src update without console access

[Per Engelbrecht]

Hi Bill

>> When running 'installworld',  'mergemaster -p' and 'mergemaster'
>> the server needs to be in single-user mode.
>
> Recommended but not needed.

sysctl kern.securelevel value >0 should determin that. That I was told
in a previous mail and fbsd documentation back's it up.
-1, 0 = ok with multi-user
1, 2= single-user only


> I only manage a handful of servers and I've not had to go to the
> colo for any work.  I do make sure someone is there >IF< things go
> wrong.
>
> The only time there was a problem was one older mobo that always
> had the control keyboard connected and someone decided to stick
> that on aother machine.
>
>> That is not possible for out customers! They often sit on the
>> other side of the world on a ssh connection and in single-user
>> mode you don't have ssh.That's the problem!
>
> I run the buildworld and buildkernel under nohup so I have a
> complete lot.  I start them up, and then log out, and check later
> for any errors.

nohup ? (sounds like a make.conf thing)

> I then install the kernel and hope it comes up.  That part has
> never failed for me.


> The problem is that you have no control over what your customers do
> and they could easily modify things and wind up with a non-booting
> kernel.
>
> Perhaps it would be good to set a policy so that customers notify
> you when they are going to reinstall and have them do that only
> when data center operators are there to copy the old kernel back
> to a running one so the customer can sort things out.

Our admin./install-setup (PXE / Java) is quite impressive. Customers can
make cold/warm reboot's, power off/on(!), make reinstalls of same or
other OS's, make backups and can get all kind of informations on their
system(if they don't disable it from their default install). Customers
get a mail on reinstall and reboot events. We have a log (from the PXE
part) where we can see reinstalls and OS version on each node.

All in all our customers are give a lot of options/features that make
their lifes easier and documentation on top of that. My major concern
was the src upgrade part. It's "fix'ed" now.

> When I do the remote updated [almost always after 1AM] I'm down for
> about 2 minutes rebooting the new kernel. Then I perform
> the installworld, then run mergemaster, then a second reboot.
>
> So down time is about two periods of 2 minutes separated by
> a 1/2 hour time frame.  I can get to the facility in about
> 20 minutes after 1AM so maybe that's why I never have a problem.
> The machines must know that I can get there to fix them so they
> don't bother breaking :-)

:)

Thank you for your input Bill and thank you to all you guys that replied
on this thread.

respectfully
/per
per at xterm.dk

>
> Bill
>
>
> --
> Bill Vermillion - bv @ wjv . com