I'm curious to how people are deploying FreeBSD's ports in their environment. I assume that most people using FreeBSD are indeed using Ports (and often portupgrade for upgrading with binaries). I am however interested in how you have this setup, as I'm not satisfied with how things work in recent versions. I'm now running FreeBSD 9.0 and are having issues.
I've set things up as follows:
- /usr/ports is shared via NFS from one node (with nightly 'portsnap fetch update').
- Each node mounts /usr/ports with read-write
- I've set "WRKDIRPREFIX=/usr/tmp" in /etc/make.conf on all nodes
- I've configured the Portsnap to use a local index by adding the following to /usr/local/etc/pkgtools.conf:
ENV['LOCALINDICES'] ||= '/var/db'
ENV['PORTS_INDEX'] ||= ENV['LOCALINDICES'] + '/INDEX.local'
I can successfully run portupgrade -p package to build a package and then portupgrade -P package to install the binary on the other nodes.
Yet, sometime I receive the following issue: /var/db/INDEX.local:23265:dbm_store failed
I cannot think of any other optimizations I can do to the system, as the index now resides locally, and the only thing really exported is the ports-tree and nothing is ever written to there from the nodes.
I have never been fully satisfied with the ports system in a large environment -- It always seems like you need to apply some external management to it in order to make it work well.
My best tips (in order of ascending preference, "worst" solution to "best" solution):
If you're building on each host, don't.
If you must, don't do it over NFS with read-write mounts like you describe: You can usually trust the ports to Do The Right Thing and not stomp on the ports tree if you provide alternate work directories, but it's always better to be safe than sorry: Run a local CVS/csup mirror and csup all your hosts from that box, then build locally as you would if they were individual machines.
Yes, I know this means having more disk space on the hosts and an extra step. It's also almost guaranteed to be problem-free.
Caveat: You probably want to sync the package configuration files (rsync or similar) from a designated "configuration host" to ensure consistency on each machine (you can even rsync the whole ports tree if you want, rather than using csup on each node).
Use a Build Host, create packages, and install those.
A much better solution than building on each individual machine: Use a build host to create packages, and point your tools at those packages.
This means keeping a build host around for every architecture you run (or cross-compiling), but it's ultimately nicer for your target machines (no large compile jobs, a guarantee of consistency)
Use a configuration/system management tool.
This is the solution I wound up with -- I build a standard server image and deploy it around my environment using
radmind. You can do similar things with Puppet or Chef. This has all the advantages of using a build host (consistency, less load on the individual servers), and adds the benefit of configuration management.Caveat: This only works really well if your machines are "identical" -- That is you can install the same set of ports on all of them. It can work if you have varying sets of ports, but that substantially increases the administrative overhead.
Disclaimer: I'm the port maintainer for
sysutils/radmind. Yeah, I like it that much that I adopted it.All of this is based on my experience managing various-sized FreeBSD environments (ranging from 1-2 machines to over 100). Configuration/System Management tools that push and maintain a standardized image are really the best way to handle this in my experience.
Strange that nobody mentioned ports-mgmt/tinderbox:
Also switching to pkgng greatly simplifies package deployments.
Check it out on github: https://github.com/pkgng/pkgng
I have managed 100+ FreeBSD servers by simply sharing /usr read-only over well-tuned NFS, moving the package databases from /var to /usr and symlinking to them (not strictly necessary but enables pkg_info and such). There may have been one or two other files that needed to be moved in one direction or the other and symlinked but the whole setup took me about an hour to figure out. It worked very, very well. Had I run into scaling issues I would have added additional NFS servers and split the workload but it never came up. Performance was never an issue for me (in fact it was great) but I suppose you could put the NFS server's /usr (or a copy thereof) on an md.
It appears as nobody got a good solution to this unfortunately. Most likely this is due to limitations in the underlaying tools.
Here's what I came up with: I scrapped the idea of having the entire ports-tree exported. Instead, I gave in and put a full ports-tree on each node. I then mounted 'packages' over NFS (to enable distribution of packages).
I'm also intending to utilize a caching proxy (probably Squid) to speed up the portnap process. I wrote a short post about how to setup this on my blog.
References: