building a distribution server

Jonathan McKeown jonathan+freebsd-questions at
Sat Apr 5 15:45:02 UTC 2008

On Saturday 05 April 2008 04:23, Steel City Phantom wrote:
> i have about 10 production servers that i want to upgrade to bsd 7 and
> update all their ports in one shot.  the problem is the down time.  im
> wrapping up upgrading a 6.3 to 7 and its taken over 7 hours so far.  thats
> way too long for our machines to be down.

> the biggest slow down is the downloading of files.  just sitting watching
> things i would say 70% of the time is downloading files.  is there a way
> where i can build a distribution server that has everything i could
> possibly need to upgrade a machine from any 6.x to 7.0 and redo all the
> ports on that machine and have a cron job keep everything up to date on
> that server and when i upgrade a new machine, it simply goes to my internal
> distribution server to get the files.

I have a fast machine which has the source and ports trees on it. It also has 
the kernel configurations for all the machines I use (GENERIC, SMP, and two 
others, IPFWD for a firewall which does IP forwarding and SERIAL for a box 
which has a multiport serial card in it).

That box doesn't do anything else.

In its /etc/make.conf is the line


which has the effect of building all four kernels but installing the 
first-mentioned. Other boxes have their KERNCONF set in make.conf and only 
need to make installkernel after the build box has finished to get the 
appropriate one.

It also has a full ports tree and I have created the directory
/usr/ports/packages (it gets messy if you don't).

All the other boxes mount /usr/src, /usr/obj and /usr/ports over NFS. They all 
use portupgrade which is configured to use /usr/bin/false to fetch packages 
instead of /usr/bin/fetch. They are also configured to build ports locally 
but store distfiles and packages on the NFS server.

When I build and install a port, I use

portupgrade -NRPp

which upgrades ports, installing if necessary and building requirements as 
well (-N -R). It checks for a package in /usr/ports/packages (-P); if it 
can't find it it checks the 'Net using /usr/bin/false (which of course fails 
immediately) and then builds from source, creating a package at the end (-p).

This means each port gets downloaded once, and then built once if it can be 
packaged - but it also deals with ports that can't be packaged, like 

By not using -P you can also build the port separately with different options 
on different machines.


More information about the freebsd-questions mailing list