Package management on many hosts
Anton Blajev - Valqk
valqk at lozenetz.org
Thu Feb 1 10:12:03 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hmzz.. currently I manage a bunch of servers - 2-3 machines with 5-6
jails on each running.
I use make package-recursive on one single server and after that
I simply define PACKAGEROOT=http://172.16.4.6/ in the env of the shell.
portupgrade -PP package-name
I prefer updating packages one-by-one because there are some failures
there is one more thing,
I upgrade only when there is a vuln. never for new version
except when a new feature will be used and upgrade is required.
Unfortunately I've never heard of solution you are looking for,
Andrew is right that the enterprise level of quite a lot of tasks
is not at needed level.
I'm looking forward to hear from you for such a nice tools, even
'a bunch of hacks' from the beginning the would be useful.
About the portaudit - if you are running jails, then there is
an app jailaudit, but I'm not sure that there is a remote servers
As far as I've looked over the source of the jailaudit it's a
sh script that uses portaudit for every single jail.
Starting from this point it won't be very hard to make a script
using scp and portaudit on the same algorithm.
Please keep me up to date to your researches and tools.
Paul Chvostek wrote:
> So ... on the topic of large-scale FreeBSD deployment ...
> How are people handling package version consistency in large groups of
> servers? If you have a web farm with 10 hosts, plus 3 hosts in a QA
> farm, and you want to make sure you're using the same version everywhere
> and upgrading production to the version you tested last week in QA, do
> you just do it manually, perhaps using portdowngrade on each host, or
> installing binary packages built on one host?
> Next, how are people dealing with portaudit info for groups of servers?
> Is the old standard of a cronjob for daily `portaudit -a` results still
> the best option?
> I'm putting together some tools to help with this stuff, but I'd hate to
> duplicate a perfectly functional wheel.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the freebsd-ports