Depenguinator "Upgrades" Linux to BSD 616
cperciva writes "Many systems around the world have been possessed by penguins and dead rats. It would be nice to exorcize these evil spirits, but this can be difficult without physical access to the machines in question.
Thanks to a new depenguinator, it is now possible to upgrade Linux systems to run FreeBSD 5.x without requiring anything more than an SSH connection." Clever idea.
HOWTO - Install Debian Onto a Remote Linux System (Score:5, Informative)
Re:Similar tool for Debian (Score:2, Informative)
Re:Similar tool for Debian (Score:5, Informative)
While you should be able to simply chroot into your new system and start adding stuff, I'd be a very good idea to boot it first. Debian will need to run some scripts on boot to finish configuring itself.
I'd go with the first option. The second one is too easy to screw up if you don't know what you're doing.
Re:Similar tool for Debian (Score:2, Informative)
Re:Similar tool for Debian (Score:5, Informative)
Well, I don't know of a tool, but how about HOWTO [sourceforge.net]?
Have a good one. :)
Re:Not really an upgrade.... (Score:3, Informative)
It also inserts a system configuration file into the filesystem image; and the filesystem in question -- UFS2 -- is one for which Linux support is rather lacking, so the filesystem image has to be built entirely within userland (thanks NetBSD!).
Re:Useful! (Score:3, Informative)
That was the initial motivation; although it turns out that this is also very useful for installing FreeBSD on easily accessible servers, since loading the entire OS into a memory disk makes it possible to do things which sysinstall doesn't support -- for example, creating a vinum root system.
Re:does FreeBSD have something like apt-get or yum (Score:5, Informative)
Not any more, and 'make world' is being deprecated in favor of 'make buildworld'. The difference is, that 'make buildworld' is totally self contained. You do 'make buldworld' on one machine, export
Re:Similar tool for Debian (Score:4, Informative)
The real servers are all UML instances, all running Debian. The UML page on Sourceforge has a minimal Debian root disk image. I based my root images from these (created a new filesystem on the RedHat system of the appropriate size, mounted both, and cp -a from the minimal Debian install to the root filesystem file I was going to use, edited
The nice thing about separating all your services on different VMs within one host is you can apply decent firewall rules for each VM. If, say, your DNS UML got rooted because of an unpatched BIND (unlikely with Debian, since you can just apt-get update && apt-get upgrade to keep up to date) the skript kiddie - instead of having the run of your whole server and being able to deface your website (or worse) is locked into your DNS UML. Add proper egress firewall rules with iptables on the host, and you can prevent most skript kiddie attacks from being able to work.
Although I like the BSDs (I like all UNIX style OS, well, except a certain company whose name need not be mentioned), they can't yet (natively) do the equivalent of user mode Linux which is something I find incredibly useful. Hopefully they will in the future.
Re:does FreeBSD have something like apt-get or yum (Score:3, Informative)
mount /usr/src /usr/obj /usr/src /etc
mount
cd
make installkernel installworld
scp -r build:/etc/\*
This is assuming all your machines are identical. If not you'd have to be more careful about the config stuff, and use mergemaster, but that would be the case for any OS.
Of course, NFS is not something you'd want to use to a remote machine, the idea of opening RPC ports in my firewall makes my skin crawl. But for upgrading multiple machines on your own network, the BSD system is really quick and clean.
If something could be done to improve mergemaster, the ease of upgrading FBSD would be the killer argument for the death of the penguin. I've never seen a description of how to upgrade linux which didn't make me decide it would be easier just to do a clean install ofa new version. If there is such a description/method, please post and earn some well deserved karma.
Re:Let me get this straight... (Score:5, Informative)
Name any five that depend on each other and are important for real-world use? Ports suffers from both the desire to be large and from the fact that they're generally supported by one person. I've been running FreeBSD now for nearly 5 years and have only run into a broken port once, snmpd, which broke after a significant change in system variables, which in turn broke snmpd. It was fixed quickly, and since then every time I've built a port it's built.
How exactly is FreeBSD 5 a "dramatic step-up from ANY Linux distro"? FreeBSD releases are only supported for 12 months. Then you have to upgrade. In comparison, Debian supports its releases for at least two years, and RHEL offers a whopping FIVE years. That's right, five. This matters in real-world use.
You don't understand FreeBSD releases. There are point releases (eg, 5.2), -STABLE branches and -CURRENT branches. Most people track a -STABLE branch. Tracking a stable branch provides you with bug fixes and occasionally some new features backported from -CURRENT. Tracking -STABLE requires you to periodically rebuild the system from source, but this is FreeBSD's *advantage* -- it's a single, coherent system that can be easily and totally recompiled from up-to-date source code.
I've been running 4-STABLE now for almost 4 years and its still a supported (ie, active development and maintenance) branch of FreeBSD. The 2.2 and 3 STABLE branches are still there and I think 3 was still supported until the 5-STABLE branch was created.
Maintaining FreeBSD is easy if you track -STABLE and supported for years, and its often possible (albeit not necessarily recommnede) to upgrade from one major release to another -- I did it from 3.x to 4.x. In this manner (and not just point RELEASEs), FreeBSD revisions are suppported for years -- far longer than even most sane people would run a given revision of software.
I never did more chasing than I did trying to keep Dead Rat systems updated; either I used RPMs and prayed that the package author didn't decide to switch a bunch of compilation options, or a built packages from source, which meant I had to do my own porting. And then there was libc upgrades and all other manner of horror of trying to maintain an OS that was a kernel with a bunch of other stuff glued on without any coherency.
I'll grant some Linux distros have better turnkey desktop setups, and certainly greater corporate involvement (although ask yourself when "greater corporate involvement" and "better software" were part of the same sentence), and higher visibility.
But longer suppport, easier maintenance and reliability over the long haul? No way.
Re:At least the server didn't go down... (Score:2, Informative)
Linux as a server (Score:5, Informative)
Other root servers seem to run Linux (use nmap if you're curious), but I don't know the people running them so I can't be sure.
Now admittedly this is a very specific type of service: it's a single application that all fits into memory.
We're going to be moving www.ripe.net and whois.ripe.net from Solaris to Linux in 2004. The WWW server gets about 20 hits/second as you can see here [ripe.net], and the whois server gets around 28 hits/second as you can see here [ripe.net]. These have more complex usage, with disk I/O, new process creation, and so on. I wouldn't let these services migrate if I thought they would be unstable.
Re:Thanks, thanks! (Score:3, Informative)
I'll update it from time to time over the next day.
Re:Let me get this straight... (Score:1, Informative)
Then you get Linus telling people that binary kernel modules are supposed to be under the GPL. It's somewhat amazing and sad that Linux obtained so much publicity and commercial attention when it's such a bad platform in terms of stability, and its users are such rabid fanatics.
Re:You have been rooted, welcome to BSD (Score:2, Informative)
rooting DNS will have consequences.... (Score:2, Informative)
You say if this guy roots your DNS VM, he won't be able to deface your website. I'll point out the obvious: he now has control over the web address, and can point your website at his own box, where the defaced site lies. Or he can point it at the DNS box itself, install apache, and deface it there.
Point is, if he roots your DNS server, you are all kinds of jacked.