Hi 2008/1/16, Henning Brauer <[EMAIL PROTECTED]>: > * Piotrek Kapczuk <[EMAIL PROTECTED]> [2008-01-16 15:51]: > > 2008/1/16, Henning Brauer <[EMAIL PROTECTED]>: > > > * Piotrek Kapczuk <[EMAIL PROTECTED]> [2008-01-16 14:18]: > > > > Didn't know it is exactly the same as options. I found it in > > > > flashboot. I'll look more in to other flashboot customisations. Thanks > > > > for pointing this out. > > > > > > flash boot and teh like are obsolete ways to complicate your life. > > > > Let me disagree with you. > > Actually it's fantastic to have one system image which you can deploy > > on dozen of firewalls remotely. > > > > Upgrade procedure from 4.1 to 4.2 ?
> > scp bsd [EMAIL PROTECTED]:/ > > ssh [EMAIL PROTECTED] "reboot" > > > > Total downtime = reboot time. > > in-place updates are trivial enough to be scripted if you can make a > few assumptions for your environment. Really ? More trivial script than something like this ? $scp bsd [EMAIL PROTECTED]:/bsd.new $ssh [EMAIL PROTECTED] "mv /bsd /bsd.old && mv /bsd.new /bsd && reboot" > even if not scripted, they're easy enough. No, they are not "enough" :) Imagine you have a customer. This customer has 18 carp'ed firewalls. You have to upgrade them. Boxes are in 3 different towns each town 100km far from you. You have only ssh access and no remote console. How can you remotely upgrade a box ? (without using bsd.rd) How long will it take ? Really, in this kind of setups I don't think bsd.rd is something evil. I agree thou, that if it's only possible one should use GENERIC+MINIROOT instead CUSTOM+MINIROOT. > my update downtime is no more than that reboot, no matter what machine, > flash or not. Update or upgrade ? Remotely ? > > Also, everything is on ramdisk so stupid users or power outages > > doesn't concern you. Routers reboot and work unattended. > > boohoo. > /tmp /var /dev in mfs w/ the last two prepopulated from flash and the > rest mounted readonly, same thing. Been there, done that. I've started with flashdist. Now IMVHO I use something easier maintainable. -- Regards Piotr Kapczuk
