April 14th, 2006, 10:25

"Updating software--many fear this task. It risks interruption of service. It introduces a big, gray unknown. Even with a test system and usage reports, it may bring doom to your applications. With great confidence and trust in his abilities, the system administrator must tread down this uncertain path. Sometimes this requires persuading, as many people don't see the need. Trying to quantify the risk of a compromise is not easy, especially for those who have never experienced an attack. The process of rebuilding software can sometimes be lengthy, and merging configuration files can be tedious. It's a thankless task, and not many users will recognize the effort.

I set out on a search for what was available. I tried binary updating from, which was pretty easy to set up and was great for security updates, but it didn't really help with updating configuration files--and upgrades cost money. I then attempted radmind, but quite honestly, waiting for it to traverse my machine and build an image didn't give me the sense of time savings I wanted.

Eventually I put it on hold for year until I could find an official document or article describing best practices and procedures for updating a bunch of servers. Then, while glancing at the FreeBSD Handbook, I found what I had been looking for: tracking for multiple machines. I read about it and rejoiced. With great guidance and direction, I proceeded to build the ultimate updater: the FreeBSD build system."

Read the full article (