On Tuesday 23 September 2008 17:32:51 Anthony Metcalf wrote: > Hi, > > This is a theoretical question, and a very simplified example of > what I'm thinking, but it serves to get the idea across.... > > Suppose I am planning multiple Gentoo servers, I will want them all > based on the "Hardened" profile (they are servers after all!) but I will > also want them all to have the ipv6 use flag set, since my internal > network is completely ipv6. > > Which is better, have a standard make.conf, with USE="ipv6" and copy > that around, or create my own profile?
it's 6 and half a dozen really, both methods have the same effect. You have to weigh up the hassle of creating the profile and the ease of using it with the ease of modifying make.conf and the hassle of copying it everywhere. Plus, with just a make.conf, you can't extend your system set. It's your call really there is not a OneTrueRightWay(tm) > I assume that I could copy the hardened profile, change a couple of > files, and then re-link make.profile. You don't copy the profile as such, you inherit from it. Create a new directory somewhere, and put a file in it called "parent" which points to the hardened profile that's your base. Put your mods in correctly named files in that directory and point make.profile to it. This is all documented *somewhere* but I once spent 10 minutes looking through the existing profile directories and it was stunningly obvious how it all worked. > 1) Would changes be lost on rysnc, since my new folder isn't in the > tree I'm syncing with? Is there a way around that? If you put it in the portage directory and don't take special steps, then your profile will be nuked. But --sync is just an rsync operation, and rsync's man page is every longer than ls's :-) with options for every imaginable thing. You should be able to figure out the options to exclude your custome profile with ease > The advantage I see over the copy-the-make.conf situation, is that I > can change the use flags once, and they are copied for all servers at > the next sync (all servers would obviously sync to a central box), > whilst still being able to keep other things (CFLAGS? IF servers have > different processors etc) different for different servers.... You could even set up a mini- trimmed-down sync server. Put your master copies of stuff there, take steps so that portage doesn't nuke things, and set up a cron to sync once a day. Tell your machines to get their portage tree from this server, not gentoo.org somewhere and let rip. Also put a proxy on that sync server of yours so distfile downloads only happen once. There's many ways to do this - squid is obvious but I believe portage can do something similar (which I have not used myself) -- alan dot mckinnon at gmail dot com
