BSDCan2007 - Confirmed Schedule

BSDCan 2007
The Technical BSD Conference

Paul Chvostek
Day 3
Room SITE H0104
Start time 10:00
Duration 01:00
ID 20
Event type Lecture
Track System Administration
Language English

Enterprise Package Management

Your boss wants software update tools to be manager-friendly, not just sysadmin-friendly.

The ports system is a powerful, flexible method for managing software installed in FreeBSD, but it's not what many corporations are looking for in a software management tool. Large corporations rarely allow technically adept sysadmins to make decisions about when to upgrade mission-critical servers. In order for IT managers to make sensible decisions, they require information which has hitherto been communicated informally, or via home-grown (non-standard) tools in FreeBSD. Or they've simply used other platforms.

This talk addresses some of the concerns about and arguments against FreeBSD that are made by corporate IT management, and presents some tools that may be used by system administrators to address these concerns, including ITIL compliance, version consistency, approval processes, integration with corporate change management systems.

Version consistency, QA

Large groups of servers need to be maintained in a consistent fashion, with common software versions. The process of upgrading a package needs to upgrade to a specific approved version, not simply the latest one in the ports tree. Local repositories may be used in various environments:
  • Corporations may be conservative with regard to the risk of downloading software built elsewhere.
  • Particular port option requirements may require packages to be built locally.
  • Large numbers of servers that share a buildenv may use a local copy rather than compiling each port on their own.
  • A common install package creates consistency that managers like, if they understand it in the first place.
If a package repository is to be maintained, something needs to populate it. The talk will include discussion of how to manage local tinderbox-style build environments. On a related note, production environments that need to "approve" internal software releases against a specific set of package versions (for example, a PHP-based web site that may depend on default behaviour in certain versions of MySQL) will likely need to test releases in a QA. A mechanism for identifying and deploying an approved collection of package versions to distinct groups of servers will be discussed.

Integration / Standardization of process

We should aim for ITIL compliance wherever possible. We'll have some examples of how corporate-friendly change management works, and how automated process can inform CMDB systems (RT, Remedy, etc).

Approval process

Multiple management-friendly communication methods must exist, so that security vulnerabilities and other errata can prompt changes that go smoothly. For example, you might want to email your manager a URL that dynamically generates a PDF (with your company's logo at the top) that notes a recent VuXML submission, includes the applicable CVE notice's description, and the list of your company's servers that are affected. None of us like generating documentation. Having it generated for us by software that keeps things complete and consistent seems far more elegant.


The business needs addressed by any of Red Hat Network, Novell's Zenworks Linux Management may be identified and used as comparative examples, with a review of some of the tools already available to FreeBSD admins.