyard.NET Received: from vineyard.net ([127.0.0.1]) by localhost (king1.vineyard.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id DPl9V853O8mq; Fri, 22 May 2009 10:28:05 -0400 (EDT) Received: from [204.17.195.104] (fortiva.vineyard.net [204.17.195.104]) by vineyard.net (Postfix) with ESMTPA id 3DD5991516; Fri, 22 May 2009 10:28:05 -0400 (EDT) Message-ID: <4A16B65F.4080603@ericx.net> Date: Fri, 22 May 2009 10:27:43 -0400 From: "Eric W. Bates" User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: "Tonix (Antonio Nati)" References: <4A166B29.1070202@interazioni.it> In-Reply-To: <4A166B29.1070202@interazioni.it> Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Avoiding source code on production servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2009 14:45:21 -0000 Tonix (Antonio Nati) wrote: > I'm in the phase of planning my new generation of FreeBSD servers, and I > would love to make them more easy to upgrade. > Main problem I have currently is I do not want any source code on > production server, so freebsd-update is welcome, but... what about > packages? > I would use packages, but they are not easy to upgrade, while ports can > be easy to upgrade, but need to have sources an servers. No source is a nice ideal; but you may not be able to stick to that and still get what you need. e.g. you may not want to always have the default options for every port. Just off the top of my head, I like SSL and English collation for mysql. You might consider using a single machine as your build machine and rsync your binaries out of it. If you really want to get rigorous and are maintaining a number of machines, then cfengine might help. > What do you suggest me? What is currently done on other environments? > > Thanks, > > Tonino > -- Eric W. Bates ericx@ericx.net (please note new address) From owner-freebsd-isp@FreeBSD.ORG Fri May 22 17:14:49 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 107DC106566C for ; Fri, 22 May 2009 17:14:49 +0000 (UTC) (envelope-from fb-isp@psconsult.nl) Received: from mx1.psconsult.nl (psc11.adsl.iaf.nl [80.89.238.138]) by mx1.freebsd.org (Postfix) with ESMTP id 50ECC8FC17 for ; Fri, 22 May 2009 17:14:47 +0000 (UTC) (envelope-from fb-isp@psconsult.nl) Received: from mx1.psconsult.nl (localhost [80.89.238.138]) by mx1.psconsult.nl (8.14.2/8.14.2) with ESMTP id n4MGlJYV084412 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 22 May 2009 18:47:24 +0200 (CEST) (envelope-from fb-isp@psconsult.nl) Received: (from paul@localhost) by mx1.psconsult.nl (8.14.2/8.14.2/Submit) id n4MGlJZN084411 for freebsd-isp@freebsd.org; Fri, 22 May 2009 18:47:19 +0200 (CEST) (envelope-from fb-isp@psconsult.nl) Date: Fri, 22 May 2009 18:47:19 +0200 From: Paul Schenkeveld To: freebsd-isp@freebsd.org Message-ID: <20090522164719.GA83655@psconsult.nl> Mail-Followup-To: freebsd-isp@freebsd.org References: <4A166B29.1070202@interazioni.it> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4A166B29.1070202@interazioni.it> User-Agent: Mutt/1.5.17 (2007-11-01) Subject: Re: Avoiding source code on production servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2009 17:14:49 -0000 On Fri, May 22, 2009 at 11:06:49AM +0200, Tonix (Antonio Nati) wrote: > I'm in the phase of planning my new generation of FreeBSD servers, and I > would love to make them more easy to upgrade. > Main problem I have currently is I do not want any source code on > production server, so freebsd-update is welcome, but... what about > packages? > I would use packages, but they are not easy to upgrade, while ports can be > easy to upgrade, but need to have sources an servers. > > What do you suggest me? What is currently done on other environments? I've spent a lot of time over the last three years trying to automate maintenance of source-free servers. Ports are a real challenge. Other work with embedded systems (Soekris) has brought me the idea of using nanobsd(8) for servers. Although it may sound strange at first, experiments I'm currently undertaking give very promising results. The operating system and all ports are put into a read-only mounted root filesystem. /etc is a malloc-backed memory filesystem which gets filled by "standard" /etc contents part copied into /conf/base/etc in the root filesystem and then gets