One of the things I love about FreeBSD is the ports directory.
The ability to install and upgrade any port simply by going to /usr/ports/porttype/portname i.e. /usr/ports/www/apache13 then all you have to do is type in make and make install or in many cases make install clean and you are on your way. The system connects to various mirror sites and downloads the entire source needed to install the port.
Of course it can become a little painful if you are trying to install 3 identical ports on 3 different servers or trying to upgrade a port that is on 5 or 6 or more servers. I don’t mind running the portupgrade pkg-name command 5 or 6 times, but the problem is the server downloads the source package 5 or 6 times depending on how many servers that port needs to be installed or upgraded on.
So how to save time and bandwidth for port upgrades? Well that’s simple, but as always you have to take in to account some possible security issues.
The way we have used here is to use NFS, which by no means is a secure way of doing it, but the risk can be minimized. I would not suggest using something like NFS on a bunch of servers that are open completely to the Internet. However if you have your gaggle of say 5 or 10 servers in a firewalled environment where the only access from the outside world is limited to a few ports for instance
TCP 80 / www
TCP 443 / https
TCP 21 /FTP
TCP 25 / SMTP
And a few others then you have already done a fair amount to minimize your risk. And you can do some more in the actual NFS setup.
This is what we are going to do:
We set up a server to be the “master” and we setup the other servers to be the “slaves”
Ultimately, the slaves will mount the masters /usr/ports/distfiles directory as their own (the slaves will not have their own /usr/ports/distfiles directory
Firstly decide on a “master” machine the master should have a fair amount of spare drive space and should probably not be too over worked.
Once you have selected the NFS Master
You need to add these lines to your rc.conf file
rpcbind_enable="YES"
nfs_server_enable="YES"
mountd_flags=""
Add these lines the the /etc/export file (you will probably have to create this file)
/usr/ports/distfiles -maproot=root 10.0.0.2 10.0.0.5 10.0.0.6 10.0.0.9 10.0.0.10 10.0.0.11 etc
The maproot=root basically is risky business but since our servers are pretty hard to get into unless you are on the inside of the firewall it’s a calculated risk.
Obviously the 10.0.0. list of servers should be replaced by the IP’s of your servers.
Ok now the “slave” setup
In the slaves /etc/rc.conf file add the following 2 lines
nfs_client_enable="YES"
amd_enable="YES"
The amd_enable=”YES” directive is to tell the server to automount
Then in the slaves /etc/fstab add this
10.0.0.15:/usr/ports/distfiles /usr/ports/distfiles nfs rw 0 0
For this example 10.0.0.15 is the “master server”
Ok time to start it all up
Firstly on the Master server run the following as root
# rpcbind
# nfsd -u -t -n 4
# mountd
Then on slave servers run the following as root
nfsiod -n 4
Ok that should get the servers all listening for the mounts that you want.
Now try to mount the master’s distfile
mount master-server:/usr/ports/distfile /usr/ports/distfile
That should do it if you run df –h you should see something like this
df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/ad4s1a 68G 2.1G 60G 3% /
devfs 1.0K 1.0K 0B 100% /dev
master-server:/usr/ports/distfiles 340G 42G 271G 14% /usr/ports/distfiles
Now any files that a slave might download while doing a portupgrade will be downloaded to the master server and will automatically be available to any other server master or slave with out having to re-download the file
You might also want to check out the FreeBSD Handbook for info related to NFS
The ability to install and upgrade any port simply by going to /usr/ports/porttype/portname i.e. /usr/ports/www/apache13 then all you have to do is type in make and make install or in many cases make install clean and you are on your way. The system connects to various mirror sites and downloads the entire source needed to install the port.
Of course it can become a little painful if you are trying to install 3 identical ports on 3 different servers or trying to upgrade a port that is on 5 or 6 or more servers. I don’t mind running the portupgrade pkg-name command 5 or 6 times, but the problem is the server downloads the source package 5 or 6 times depending on how many servers that port needs to be installed or upgraded on.
So how to save time and bandwidth for port upgrades? Well that’s simple, but as always you have to take in to account some possible security issues.
The way we have used here is to use NFS, which by no means is a secure way of doing it, but the risk can be minimized. I would not suggest using something like NFS on a bunch of servers that are open completely to the Internet. However if you have your gaggle of say 5 or 10 servers in a firewalled environment where the only access from the outside world is limited to a few ports for instance
TCP 80 / www
TCP 443 / https
TCP 21 /FTP
TCP 25 / SMTP
And a few others then you have already done a fair amount to minimize your risk. And you can do some more in the actual NFS setup.
This is what we are going to do:
We set up a server to be the “master” and we setup the other servers to be the “slaves”
Ultimately, the slaves will mount the masters /usr/ports/distfiles directory as their own (the slaves will not have their own /usr/ports/distfiles directory
Firstly decide on a “master” machine the master should have a fair amount of spare drive space and should probably not be too over worked.
Once you have selected the NFS Master
You need to add these lines to your rc.conf file
rpcbind_enable="YES"
nfs_server_enable="YES"
mountd_flags=""
Add these lines the the /etc/export file (you will probably have to create this file)
/usr/ports/distfiles -maproot=root 10.0.0.2 10.0.0.5 10.0.0.6 10.0.0.9 10.0.0.10 10.0.0.11 etc
The maproot=root basically is risky business but since our servers are pretty hard to get into unless you are on the inside of the firewall it’s a calculated risk.
Obviously the 10.0.0. list of servers should be replaced by the IP’s of your servers.
Ok now the “slave” setup
In the slaves /etc/rc.conf file add the following 2 lines
nfs_client_enable="YES"
amd_enable="YES"
The amd_enable=”YES” directive is to tell the server to automount
Then in the slaves /etc/fstab add this
10.0.0.15:/usr/ports/distfiles /usr/ports/distfiles nfs rw 0 0
For this example 10.0.0.15 is the “master server”
Ok time to start it all up
Firstly on the Master server run the following as root
# rpcbind
# nfsd -u -t -n 4
# mountd
Then on slave servers run the following as root
nfsiod -n 4
Ok that should get the servers all listening for the mounts that you want.
Now try to mount the master’s distfile
mount master-server:/usr/ports/distfile /usr/ports/distfile
That should do it if you run df –h you should see something like this
df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/ad4s1a 68G 2.1G 60G 3% /
devfs 1.0K 1.0K 0B 100% /dev
master-server:/usr/ports/distfiles 340G 42G 271G 14% /usr/ports/distfiles
Now any files that a slave might download while doing a portupgrade will be downloaded to the master server and will automatically be available to any other server master or slave with out having to re-download the file
You might also want to check out the FreeBSD Handbook for info related to NFS
Comments