On Thu, Nov 09, 2006 at 09:10:49AM -0600, Christopher Hobbs wrote: > This message may inadvertently get sent twice. For some reason, > mx1.freebsd.org has been rejecting messages from my work address. Here's > the message that I originally attempted to post: > > Thanks! > cmh > > -- BEGIN SNIP -- > > Hello, list! > > I've got about six production servers and a couple of workstations > running FreeBSD 6.1-STABLE and 6.2-PRERELEASE. Some of these machines > are sitting in DMZ, the others are internal. Currently, each of them > has their own ports tree. > > How terrible of an idea would it be to take one of the production > servers that isn't really doing a whole lot of work, and make it's > /usr/ports available over NFS to the other machines? Am I headed in a > bad direction here?
No, this is not a bad idea at all. Just be careful about allowing hosts in the DMZ to mount disks on secure internal machines. You will need to set WRKDIRPREFIX to somewhere local on each machine - not doing so will result in your clients trying to build their ports under the NFS exported file system on the server, leading to enormous amounts of traffic over your network. You might also consider using the unused box to build packages of all the ports your other machines need, and then use pkg_add on the target boxes to install them. If you do this, you'll probably want to make sure that /usr/ports/packages exists on the build host before you start, or you'll end up with packages splattered around the ports tree. You'll also need an ftp server running on the build host, but with appropriate firewall rules this needn't be a gaping hole into your network. > > Also, what about user accounts between machines? I got to thinking that > because some of the servers have the same user accounts, would it be > possible to share a password file or home directories? Should I build > another box strictly for this purpose? If so, could you point me to > some documentation for achieving such a goal? Take a look at http://www.uk.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-nis.html. It sounds to me as if it is pretty close to what you want. As for sharing home directories, this is in the handbook as one of the advantages of NFS: There is no need for users to have separate home directories on every network machine. Home directories could be set up on the NFS server and made available throughout the network. You might want to look at using AMD to manage this, to avoid having lots of unused permanent NFS mounts hanging around. It very much depends on you network usage, though. HTH Dan -- Daniel Bye PGP Key: http://www.slightlystrange.org/pgpkey-dan.asc PGP Key fingerprint: D349 B109 0EB8 2554 4D75 B79A 8B17 F97C 1622 166A
Description: PGP signature