overlayed by modified files which are saved in a separate /cfg filesystem that you can mount read-write when changing configuration. /var, /home and other filesystems with user data are normal rw filesystems. Each server has two slices holding a root filesystem each, one is active and the other will be used to upload a new image when upgrading or adding software. After upgrading this alternate root slice you have to reboot the server so if you cannot tolerate a reboot, nanobsd is not for you. A roll-back is very easy if the new root does not satisfy you, just reboot and select the old slice to boot. Many of my servers have all applications hidden in jails, this makes this solution even easier as the host operating system ususally is very small on such servers. Each jail can be maintained and upgraded in a similar way, I keep a spare jail around to prepare the upgeade of / and /usr parts of application jails, stopping and restarting an application jail with the new /+/usr slice upgrades the software in the jail, rollbacks are easy as well. -- Paul Schenkeveld From owner-freebsd-isp@FreeBSD.ORG Fri May 22 22:18:05 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 53A961065677 for ; Fri, 22 May 2009 22:18:05 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from zoom.lafn.org (zoom.lafn.ORG [206.117.18.8]) by mx1.freebsd.org (Postfix) with ESMTP id 33E168FC15 for ; Fri, 22 May 2009 22:18:05 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from [10.0.1.4] (pool-71-109-162-173.lsanca.dsl-w.verizon.net [71.109.162.173]) (authenticated bits=0) by zoom.lafn.org (8.14.3/8.14.2) with ESMTP id n4MLhc5a099614 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 22 May 2009 14:43:38 -0700 (PDT) (envelope-from bc979@lafn.org) Message-Id: <3B06A176-1B66-4858-B67B-2D9D832B2104@lafn.org> From: Doug Hardie To: Tonix (Antonio Nati) In-Reply-To: <4A166B29.1070202@interazioni.it> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v935.3) Date: Fri, 22 May 2009 14:43:37 -0700 References: <4A166B29.1070202@interazioni.it> X-Mailer: Apple Mail (2.935.3) X-Virus-Scanned: clamav-milter 0.95.1 at zoom.lafn.org X-Virus-Status: Clean Cc: freebsd-isp@freebsd.org Subject: Re: Avoiding source code on production servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 May 2009 22:18:05 -0000 On 22 May 2009, at 02:06, Tonix (Antonio Nati) wrote: > I'm in the phase of planning my new generation of FreeBSD servers, > and I would love to make them more easy to upgrade. > Main problem I have currently is I do not want any source code on > production server, so freebsd-update is welcome, but... what about > packages? > I would use packages, but they are not easy to upgrade, while ports > can be easy to upgrade, but need to have sources an servers. I maintain one, non-production, servers whose role is to keep the source and build the production kernels, userland, and ports. /usr/ src, /usr/ports, and /usr/obj are setup for NFS access. The production servers have empty directories for /usr/src, /usr/obj, and / usr/ports. For an upgrade I nfs mount those and do the upgrade. For locally developed software, it is maintained and tested on the non- production server. When its ready, there is a makefile entry for each production server that rcps the binary to the production server. This also helps in backups because the production servers only need to have their application data backed up. All the system/port backups are done on the non-production server. From owner-freebsd-isp@FreeBSD.ORG Sat May 23 15:09:24 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5DD96106564A for ; Sat, 23 May 2009 15:09:24 +0000 (UTC) (envelope-from neil@neely.cx) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.30]) by mx1.freebsd.org (Postfix) with ESMTP id 20A408FC15 for ; Sat, 23 May 2009 15:09:23 +0000 (UTC) (envelope-from neil@neely.cx) Received: by yx-out-2324.google.com with SMTP id 8so1391007yxb.13 for ; Sat, 23 May 2009 08:09:23 -0700 (PDT) Received: by 10.100.109.13 with SMTP id h13mr9476096anc.16.1243089370493; Sat, 23 May 2009 07:36:10 -0700 (PDT) Received: from ?216.17.141.130? (ip-216-17-141-130.rev.frii.com [216.17.141.130]) by mx.google.com with ESMTPS id b7sm6270053ana.17.2009.05.23.07.36.08 (version=SSLv3 cipher=RC4-MD5); Sat, 23 May 2009 07:36:09 -0700 (PDT) Message-ID: <4A1809E2.8020608@neely.cx> Date: Sat, 23 May 2009 08:36:18 -0600 From: Neil Neely User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: "Tonix (Antonio Nati)" References: <4A166B29.1070202@interazioni.it> In-Reply-To: <4A166B29.1070202@interazioni.it> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Avoiding source code on production servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 May 2009 15:09:24 -0000 Tonix (Antonio Nati) wrote: > I'm in the phase of planning my new generation of FreeBSD servers, and > I would love to make them more easy to upgrade. > Main problem I have currently is I do not want any source code on > production server, so freebsd-update is welcome, but... what about > packages? > I would use packages, but they are not easy to upgrade, while ports > can be easy to upgrade, but need to have sources an servers. The weakness of FreeBSD here is very unfortunate and IMO goes far beyond just source vs binary distribution. Working in a mixed environment where we have begun heavily using CentOS and utilizing yum it's obvious how far behind FreeBSD has fallen in this space. Ports lack any kind of concept of "Long Term Stable", so if you are running anything in ports (like say perl...) then when a security issue comes out you end up having to install new versions - the default is not to patch the older versions. For non-production environments that is likely fine, but for major production services it is a painful scenario. So you aren't just fixing security you are mixing in the concept of adjusting functionality as well. (A recent perl "security" upgrade moved perl to a new version which broke compatibility with the Crypt::CBC module requiring a reinstall - the new version of that from ports forced salting when it hadn't previously and now applications were needing to be recoded to get it all working again.) At the end of the day FreeBSD of course lets you have all the power to just apply the patches yourself to the source and you would be fine. At the cost that you need to be doing all of this work yourself and can't rely on nice management tools to help you. Every problem I've ever encountered with FreeBSD can be easily handled by a FreeBSD expert - but when I bring in a new green admin they have a heck of a time making any sense of it and I'm drug back into the trenches of managing all this. Why the contrast is extra frustrating is that it takes considerable skill and understanding of the details of an environment to safely update a production FreeBSD server. Contrast this with CentOS where an extremely green admin can easily manage it with minimal instruction. Unlike with the FreeBSD process this has no risk that it will cause cascading complex issues that require application modification to restore them to operation. I've been using FreeBSD since the 2.x days in '96 or so, and I love it - my tone is critical because I'm sad to see the state of things and doubly sad that I don't have the time to volunteer with the project to help do something about it. In most ways I consider FreeBSD superior to any linux, however this core issue of maintenance over time has been driving our shift to using CentOS over the last few years. If a "Long Term Stable Port Tree" concept were to come along I think that would plug the hole here. While I lack the time to lead such a charge, I would be happy to assist if such an effort were to get launched. -- Neil Neely http://neil-neely.blogspot.com/ From owner-freebsd-isp@FreeBSD.ORG Sat May 23 21:31:17 2009 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 890981065670 for ; Sat, 23 May 2009 21:31:17 +0000 (UTC) (envelope-from martes@mgwigglesworth.com) Received: from mail.mgwigglesworth.com (mail.mgwigglesworth.net [75.146.26.81]) by mx1.freebsd.org (Postfix) with ESMTP id 451F68FC26 for ; Sat, 23 May 2009 21:31:17 +0000 (UTC) (envelope-from martes@mgwigglesworth.com) To: Neil Neely Date: Sat, 23 May 2009 17:30:11 -0400 References: <4A166B29.1070202@interazioni.it> <4A1809E2.8020608@neely.cx> Message-ID: <0000071356@mail.mgwigglesworth.com> From: "martes" MIME-Version: 1.0 X-Mailer: WebCit 7.37 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-isp@freebsd.org, "Tonix \(Antonio Nati\)" Subject: Re: Avoiding