[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] Proper Steps to Update Host & Jails

Hi everyone,

Recently I was updating my box to from 9.2-RELEASE to 10-RELEASE using freebsd-update

First thing I noticed - "ezjail-admin update -U" not only doesn't update /etc and /var directories of jails, but also it calls "freebsd-update install" in the basejail again and again until it exists with error "nothing to install, please fetch". On the third step freebsd-update deletes obsolete library files, so when I started all my jails 80% of software installed from ports just didn't start. Freebsd-update stops after each step for a reason, so if I updated basejail and jails by hand i could just stop after the second step, rebuild all ports (as recommended by handbook) in all my jails and only then run freebsd-update on the basejail for the third time, getting almost zero downtime. Thankfully before doing this on the production server I duplicated it to my virtualbox vm (using zfs send | zfs receive) and tried it. Then I rolled back and tried to make upgrade by hand. I created two freebsd-update.conf files: one for basejail, one for jails. The point was to specify IgnorePaths, Components and StrictComponents correctly:

For the basejail (freebsd-update-basejail.conf):
Components world/base world/lib32
IgnorePaths /etc /root /var /usr/games /usr/home /usr/local /usr/obj /usr/tests
StrictComponents yes

For jails (freebsd-update-jails.conf):
Components world/base
IgnorePaths /bin /boot /home /lib /libexec /proc /rescue /sbin /sys /tmp \
/usr/bin /usr/sbin /usr/include /usr/lib /usr/lib32 /usr/libdata /usr/libexec \
/usr/share /usr/src
StrictComponents yes

(I know that IgnorePaths contain redundant entries)

Then I upgraded my basejail using
# UNAME_r="9.2-RELEASE" freebsd-update -b /usr/jails/basejail -f freebsd-update-basejail.conf -r 10.0-RELEASE upgrade
And then
# freebsd-update -b /usr/jails/basejail -f freebsd-update-basejail.conf install
again and again

# for i in jail_foo jail_bar jail_baz
# do
# UNAME_r="9.2-RELEASE" freebsd-update -b /usr/jails/$i -f freebsd-update-jails.conf -r 10.0-RELEASE upgrade
# done
And then
# for i in jail_foo jail_bar jail_baz
# do
# freebsd-update -b /usr/jails/$i -f freebsd-update-jails.conf install
# done
again and again

IMHO ezjail-admin -U option must be considered harmful in this implementation, and must be rewritten.
I want to help and I would like to provide patches as soon as I have time to write them

Best regards,
Kozlov Sergey.

On 29.01.2014 15:57, Michiel Detailleur wrote:
I just learned that ezjail-admin does not update /etc and /var during
the freebsd-update invoked. Although I do have code that can do this, it
somehow never found the way into ezjail, I guess this was because it
always caused hours of resolving merge conflicts with only the CVS-IDs
in rc.d-scripts and I never got around fixing that.

Hi Dirk,

I guess you call mergemaster for that? This is the line I use for that (scraped together from bits here and there on this list, thanks guys!):

IGNORE_FILES='/boot/device.hints /etc/motd /root/.cshrc /root/.k5login /root/.login /root/.profile' mergemaster -iUF -D /usr/jails/jail

It ignores some files that always give me trouble and are not so important. But more importantly, the switches "-iUF" cut down A LOT on unneeded manual merges :)

I have used this (in a loop even, to quickly run through all jails) many times, I think I went from 6.x to 8.x with this on a couple of jails. Might just about call it "tried and tested" :)

Mind you, you still need to do some manual merges. And getting the hang of mergemaster and it's diff and patch tool is needed to be able to do it quickly.



Met vriendelijke scouts- en gidsengroeten,

Michiel Detailleur | Medewerker Informatica
Scouts en Gidsen Vlaanderen vzw
Lange Kievitstraat 74
2018 Antwerpen

T: +32 (0)3 231 16 20
F: +32 (0)3 232 63 92
md AT scoutsengidsenvlaanderen DOT be