2008/1/16, Henning Brauer <[EMAIL PROTECTED]>: > * Piotrek Kapczuk <[EMAIL PROTECTED]> [2008-01-16 18:59]: > > Hi > > > > 2008/1/16, Henning Brauer <[EMAIL PROTECTED]>: > > > * Piotrek Kapczuk <[EMAIL PROTECTED]> [2008-01-16 15:51]: > > > > 2008/1/16, Henning Brauer <[EMAIL PROTECTED]>: > > > > > * Piotrek Kapczuk <[EMAIL PROTECTED]> [2008-01-16 14:18]: > > > > > > Didn't know it is exactly the same as options. I found it in > > > > > > flashboot. I'll look more in to other flashboot customisations. > > > > > > Thanks > > > > > > for pointing this out. > > > > > > > > > > flash boot and teh like are obsolete ways to complicate your life. > > > > > > > > Let me disagree with you. > > > > Actually it's fantastic to have one system image which you can deploy > > > > on dozen of firewalls remotely. > > > > > > > > Upgrade procedure from 4.1 to 4.2 ? > > > > > > scp bsd [EMAIL PROTECTED]:/ > > > > ssh [EMAIL PROTECTED] "reboot" > > > > > > > > Total downtime = reboot time. > > > > > > in-place updates are trivial enough to be scripted if you can make a > > > few assumptions for your environment. > > > > Really ? More trivial script than something like this ? > > more trivial? who gives a f***? I said trivial enough.
Sending base42.tgz over 512Kb WAN link - 12 minutes. Extracting base42.tgz on Soekris NET4801 to flash - 16 minutes Estimated total upgrade time - looong. Knowing it's not painful - it's "trivial enough" - priceless (-; > if you add the time it takes you to bake your kernel, I am probably > already at the 5th beer after beeing done. If you add your time spent on writing,testing, modifying that script of yours ... well, I don't think so. Besides I don't treat building a kernel as engaging work . > > Imagine you have a customer. This customer has 18 carp'ed firewalls. > > You have to upgrade them. Boxes are in 3 different towns each town > > 100km far from you. You have only ssh access and no remote console. > > > > How can you remotely upgrade a box ? (without using bsd.rd) How long > > will it take ? > > how? read the upgrade-minifaq, it is in there. I though you do it in some other way. > i have it scripted. > i manage way over a hundred openbsd machines, many remote, and the > "local" ones I don't touch either (i. e. i treat them like they were > remote). > it takes me about 2 minutes per reasonably fast machine. You look like you're really happy with that method ... well, you've convinced me. I have a few fast machines. I definitely have to give a try with "upgrade by scripting". I'd really love to see your scripts. How do you do it ? Could you please send me something off the list ? Please. > > Really, in this kind of setups I don't think bsd.rd is something evil. > > well, I am absolutely certain it is evil in that scenario. Well, it saves a lot of time for me. For that scenario - flash storage, slow links, slow constrained machines it's better to stay with it - at least for me. > > > my update downtime is no more than that reboot, no matter what machine, > > > flash or not. > > Update or upgrade ? > > 4.1 to 4.2 is not an update? I've used to think: update - changes within major version - following -stable upgrade - changes between major versions- 4.1 - 4.2 -- Regards Piotr Kapczuk