HomeBlogsPantelis Roditis's blog

Running on OpenBSD - The Development Network (Part 3)

Pantelis Roditis's picture
Fri, 13/07/2007 - 22:48 — Pantelis Roditis

In a world that three operating systems dominate (Windows, Linux, MacOS) and alternative sounds weird we gave a run at OpenBSD as our operating system from end-to-end. The following document is the third part of a four part paper that describes how we managed to setup our entire company using only OpenBSD and its provided ports and tools.

We hope you enjoy the reading.

Table of Contents

  1. Introduction
  2. Development Network
  3. Repository Server
  4. Products Beta Testing
  5. Database Server
  6. Overall

Introduction

In the past papers we described how our servers and workstations were configured. In the following paper we take a look at the development network, what kind of services were offered and how OpenBSD helped us setup a stable server farm for our needs.

Development Network

Granting, most workstations were quite well equipped, to handle development tasks (with virtual machines, local web servers, databases etc.), there were cases that this was not enough. For stress testing and security audit of our projects, we needed a central system that we were already familiar with its performance, that could easily be accessed by every developer.

Repository Server

The repository server was holding all the source code and even text documents. The repositories were under a Subversion server, although CVS would also serve us nicely. The reason we chose Subversion as our primary versioning system, was the fact that many of the hosting providers, we were working with, offered it as an option.

Note though, that we didn't limit our options. There was a CVS server running, that only a single developer had access to. Every major branch and release was imported on the CVS server for each project. We didn't mind so much about every little change that took place, but we wanted to be able, if worse thing happens (who knows), to switch as smooth as possible.

For web browsing of the repositories we used Trac and cvsweb from the ports. Although Trac is a bit heavy compared with alternative subversion interfaces, it offered an impressive integration with subversion, which we found very helpful. Furthermore, Trac provided a way to manage source code specific tasks at the same time which made it a clear winner.

Products Beta Testing

For our beta testing purposes we used a dedicated OpenBSD server running a clean installation of 4.1. Since our workstations were full of packages that we couldn't track (installing Firefox for instance, installs a large number of dependencies), we needed the system clean, in order to be able to verity that the entire process (installation, configuration, launch) of an application is in compliance with the current documentation.

Additionally, this system was serving as a beta testing machine for various applications (PHP mostly), that we wanted to test or approve. With the help of systrace, chroot-ed Apache and the documentation provided with OpenBSD, we were able to monitor and evaluate third-party applications with confidence and gain deep understanding of inner workings of the tested application.

After every test was completed, all packages were removed and verification that the system was intact was performed, with the nice mtree utility shipped with OpenBSD.

Database Server

In order to be able to test and run all those applications, many of which needed database or LDAP access, we used another OpenBSD system that had Postgres, MySQL and OpenLDAP installed from the ports. Despite all those services running at the same time, the system was not heavily used and OpenBSD performed without a hitch.

Overall

Overall, the development network did not differ from the previous configurations (back-end, workstations), however, the little bits and pieces of OpenBSD security made it worth of mention.

One of the little problems, known to most OpenBSD users, was the fact that a significant portion of applications that we attempted to test failed in compilation. There were three types of application problems that we encountered. Some of them we manage to overcome, others not.

  • Application OS Specific. In cases that an application was specifically designed for a specific operating system, it was understandable that there will be some problems. Usually, applications that for some reason required the sources of the Linux kernel and such. Whenever, that happened we tried to locate an alternative more open project, even if that meant that we had to create large patch-sets.
  • Application tweak. Other times the application was just fine, but certain header locations were different under OpenBSD so usually, we were able to overcome this problem with a bit of source code editing and command CFLAGS/LDFLAGS tweaking.
  • Unknown errors. And of course, there were cases that we simply could not figure out what was wrong. Some applications were so badly written, or simply were so massive in code base, that trying to figure out what is being going on was simply too much of an effort.

The difficulties we encountered, could hardly be blamed on OpenBSD. For every application we needed, and was not existing under the ports, OpenBSD package maintainers provided an alternative, often much better and worth learning (such as LaTeX, back when Abiword and OpenOffice was not existing in the ports).

