From owner-freebsd-questions@freebsd.org Tue Mar 17 14:10:22 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C94842677DA for ; Tue, 17 Mar 2020 14:10:22 +0000 (UTC) (envelope-from SRS0=XYX3=5C=perdition.city=julien@bebif.be) Received: from orval.bbpf.belspo.be (orval.bbpf.belspo.be [193.191.208.90]) by mx1.freebsd.org (Postfix) with ESMTP id 48hZnS5NnDz4Vy4 for ; Tue, 17 Mar 2020 14:10:20 +0000 (UTC) (envelope-from SRS0=XYX3=5C=perdition.city=julien@bebif.be) Received: from x1 (unknown [77.109.101.182]) by orval.bbpf.belspo.be (Postfix) with ESMTPSA id 61B271D4FC19; Tue, 17 Mar 2020 15:10:18 +0100 (CET) Date: Tue, 17 Mar 2020 15:10:16 +0100 From: Julien Cigar To: Victor Sudakov Cc: freebsd-questions@freebsd.org Subject: Re: Technological advantages over Linux Message-ID: <20200317141016.GF1183@x1> References: <20200215141238.GY1879@aurora.gregv.net> <20200316110246.GB95052@admin.sibptus.ru> <20200316114638.GD1410@belspo> <20200317050226.GC19098@admin.sibptus.ru> <20200317093122.GB1183@x1> <20200317134454.GA31413@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20200317134454.GA31413@admin.sibptus.ru> X-Rspamd-Queue-Id: 48hZnS5NnDz4Vy4 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of SRS0=XYX3=5C=perdition.city=julien@bebif.be designates 193.191.208.90 as permitted sender) smtp.mailfrom=SRS0=XYX3=5C=perdition.city=julien@bebif.be X-Spamd-Result: default: False [-4.07 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.63)[-0.630,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[perdition.city]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[90.208.191.193.list.dnswl.org : 127.0.10.0]; IP_SCORE(-3.04)[ip: (-9.01), ipnet: 193.191.192.0/19(-4.50), asn: 2611(-1.65), country: BE(-0.02)]; FORGED_SENDER(0.30)[julien@perdition.city,SRS0=XYX3=5C=perdition.city=julien@bebif.be]; RCVD_NO_TLS_LAST(0.10)[]; MIME_TRACE(0.00)[0:+]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:2611, ipnet:193.191.192.0/19, country:BE]; MID_RHS_NOT_FQDN(0.50)[]; FROM_NEQ_ENVFROM(0.00)[julien@perdition.city,SRS0=XYX3=5C=perdition.city=julien@bebif.be]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Mar 2020 14:10:23 -0000 On Tue, Mar 17, 2020 at 08:44:54PM +0700, Victor Sudakov wrote: > Julien Cigar wrote: > > > > > I've just come across two related things which may convince me to > > > > > migrate some machines from FreeBSD to Debian. > > > > > > > > > > 1. On Debian, you can run several instances of php-fpm with different > > > > > PHP versions in them. > > > > > > > > > > 2. On Debian, you can install and run several versions of PostgreSQL > > > > > simultaneously thanks to the pg_createcluster/pg_lsclusters/... > > > > > infrastructure. > > > > > > > > > > All that from standard packages, without manual compiling and tweaking, > > > > > jails etc, with minimal effort. > > > > > > > > that's true, but once you setup a dedicated Poudriere machine, > > > > > > I do have a dedicated Poudriere machine. It can *build* different > > > versions and combinations of PHP/whatever (even that not always unless > > > you build separate -z sets with different make.conf files), > > > unfortunately you cannot *install* them simultaneously. > > > > > > > that all > > > > your deployments are happening in jails, > > > > > > *All" deployments in jails is an overkill. > > > > > > > why? jails are so lightweight and are created almost instantly.. > > But upgraded and updated painfully. I still see nightmares about ezjail > on our web-hosting server. Yes, ezjail is quite old and should probably not be used nowadays, at least not in new deployments. Now with tons of jails it is impossible to upgrade (I mean from one -RELEASE to another) them manually, and what you should try to achieve is to be able to destroy the jails and re-recreate them with one command, including the application. For that a good practice is to store the generated files on the HOST (or NFS or ...) and nullfs mount the "data dir" in the jail, so that you could rm -rf (or zfs destroy ...) the jail while retaining the data. > > However, I've learnt in this thread of new tools emerging: > sysutils/{iocage,pot,bastille}. So maybe there is hope yet. > I never tried those tools so I can't comment, but it's relatively easy to do that manually and use /etc/jail.conf (I'm using a SaltStack formula for this) > > > > > Using jails will be especially counterproductive in case of PostgreSQL > > > because you will not be able to do smart things like > > > "pg_update --link --old-datadir XXX --new-datadir YYY". > > > > there are workarounds, see 20190829 un ports/UPDATING for an example. > > You are right, these are provisional workarounds, while in Debian you > can *run* different instances of different versions simultaneously, they > all will be managed by systemd, started/stopped as regular services etc. > > > > > that you use some CMS (like > > > > SaltStack), and that everything is based on ZFS it's a *lot* easier to > > > > maintain on the long term, and you have a lot of flexibility. I think > > > > > > I don't quite agree with you. Keeping multiple jails in an updated > > > state, and building multiple Poudriere sets (combination of packages) > > > for all your service jails is a huge administrative overhead best > > > avoided when not absolutely necessary. > > > > that's what I'm doing here and it's perfectly manageable (with > > SaltStack).. > > Is SaltStack something like ansible? > Yes, but slightly different. It is more flexible IMHO and you have a full orchestration layer which works like a charm. You can also fire "events" on the 0MQ bus and "react" with powerful orchestration scripts > -- > Victor Sudakov, VAS4-RIPE, VAS47-RIPN > 2:5005/49@fidonet http://vas.tomsk.ru/ -- Julien Cigar Belgian Biodiversity Platform (http://www.biodiversity.be) PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced.