Package management on many hosts

Anton Blajev - Valqk valqk at lozenetz.org
Thu Feb 1 10:12:03 UTC 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hmzz.. currently I manage a bunch of servers - 2-3 machines with 5-6
jails on each running.
I use make package-recursive on one single server and after that
I simply define PACKAGEROOT=http://172.16.4.6/ in the env of the shell.

after that
portupgrade -PP package-name
I prefer updating packages one-by-one because there are some failures
sometimes.

there is one more thing,
I upgrade only when there is a vuln. never for new version
except when a new feature will be used and upgrade is required.

Unfortunately I've never heard of solution you are looking for,
Andrew is right that the enterprise level of quite a lot of tasks
is not at needed level.

I'm looking forward to hear from you for such a nice tools, even
'a bunch of hacks' from the beginning the would be useful.

About the portaudit - if you are running jails, then there is
an app jailaudit, but I'm not sure that there is a remote servers
auditing tool.
As far as I've looked over the source of the jailaudit it's a
sh script that uses portaudit for every single jail.
Starting from this point it won't be very hard to make a script
using scp and portaudit on the same algorithm.

Please keep me up to date to your researches and tools.




Paul Chvostek wrote:
> So ... on the topic of large-scale FreeBSD deployment ...
> 
> How are people handling package version consistency in large groups of
> servers?  If you have a web farm with 10 hosts, plus 3 hosts in a QA
> farm, and you want to make sure you're using the same version everywhere
> and upgrading production to the version you tested last week in QA, do
> you just do it manually, perhaps using portdowngrade on each host, or
> installing binary packages built on one host?
> 
> Next, how are people dealing with portaudit info for groups of servers?
> Is the old standard of a cronjob for daily `portaudit -a` results still
> the best option?
> 
> I'm putting together some tools to help with this stuff, but I'd hate to
> duplicate a perfectly functional wheel.
> 
> Thanks.
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFwbYbzpU6eaWiiWgRAqAQAKDMWC31+qB4YsdpunJrFmW36mp++gCgh5uF
f8UR5imDMJThGaW56XKNUb8=
=yk/l
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the freebsd-ports mailing list