Hello,
I have a large number of machines (several hundred) that I am considering migrating from Ubuntu to FreeBSD. The one area where I need to decide on my approach is the area of package management.
I've read previous threads in this area of the forum, and the FreeBSD handbook, and it seems to me that the recommended approach to managing software is to use ports rather than packages. My concern is that if I need to roll out changes over a large number of machines, packages would be much much faster. Obviously there are not packages for everything I need, so I was considering building packages from ports on a build server, and serving them as packages, and installing them with pkg_add -r - so not using any of the precompiled versions - just whatever I built on the build server, tracking -STABLE. I was thinking I could keep on top of this process with portaudit and portmaster on the build server.
My fear is that the package management tools aren't really very clever and don't seem to handle reciprocal depencencies or even upgrades. It also seems to be the advice that packages shouldn't be upgraded in a piecemeal fashion, as this leads to dependency problems.
I'm wondering, then, if the best approach is actually to just rebuild the whole estate fairly regularly? Or upgrade the whole lot every so often.
This isn't ever so different from Solaris/SunOS patch clusters - wait for a while, then upgrade the whole lot all at once. It's just that with several hundred machines, this is a big job... and one which needs some orchestration to not be alarmingly manual.
Sorry if this is a little rambling - I'm still trying to get my thoughts clear on this. Am I on the right track, or have I missed a trick?
I have a large number of machines (several hundred) that I am considering migrating from Ubuntu to FreeBSD. The one area where I need to decide on my approach is the area of package management.
I've read previous threads in this area of the forum, and the FreeBSD handbook, and it seems to me that the recommended approach to managing software is to use ports rather than packages. My concern is that if I need to roll out changes over a large number of machines, packages would be much much faster. Obviously there are not packages for everything I need, so I was considering building packages from ports on a build server, and serving them as packages, and installing them with pkg_add -r - so not using any of the precompiled versions - just whatever I built on the build server, tracking -STABLE. I was thinking I could keep on top of this process with portaudit and portmaster on the build server.
My fear is that the package management tools aren't really very clever and don't seem to handle reciprocal depencencies or even upgrades. It also seems to be the advice that packages shouldn't be upgraded in a piecemeal fashion, as this leads to dependency problems.
I'm wondering, then, if the best approach is actually to just rebuild the whole estate fairly regularly? Or upgrade the whole lot every so often.
This isn't ever so different from Solaris/SunOS patch clusters - wait for a while, then upgrade the whole lot all at once. It's just that with several hundred machines, this is a big job... and one which needs some orchestration to not be alarmingly manual.
Sorry if this is a little rambling - I'm still trying to get my thoughts clear on this. Am I on the right track, or have I missed a trick?