source code on production servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 May 2009 21:31:17 -0000 Greetings All. I have just begun to have time to fully investigate this type of topic. =20= Have you not seen it worth the time to apply a patch in a custom package,= or creation of such packages in general to resolve these type of issues? I may be off the target however, I just wanted to know what type of milag= e anyone may have gotten from using a test system for kernel builds ,etc as= has been suggested, and is most likely the case for many, including me, howev= er to use the builds to generate your own customized pkgs to install on inci= dent systems to facilitate patches, etc.... =20 How does that solution sound? I have not had a chance to test this howev= er, I thought I saw such a solution on a very old archive when researching automation of kernel builds/installs, and automating system installation using packages. =20 Any thouhgts?=20 >Sat May 23 2009 10:36:18 EDT from Neil Neely to "Tonix (Antonio Nati)" =20= >Subject: Re: Avoiding source code on production servers > >Tonix (Antonio Nati) wrote: > >>> I'm in the phase of planning my new generation of FreeBSD servers, an= d >>> I would love to make them more easy to upgrade. >>> Main problem I have currently is I do not want any source code on >>> production server, so freebsd-update is welcome, but... what about >>> packages? >>> I would use packages, but they are not easy to upgrade, while ports >>> can be easy to upgrade, but need to have sources an servers. >> >The weakness of FreeBSD here is very unfortunate and IMO goes far beyond= >just source vs binary distribution. Working in a mixed environment >where we have begun heavily using CentOS and utilizing yum it's obvious >how far behind FreeBSD has fallen in this space. Ports lack any kind of= >concept of "Long Term Stable", so if you are running anything in ports >(like say perl...) then when a security issue comes out you end up >having to install new versions - the default is not to patch the older >versions. For non-production environments that is likely fine, but for >major production services it is a painful scenario. So you aren't just >fixing security you are mixing in the concept of adjusting functionality= >as well. > >(A recent perl "security" upgrade moved perl to a new version which >broke compatibility with the Crypt::CBC module requiring a reinstall - >the new version of that from ports forced salting when it hadn't >previously and now applications were needing to be recoded to get it all= >working again.) > >At the end of the day FreeBSD of course lets you have all the power to >just apply the patches yourself to the source and you would be fine. At= >the cost that you need to be doing all of this work yourself and can't >rely on nice management tools to help you. Every problem I've ever >encountered with FreeBSD can be easily handled by a FreeBSD expert - but= >when I bring in a new green admin they have a heck of a time making any >sense of it and I'm drug back into the trenches of managing all this. > >Why the contrast is extra frustrating is that it takes considerable >skill and understanding of the details of an environment to safely >update a production FreeBSD server. Contrast this with CentOS where an >extremely green admin can easily manage it with minimal instruction. >Unlike with the FreeBSD process this has no risk that it will cause >cascading complex issues that require application modification to >restore them to operation. > >I've been using FreeBSD since the 2.x days in '96 or so, and I love it -= >my tone is critical because I'm sad to see the state of things and >doubly sad that I don't have the time to volunteer with the project to >help do something about it. In most ways I consider FreeBSD superior to= >any linux, however this core issue of maintenance over time has been >driving our shift to using CentOS over the last few years. If a "Long >Term Stable Port Tree" concept were to come along I think that would >plug the hole here. While I lack the time to lead such a charge, I >would be happy to assist if such an effort were to get launched. > >-- >Neil Neely >http://neil-neely.blogspot.com/ > >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > >