[gentoo-user] server deployment
We're in the process of transitioning from 32-bit Redhat (7 I think) web/app servers to 64-bit gentoo web/app servers. One concern I've got is from a security standpoint, normally you don't deploy webservers with development tools on them. How do you guys handle this question with internet-facing production servers? One thought I had was to set up a build server, build the binaries on this server, and do an emerge of the binaries FROM this server to the production servers, with gcc and such removed from them. Will this work? -- John Jolet Your On-Demand IT Department 512-762-0729 www.jolet.net [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] server deployment
On Sat, 2005-09-10 at 14:29 -0500, John Jolet wrote:
We're in the process of transitioning from 32-bit Redhat (7 I think) web/app
servers to 64-bit gentoo web/app servers. One concern I've got is from a
security standpoint, normally you don't deploy webservers with development
tools on them. How do you guys handle this question with internet-facing
production servers?
One thought I had was to set up a build server, build the binaries on this
server, and do an emerge of the binaries FROM this server to the production
servers, with gcc and such removed from them. Will this work?
Yes.
From emerge(1):
--buildpkg (-b)
Tells emerge to build binary packages for all ebuilds processed
in addition to actually merging the packages. Useful for main-
tainers or if you administrate multiple Gentoo Linux systems
(build once, emerge tbz2s everywhere). The package will be cre-
ated in the ${PKGDIR}/All directory. An alternative for
already-merged packages is to use quickpkg which creates a tbz2
from the live filesystem.
I would recommend building packages on a build server with --buildpkg,
installing them on a testing server, and once tested re-packaging them
with quickpkg on the testing server to install on the production
servers. (The advantage of quickpkg is it picks up changes to
configuration files.) Of course, you could combine the build and testing
servers onto one machine.
HTH.
--
gentoo-user@gentoo.org mailing list
Re: [gentoo-user] server deployment
On Saturday 10 September 2005 14:45, Edward Catmur wrote:
On Sat, 2005-09-10 at 14:29 -0500, John Jolet wrote:
We're in the process of transitioning from 32-bit Redhat (7 I think)
web/app servers to 64-bit gentoo web/app servers. One concern I've got
is from a security standpoint, normally you don't deploy webservers with
development tools on them. How do you guys handle this question with
internet-facing production servers?
One thought I had was to set up a build server, build the binaries on
this server, and do an emerge of the binaries FROM this server to the
production servers, with gcc and such removed from them. Will this work?
Yes.
From emerge(1):
--buildpkg (-b)
Tells emerge to build binary packages for all ebuilds processed
in addition to actually merging the packages. Useful formain-
tainers or if you administrate multiple Gentoo Linux systems
(build once, emerge tbz2s everywhere). The package will be cre-
ated inthe ${PKGDIR}/All directory. An alternative for
already-merged packages is to use quickpkg which creates a tbz2
from the live filesystem.
I would recommend building packages on a build server with --buildpkg,
installing them on a testing server, and once tested re-packaging them
with quickpkg on the testing server to install on the production
servers. (The advantage of quickpkg is it picks up changes to
configuration files.) Of course, you could combine the build and testing
servers onto one machine.
HTH.
Thanks.
--
John Jolet
Your On-Demand IT Department
512-762-0729
www.jolet.net
[EMAIL PROTECTED]
--
gentoo-user@gentoo.org mailing list
