On Fri, 2011-08-26 at 08:57 -0700, Ralph Becker-Szendy wrote: > I've had a combination router/firewall/802.11 AP/DNS/DHCP/NTP > server/Squid cache/file server/backup appliance/... on OBSD for years > now. And they have died occasionally ... always due to disk failures > or the like. Every disk death causes 1-2 days of abject horror.
Running that many functions on a single machine is a recipe for that. I used to do that, and it sucked. Life is easier if you part out those functions. Virtualization helps a lot there. > You still have the disk problem though. Booting/running from CF works, > but the CF may be just as short-lived as a spinning rust drive would be; > I haven't had CF failures, but stories abound. I'm just buying an extra CF card and copying the original system to it once it's configured and tested. My PF machine only does routing, PF, DHCP, and NTP. Apart from the occasional opening/forwarding of a port in pf.conf, nothing ever changes on it. > I've done PXE once, and didn't enjoy it (took days of trial and error, > no idea why it eventually worked, probably would never work again). > I'll have to work on honing that skill. Much simpler: take an old > laptop with CD, put the Soekris "disk" (might be CF in an adapter) in > there, install, then move the "disk" to Soekris. I'll probably use the qemu trick referenced in one of the links in this thread. But I've used PXE before in other contexts and it works fine. > One problem is upgrades. If your whole household and family rely on the > server, you can't take it out of service for a weekend to upgrade the > OS. Another reason not to do everything on a single machine. And again, virtualization helps a lot. The OpenBSD router is the only "real" machine I have apart from my desktops. Other network functions run on several virtual machines, so that one can be upgraded without touching the others. If the virtual host needs extensive upgrades, I can move the most important VM (DNS and mail) to an extra box and run it there in the meantime with very little interruption. And the host machine is well protected by disk mirroring and backups. Even if it melted down and I started again with bare iron, I could restore it in a few hours (most of which would be spent waiting on file ops). > And OBSD wants to be upgraded every 6 months, otherwise you are > looking at a reinstall. This is why I stopped using OpenBSD outside of the router about 5 years ago. It's a great system but not very easy to maintain, especially if you require a bunch of ports/packages and have a lot of services to protect. I moved all of my servers over to Debian long ago and have been very happy with that. > Who knows what function you want to add to your server. I know that I don't want my router to be a fileserver, run public services beyond SSH, or have any user accounts on it. Those are the servers' jobs. --Todd _______________________________________________ Soekris-tech mailing list [email protected] http://lists.soekris.com/mailman/listinfo/soekris-tech
