Wisdom of automating upgrades

Bill Moran wmoran at potentialtech.com
Tue Jun 8 07:25:49 PDT 2004 

Peter Risdon <peter at circlesquared.com> wrote:

> The main cost of having computers for most companies lies not in 
> software or hardware, but in support. I have been pondering the wisdom 
> of automating the upgrade process, so that sources are cvsup'ed nightly 
> and make buildworld buildkernel etc and portupgrade happen overnight 
> maybe once a week or month - and perhaps every day a security fix is 
> announced.
> 
> Windows and Mac users are accustomed to automatic software updates on 
> server products as well as desktops, so there is a competitive issue 
> here. I've persuaded a number of companies to switch to FreeBSD and want 
> to ensure the commercial logic of doing so is as complete as possible.
> 
> cvsup'ing overnight is routine and fine.
> 
> The make build/install stuff seems a bit more delicate. I'm happy that I 
> have figured out how to automate this, but not _whether_ I should do so. 
> I am of course only considering tracking RELENG_4 at this stage.

Why not just cvsup/buildworld/buildkernel nightly, and monitor the FreeBSD
security advisory list.  When a security problem is found, you only have to
installworld/installkernel, which is usually pretty quick.

> Ports are perhaps more likely to be problematic (though less likely to 
> be a blocker to remote fixing than a failure to boot). Having said that, 
> deprecation of versions and ports is fairly rare and keeping track of a 
> small group in common use is feasible.
> 
> I'd be grateful for any input on this. I can picture waking up to find 
> that every machine I administrate is simultaneously *#!$%ed one morning. 
> On the other hand, I like to provide the best value I can for clients 
> and at the moment I have to charge for my time whenever an upgrade is 
> necessary.

Install portaudit, which will include nightly audits of port problems in your
daily run email.  This takes the guesswork out of when to upgrade.  By cvsupping
the ports nightly, you only have to run portupgrade to get things updated.

Because of the dependencies in ports (which can get rather complex) I wouldn't
recommend automatically doing much with ports.

BTW: the "automatic upgrades" thing that Mac and Windows claim is a lie.  First
off, it doesn't include installed software, so you can't compare it to ports.
Secondly, most large companies that I'm aware of do NOT install Windows updates
until they've tested the changes in the lab to ensure that said changes don't
break more than they fix.  On that count, I think FreeBSD is just as good, or
better, than Windows or Mac.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com

More information about the freebsd-questions mailing list