Average: 4.8 (15 votes)

Comments

Tue, 24/07/2007 - 15:34 — viridari (not verified)

I have had a love/hate

I have had a love/hate relationship with OpenBSD for years. There are just some things that were harder than they had to be in OpenBSD, coming from a Linux background. That said, I'm wondering how you handled the three biggest problems I had with OpenBSD in the past: 1) File sharing. NFS is not secure at all. 2) Directory services for user metadata. There is no nsswitch service in OpenBSD so having a central directory of user accounts is a bit of a dilemma. 3) Patching. How do you keep all of your systems up to date? OpenBSD doesn't do it as simply as a "yum update" or "aptitude update && aptitude dist-upgrade". Thanks much! There is a lot in OpenBSD to love, but some of these nagging issues have had me keeping it at arms length for years.
Sun, 22/07/2007 - 13:52 — ct (not verified)

Thank you for sharing your

Thank you for sharing your OpenBSD experience. Can you describe your printer setup? Is it networked PostScript printer(s) over IPP or some thing more complicated?
Fri, 20/07/2007 - 22:31 — Amit (not verified)

I thoroughly enjoined

I thoroughly enjoined reading all the parts (3 so far) of your OpenBSD series. How about making this a monthly? ;) Also, I was interested to know the issues you had with hardware drivers. What kind of specs were used in the workstations and server? What about network card drivers? Any uses of OpenBSD in laptops? Thanks.
Fri, 20/07/2007 - 03:13 — Under an NDA :-) (not verified)

Glad to see someone

Glad to see someone promoting OpenBSD for the business environment! We're currently running our entire network infrastructure on top of OpenBSD, across multiple locations globally. This includes routers, firewalls, VPN gateways, webservers, mailservers, nameservers, source repositories. (We're also software developers) It's interesting to note that you've also extended the platform to your desktop environment (Kudos to you!), we're still running a combination of linux and windows environments in that department, and OpenBSD has handled the heterogeneous environment quite happily! There's only a few minor complaints I have with OpenBSD, usually performance related, yet the decision to use it was predominately a trade-off of performance for simplicity and security anyway.
Thu, 19/07/2007 - 09:00 — AG (not verified)

Thank you for a great

Thank you for a great series. But you did not mention anywhere why you did this? Why the particular choice to move every level of your environment to OpenBSD? I can think of several good reasons but I'd be interested to read a Part 4 on the motivations. And are you really testing web-based apps without any Windows boxes?
Thu, 19/07/2007 - 17:41 — Pantelis Roditis
Pantelis Roditis's picture

Glad you like it :) Yeap, on

Glad you like it :) Yeap, on the 4th part we mention the motivation for this, along with some problems we encountered along the way. Although, we were already OpenBSD funs, we wanted to look at it from a more business perspective, including costs, maintenance etc. As for the web-based apps (heheh) the mozilla family of browsers and particularly firefox with a lot of extensions allowed us to make sure that at least the code was valid. We tested our layouts with most of the available browsers under the ports to make sure that everything was as it should be. However, we did have a laptop that (for ownership reasons) was running Windows XP in order to test the layouts with Internet Explorer. ___ Dont prohibit what you cant prevent.
Thu, 19/07/2007 - 18:39 — Anonymous (not verified)

I would guess that cost is a

I would guess that cost is a big one. I would love to introduce this to my company. Unfortunately, my company is large, with people who can't/won't acknowledge any other OS than windows. Where are you located? Your "corporate" site does not mention that? It would be great if you were in San Diego... Do you recommend OpenBSD to customers, and push it as a low-cost (free as in air) alternative??? Keep up the great work. Bryan P.S. Love the math problem verifier... very nice...
Thu, 19/07/2007 - 20:38 — Pantelis Roditis
Pantelis Roditis's picture

Cost is particularly an

Cost is particularly an issue for everything that involves business one way or another. I can understand this approach from large companies, I guess that if we had a couple of hundreds people we would have to face different kind of challenges with this approach. We are located in London UK. Yes we tried to avoid including the address (for now) since we changed quite a lot of addresses the last couple of months. We do recommend OpenBSD based solutions, taking into consideration the customers needs. We do however educate our customers on the benefits of Open Source alternatives and we have good success so far. Open Source sounds specially convincing when we visit customers that run illegal copies of windows applications. Systems with illegal software fail to become "our children" (meaning we do not provide support for such systems). PS: You got to love Drupal :-) ___ Dont prohibit what you cant prevent.
Thu, 19/07/2007 - 05:32 — Nickus (not verified)

Great work on this series. I

Great work on this series. I hope it will make people think about alternatives. I've used OpenBSD in many different roles and it seldom lets you down.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Post new comment

Please solve the math problem above and type in the result. e.g. for 1+1, type 2.
The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • No HTML tags allowed

More information about formatting options