Quick Question About Base Install

F

Fatman

Hi everyone,

I have a question regarding staying current in a production environment. I'm trying to build and keep a webserver uptodate using freebsd 7.2.

Here's the process i've been following:

Subscibe to http://lists.freebsd.org/mailman/listinfo/freebsd-announce

Install using minimum config + add man pages from cd.

Copy standard/ports cvsup files.

Code: 
#cp /usr/share/examples/cvsup/standard-supfile /
#cp /usr/share/examples/cvsup/ports-supfile /
Edit the files and to change the CVSUP to an available server.

Csup using each files.
Code: 
#csup -L 2 /standard-supfile
#csup -L 2 /ports-supfile

Build world
Code: 
#cd /usr/src
#make buildworld

Create custom kernel:
Code: 
#cp /usr/src/sys/i386/conf/Generic /usr/src/sys/i386/conf/www
#ee /usr/src/sys/i386/conf/www

Build and install kernel
Code: 
#make buildkernel KERNCONF=www
#make installkernel KERNCONF=www

reboot
Boot into single user mode

Code: 
#mergemaster -p
#cd /usr/src/
#make installworld
#mergemaster
#reboot

Followed by:

Code: 
#pkgdb -F
#portsdb -Uu
#portaudit -Fda
#portversion -l '<'

I then read both /usr/src/UPDATING and /usr/ports/UPDATING

Once I think everything is fine, I run portupgrade -arR and prey a little. :p

If it's a production build, I obviously test this on an identical setup prior to executing it on the live unit.

So back to my question, I have just installed a new system using the 7.2-RELEASE-i386-disc1.iso selecting minimum + man.

If i'm not creating a custom kernel, Is it safe to follow this process?

Code: 
#portsnap fetch
#portsnap extract
#portsnap update

#freebsd-update fetch
#freebsd-update install

Check for vulnerable ports:
Code: 
#portaudit -Fda

Update vulnerable port:
Code: 
portmaster -dB [port path]

Check my emails for updates on FreeBSD.

I'm a little scared.... fresh install with 7.2 and running freebsd-update said there is no updates available?

Thanks,

Fatman
 
Sounds about right. If you use the csup method make sure you track the RELENG_7_2 (for 7.2-RELEASE) so you'll stay on the RELEASE track (with just the security patches). RELENG_7 will change way too much for a production server. It's also customary to use all capitals in the name of the kernel config.

One note, before upgrading any port, read /usr/ports/UPDATING. It may contain notes on possible problems you might run into.
 
Thanks..

How do I know if I'm tracking the release version with portsnap and freebsd update?
 
Portsnap (in general: the ports tree) is the same across all FreeBSD versions, so a [cmd=]portsnap fetch[/cmd] will get you the same ports tree anywhere. See portsnap(8), portsnap.conf(5) (can be left alone), and ports(7).

Freebsd-update determines which version of FreeBSD it's running on, and it will update within that version (so, within 7.1, for example), unless you instruct it to do otherwise (like upgrade from 7.1 to 7.2, or from 6.4 to 7.2). See the -r flag in freebsd-update(8). Also see freebsd-update.conf(5) (can be left alone).
 
You must log in or register to reply here.
Back
Top