Managing updates in jails

Ruben Bloemgarten ruben at bloemgarten.demon.nl
Wed May 18 09:29:30 PDT 2005


Hi Mark,

What I find a lot easier is to use freebsd-update for the base system
updates and, after having mount_nullfs'd /usr/ports from the host system
onto the jailed systems, portsnap and portupgrade. 
-> host system : freebsd-update/portsnap/portupgrade
   Jailed system : freebsd-update/portupgrade

All in all in takes about 20-40 minutes to update all systems host+5Jails.

Good luck, 
Ruben  

-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org] On Behalf Of Mark Bucciarelli
Sent: May 13, 2005 7:46 PM
To: FreeBSD-questions at FreeBSD.org
Subject: Managing updates in jails

I'm a recent convert to FreeBSD, mainly because of the jail 
functionality.  I am trying to figure out a good system for keeping 
jails updated and am running against my lack of experience with the 
compile-from-source approach as well as the different startup scripts.

I have pretty much settled on the idea of creating a template or base 
jail, updating that, then creating a tarball that I can extract over any 
other jail I need to update.  I figure I won't have more than six jails 
and the complexity of hardlinks and/or unionfs/nullfs for me is not 
worth the saved disk space.

Currently, I have been making buildworld, make buildkernel, etc on the 
host, then repeating the process inside the template jail.  The host is 
just going to run sshd and ntpd, the template will be apache+mysql+php.

A couple questions:

- is there a correct way to "reuse" the makekernel and makeworld done on 
the host system for the template jail?  for example, using DESTDIR 
and/or NOREBUILD?  (I tried DESTDIR initially to install vim into the 
template jail, but when I ran vim inside the jail, it wouldn't start b/c 
it was missing a library.  So I back tracked and installed the entire 
ports tree inside the jail and built stuff from there.)  It takes around 
three hours to rebuild everything once, so this will be a limiting 
factor on how fast I can patch the system (unless I invest in another, 
faster machine just for compiling).

- what directories in the template jail do i need to tar when applying 
an upgrade to other jails?  just /usr and some selected pieces of /etc?

- i need to support multiple ip's per jail.  i found a patch that 
applies (pretty much--some wierdness in netinet6) against 5.4, but would 
like to use the existing rc.conf to manage startup.  where would i look 
to modify the jail startup command to pass multiple ips?

- what do people do with the mount command inside a jail--just delete 
it?  are there other commands you take out?

Thanks for any pointers, I think a section on jails would be a good 
addition to the handbook.

Regards,

m

_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"


-- 
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.11.9 - Release Date: 05/12/2005


-- 
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.11.9 - Release Date: 05/12/2005
 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.11.12 - Release Date: 05/17/2005
 



More information about the freebsd-questions mailing list