Fwd: Re: Recommended reading: FreeBSD for production server use
From: Freddie Cash (fcash_at_sd73.bc.ca)
Date: 07/16/03
- Previous message: Nico Meijer: "Re: Recommended reading: FreeBSD for production server use"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Jul 2003 14:32:30 -0700 To: newbies@freebsd.org
On July 16, 2003 02:17 pm, Nico Meijer wrote:
> Perhaps some real questions would clear things up.
>
> Let's say I run a production status FreeBSD 4.8 server. Do I track
> RELENG_4_8? Do I track -STABLE (RELENG_4, I believe)? (My bet is on
> RELENG_4_8)
Track RELENG_4_8, as that is 4.8-RELEASE plus any security and major
bug fixes. It's the least moving target.
If you need specific features or drivers or other support only found in
-STABLE, then track RELENG_4.
> Let's say I use ports on that server. 'ports' has no cvs tag, as
> opposed to OpenBSD's ports system. Do I cvsup my ports tree
> regularly? If so, do I issue 'portupgrade -ar' every now and then?
> That, for instance, would upgrade my 'mod_php4' to version 4.3.3-RC1.
> Being "RC1", it is not intended for production use. OTOH, my Apache
> would now be a patchlevel 5, which would seem good to me, at first
> glance (didn't check what the changes were from p4).
Certainly update the prots tree every now and again (I update it once a
week). Then run "portversion -v | grep needs" to see which ports have
updates available. Then, manually research each change to see if you
need to update or not. Only update the ports you need to update.
Don't blindly run "portupgrade -arR" as that can bite you in the arse
quite easily. :)
> Let's say I run ipfw on that server? Will 'ipfw add check-state' and
> accompanying 'ipfw add allow tcp from [whatever] to me via
> [interface] port [number] setup keep-state' rules a) work (verified,
> it does) b) hold up under heavy network load?
It does. That's what it is designed to do, and several large sites use
it without problems. ipfw+natd can be a little slow on super-heavy
throuput sites, in which case you should invetigate using
IPFilter+IPNat. The reason for this is that ipfw runs in the kernel,
but natd runs in userspace, and you hit a lot of data passing back and
forth and kernel context switches. ipfilter and ipnat both run in the
kernel.
As for where you can find over-arching documentation of this sort ...
well, you can't really. :) There is an excellent documentation
section to the FreeBSD website, with several different Handbooks and
articles on various subjects. There are also several very nice books
out, like Greg Lehey's "The Complete FreeBSD, 4th ed.", or Annelise
Anderson's "FreeBSD: An Open-Source OS for your PC" (I think that's the
title, I may have mangled it a bit), "FreeBSD Unleashed", "Absolute
BSD", and others. Beyond that, it's scouring the archives of the
various mailing lists, searching the web, checking website like
http://bsdforums.org and the like.
Or, writing one for everyone to use, based on your experiences and
research. :)
-- Freddie Cash District HelpDesk / Network Admin fcash@sd73.bc.ca helpdesk@sd73.bc.ca (250) 374-0679 ext. 219 _______________________________________________ freebsd-newbies@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-newbies To unsubscribe, send any mail to "freebsd-newbies-unsubscribe@freebsd.org"
- Previous message: Nico Meijer: "Re: Recommended reading: FreeBSD for production server use"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
