Re: rebuild world with NO_SENDMAIL=YES

• Previous message: Ross Maloney: "Re: Why do most super-computers use LINUX instead of BSD?"
• In reply to: FanJet: "Re: rebuild world with NO_SENDMAIL=YES"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sun, 30 Oct 2005 04:15:01 GMT

In article <moR8f.713$ZA3.183190@monger.newsread.com>,
FanJet <FanJet27@hotmail.com> wrote:
>Bill Vermillion wrote:
>> In article <3sf0f3Fo6dgcU1@individual.net>,
>> Keve Nagy <see_my_sig@address.invalid> wrote:
>>> Hi Newsgroup,
>>
>>> I am considering to replace sendmail with postfix on an existing,
>>> up-to-date system. It has ports, packages and apps installed (no
>>> X). My idea is to do a buildworld having "NO_SENDMAIL=YES" in
>>> /etc/make.conf. Then remove the files left over from sendmail,
>>> and build postfix from the ports.
>>
>> You are making a lot of uneccesary work for yourself.
>>
>> Just install postfix. Then modify the file /etc/mail/mailer.conf
>> so that anything that calls sendmail calls the appropriate
>> MTA - in your case postfix.
>>
>> This is a good approach because if there are any embedded
>> applications [people who write web pages love to call sendmail
>> directly] that call sendmail they will use the MTA of your choice.
>>
>> You don't have to bebuild the OS nor install it, nor do anything
>> other than make and install postfix and modify the mailer.conf
>> file.
>>
>>> My question is: how risky is a buildworld for my existing
>>> ports/packages and apps?
>>
>> It won't affect anything.
>>
>>> Are these expected to remain "relatively untouched" and operational,
>>> including the ports/pkg database, or is it more likely that the whole
>>> thing will get out of sync and I have to reinstall all my
>>> ports/packages/etc ?
>>
>> You don't have to do a thing with that. And if you notice
>> virtually all the things in ports are installed in /usr/local
>> and do not collide with anything in the base system.
>>
>> And an example of mailer.conf is that if you install sendmail
>> from the ports tree, it installs under /usr/local and the
>> mailer.conf can be pointed to the the new version and you just
>> leave the old version where it is.
>>
>>> I am under the impression that buildworld and ports/packages
>>> can be treated relatively separated, so a buildworld should not
>>> jeopardise the installed ports and packages. Can somebody confirm
>>> or deny this please!

>> Correct. I do buildworlds remotely - and only ONE time have I had
>> to go to the colo - because some IDIOT - had placed something on
>> the keyboard of the KVM and it hung the system during reboot.

>A bit off thread but any chance you'd share the steps you use to
>do this?

It's really quite simple - the same steps for building one locally.

Use cvsup - I suggest getting it as a package as to build it
locally you will have to build another package - I think it was
Ruby - which takes a long time and you'll probably not need that
again.

Decided if you want to stay with CURRENT or a version release.
You'll see the info in the cvsup information. Edit the
/etc/cvsupfile to go to the cvsup server that is fastest for you.

Run the program and you'll get all the source in /usr/src

Then follow the directions in UPDATING.

You'll 'buildworld'. You will 'buildkernel' You will install
kernel [I suggest testing this locally before you try a remote
install to make sure it's working]. After install you reboot
the system.

It's recommended to boot into single user mode but unless you have
serial console access to the remote machine - typically through an
IP accessed switch device - you'll do this in multi-user mode.

I've never had a problem with this, and I don't have much
alternative at the moment.

If the machine comes back up, then you can perform and
installworld. Run mergemaster - and be careful because you are
going to reboot again and remote machines aren't easy to get to
:-).

And then you are done.

I typically build the sources remotely and use the line

nohup time make buildworld &

Then I log out.

This way I have a complete log of what went on in the nohup.out
file. And I also have the time it took to do this. After awhile
you know how long it will take and if the time varies then you may
need too look at the problem.

The I move the nohup.out to another name to save it.

Then I run the same command but run the buildkernel as described
in UPDATING and check it's output.

Then usually the next night I'll login and install kernel, reboot,
then installworld, run mergemaster, and reboot again.

I've had it fail one time - as noted in the previous message.

I just brought up a new mail server last week. It was a separate
machine so I rebooted it on an alternate IP to MAKE SURE. Then
I rebooted the old mail machine changing it's IP to a work IP,
and then rebooted the new machine with the IP of the old mail
machine.

Unless there is some security problem that requires rebuilding a
kernel most security updates can be performed on individual
programs. I haven't seen the machines physically in over a year -
yet the colo is only 15 minutes away at 2AM. At 5PM it can be 45
minutes. And I can stand downtime if I have to at 2AM since
virtually all email accounts are business accounts, and the
secondary MX machine will catch everything when the main one goes
down.

Essentially you are just going to do the same things to build and
install a new system as you would as if it were a local machine,
but you are doing it in mulit-user mode instead of single user
mode.

We've had only about 3 hours of real down time since February of
2000. And most of that was a failing Cisco 7200 series router -
one of those $17K jobbies.

I got a call about 2AM, drove out and found the Cicso locked.
A reboot and things went well. For 30 minutes. This time I called
my partner who is about the same distance away. And he went and
rebooted the Cisco every 30 minutes, while I worked remotely
taking the machine that stores the backups and converting it to a
router.

So we lost about an hour between 2AM and 5AM - in small pieces.

And a client dedicated server had a problem last week. It looks
like it lost part of it's RAM as in a reboot not all the RAM shows
and turning the KVM to show it's screen had a panic with a maxfile
error.

So since 1997 I've had exactly ONE FreeBSD machine fail in 24x7
use, that one. I consider myself very lucky indeed.

When everyone was attacking the Linux machines with the Lion
program - that gave root access on Linux servers - the only thing
that happened in FreeBSD was that BIND stopped. I just can't see
running any other OS except FreeBSD for this kind of work.

Though one client - since bankrupt - was running a multi-cpu SUN
with an Oracle database as the backend for his web application.
But for what we are doing those are definate overkill.

Bill

Bill

-- 
Bill Vermillion - bv @ wjv . com

• Previous message: Ross Maloney: "Re: Why do most super-computers use LINUX instead of BSD?"
• In reply to: FanJet: "Re: rebuild world with NO_SENDMAIL=YES"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]