On Thu, Aug 07, 2008 at 12:58:06AM -0700, Ask Bj?rn Hansen
wrote:> We got 4 new SuperMicro boxes[1] with Xeon 3320 processors. They'll be
> used as firewalls / very basic routers (our network on one side, the
> world via a /29 on the other side). We currently use Soekris and PC
> Engine boxes for this (with custom NanoBSD images), so this will be a bit
> of an upgrade. :-)
What motherboard model is used on those boxes? The website doesn't say.
The reason I'm asking is that I'm working on a H/W monitoring project
which currently is focusing on Supermicro boards, and need more testers
for boards I don't already have data for. :-)
> I was planning to install pfSense on them, but I'm losing faith in that
a
> bit after figuring out that the pfSense project doesn't seem all that
> open[2]; so I'm considering just installing "plain FreeBSD 7"
instead.
>
> So the question: Would I be happier with 64 or 32bit FreeBSD? Our
> Linux application and database servers are all 64 bit, but they also
> have 32GB RAM each. The "firewall boxes" are probably vastly
overdone
> with memory at 4GB each. :-)
We have numerous Supermicro machines in our co-lo, all of which run i386
except for one. The reason was that I hadn't spent the time to really
get a feel for amd64 (all the machines run RELENG_6 except for the amd64
box, which runs RELENG_7). I run amd64 at home, and it's fine.
I'm looking forward to being able to upgrade our SQL server in the co-lo
to either 4GB or 8GB of RAM without having to bother with PAE (ugh!).
But be aware that there still are some applications (ports) which don't
behave correctly on amd64. So my recommendation is to build a test
box that mimics your production environment, and make sure all of your
stuff works on it.
You might also be asking "is there some form of compatibility where
amd64 can continue to run i386 binaries?" Yes, it's called lib32. I
choose not to install it (during a FreeBSD install), and I disable it
from buildworld by using WITHOUT_LIB32=true in /etc/src.conf (that file
is new compared to older FreeBSD, so be aware). My attitude is "this is
a 64-bit box, and you will recompile your programs to work on a 64-bit
arch". Avoiding it also greatly decreases buildworld time.
> A secondary question: Is the preferred way to upgrade a FreeBSD box
> still cd /usr/src; make update && make buildworld && ... ?
(I mostly
> use FreeBSD for building my NanoBSD-flavor images these days, so I'm a
> bit out of touch).
First and foremost: to update the sources, you should use csup and not
cvsup. csup comes in the base system, is written in C, and supports
most all of the flags that cvsup does.
The upgrade procedure is described in detail in /usr/src/Makefile.
Here's what I'm referring to:
# For individuals wanting to upgrade their sources (even if only a
# delta of a few days):
#
# 1. `cd /usr/src' (or to the directory containing your source
tree).
# 2. `make buildworld'
# 3. `make buildkernel KERNCONF=YOUR_KERNEL_HERE' (default is
GENERIC).
# 4. `make installkernel KERNCONF=YOUR_KERNEL_HERE' (default is
GENERIC).
# 5. `reboot' (in single user mode: boot -s from the loader
prompt).
# 6. `mergemaster -p'
# 7. `make installworld'
# 8. `make delete-old'
# 9. `mergemaster'
# 10. `reboot'
# 11. `make delete-old-libs' (in case no 3rd party program uses them
anymore)
Some footnotes:
1) You can put KERNCONF=WHATEVER in /etc/make.conf, thus avoiding the
need to specify it during steps 3 and 4.
2) On amd64, your kernel config will go in /sys/amd64/conf, not
/sys/i386/conf. (This may be obvious to most, but not so much to newer
folks).
3) After step #5, and you're in single-user, you'll probably have
to type "mount -a -t ufs" to get all of your filesystems mounted.
4) Don't skip the single-user step or try to do it from multi-user;
I've seen numerous cases where /libexec/ld-elf.so.1 doesn't get
updated as a result of people trying to avoid single-user. If you
admin these boxes remotely, you're going to need serial console for
the above.
5) Get familiar with mergemaster, specifically the side-by-side
interactive diff feature. It looks scary the first time around,
but once you learn that "r" applies the stuff you see on the right,
and "l" applies the stuff you see on the left, you should be fine.
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |