Dear list, I am seeking advice on how to keep several almost identical OpenBSD installations up to date over several years / releases if possible.
I have 6-10 OpenBSD firewall/gateway/proxy hosts running, all with the following tasks: - pf - squid - postfix / amavisd / clamd - openvpn - ... and a few minor things. All hosts are running on (different) i386 hardware, with a standard kernel. Almost everything is orininally installed using packages/ports, with a few exceptions (postfix, where I always preferred to pick the version myself, or some perl modules for amavisd where I didn4t find a port or package). My goal is to keep those systems up to date. Until now, I only used releases, did source code patches when necessary, and from time to time manual updates to postfix + clamav (I compiled those from source - could4nt use updated ports, as I do not run current - or am I wrong with this assumption?) I really would like to make things easier - by using exactly the same version (which isn4t the case right now unfortunatly) - by using exactly the same set of installed software (with some components disabled if not needed) - by using one "build system" to test the updates, and rolling it out from there to all other hosts - All updates should be done remotely (if something goes terribly wrong I4d still have the option of driving there). My questions are: (1) I should use release(8) for this, shouldn4t I? (2) Would you recommend using the release versions + source code updates, or snapshots together with updated ports? (I am aware that many seem to prefer snapshots here; I was reluctant to use them till now as stability is really important here) (3) Will either of those 2 options make it possible to perform remote upgrades to new OpenBSD releases? (say from 4.5 to 4.6) (4) While the software selection is almost identical on those machines, configuration can be really different. I never tried release(8) - how to keep track of different versions of files in /etc? (5) Do you see a better alternative / what did I get wrong :) ? Thanks for listening Urban
