On Thu, Nov 09, 2006 at 09:10:49AM -0600, Christopher Hobbs wrote:
> This message may inadvertently get sent twice.  For some reason,
> mx1.freebsd.org has been rejecting messages from my work address.  Here's
> the message that I originally attempted to post:
> Thanks!
> cmh
> -- BEGIN SNIP --
> Hello, list!
> I've got about six production servers and a couple of workstations
> running FreeBSD 6.1-STABLE and 6.2-PRERELEASE.  Some of these machines
> are sitting in DMZ, the others are internal.  Currently, each of them
> has their own ports tree.
> How terrible of an idea would it be to take one of the production
> servers that isn't really doing a whole lot of work, and make it's
> /usr/ports available over NFS to the other machines?  Am I headed in a
> bad direction here?

No, this is not a bad idea at all.  Just be careful about allowing hosts
in the DMZ to mount disks on secure internal machines.  You will need to
set WRKDIRPREFIX to somewhere local on each machine - not doing so will
result in your clients trying to build their ports under the NFS exported
file system on the server, leading to enormous amounts of traffic over 
your network.

You might also consider using the unused box to build packages of all 
the ports your other machines need, and then use pkg_add on the target 
boxes to install them.  If you do this, you'll probably want to make
sure that /usr/ports/packages exists on the build host before you start,
or you'll end up with packages splattered around the ports tree.  You'll
also need an ftp server running on the build host, but with appropriate 
firewall rules this needn't be a gaping hole into your network.

> Also, what about user accounts between machines?  I got to thinking that
> because some of the servers have the same user accounts, would it be
> possible to share a password file or home directories?  Should I build
> another box strictly for this purpose?  If so, could you point me to
> some documentation for achieving such a goal?

Take a look at 
It sounds to me as if it is pretty close to what you want.

As for sharing home directories, this is in the handbook as one of the
advantages of NFS:

    There is no need for users to have separate home directories on every 
    network machine. Home directories could be set up on the NFS server 
    and made available throughout the network.

You might want to look at using AMD to manage this, to avoid having lots of
unused permanent NFS mounts hanging around.  It very much depends on you
network usage, though.



Daniel Bye

PGP Key: http://www.slightlystrange.org/pgpkey-dan.asc
PGP Key fingerprint: D349 B109 0EB8 2554 4D75  B79A 8B17 F97C 1622 166A

Attachment: pgpvjNST5FNqN.pgp
Description: PGP signature

Reply via email to