[nycbug-talk] enterprise bsd

[Pete Wright]

On Tue, Mar 08, 2005 at 03:51:00PM -0500, Bjorn Nelson wrote:
> All,
> 
> We have some redhat machines at work and I have been starting to use 
> the up2date and rhn services.  I am impressed with the ease of applying 
> security updates and it made me wonder what comparable things are 
> available to the freebsd (or bsd in general) realm.  For freebsd, I 
> already have an internal cvsup server, I use portupgrade, have exported 
> /usr/ports/distfiles, debated an export of /usr/ports and /usr/src, 
> have looked at freebsd-update, debated an export of all of /usr.  I am 
> trying to find a way to manage a large amount of machines from one 
> place.  I probably could just write something that sends pkg_version 
> output somewhere and then I parse that, but is there something already 
> built?  What have you guys and gals found favorable?  Can anyone 
> recommend the freebsd-update?  Are the sources trustworthy?
> 

It may be worth looking into using the ports tree, or even pkg_src, as
your main software deployment method.  You can build, test and version
on your master node then dist out known good versions to your client nodes
at night, via scripts or other utilites.  What you will end up doing is 
building .tgz's on the head node then on the client side run pkg_upgrade
or some such thing.  one good thing about pkg_src is that this method 
will also work with RH as well as with any other Unixen you have.  I've 
contemplated using a similar method to dist inhouse middleware to client 
nodes...altho at this point it's still in the contemplation phase ;)

as far as tracking security patches for the base system, again I think
it would be possible to have your head node track STABLE then during your
down day's I imagine one could just dist out your STABLE worlds to the 
client nodes.



-p



-- 
~~oO00Oo~~
Peter Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete
917.415.9866