Make installworld in single-user mode all the time?
Russell E. Meek
rmeek at russellmeek.net
Thu Mar 23 09:07:53 UTC 2006
Philippe Lang wrote:
> Hi,
>
> I'd like to patch a production server, with about 10 jails, running FreeBSD
> 6.0 Release, in order to get FreeBSD 6.0-p6.
>
> Since this server is being hosted on a remote location, rebooting in
> single-user mode before doing the installworld requires me to move to the
> hosting center.
>
> Documentation mentions that a reboot in single-user mode is necessary. But
> on the opposite, /usr/src/UPDATING says:
>
>> Also, when doing a major release upgrade, it is required that
>> you boot into single user mode to do the installworld.
>
> Since this is no "major release upgrade", does that mean I can do the
> installworld in multi-user mode?
>
> I have tested that on a smaller test server yesterday evening, I have even
> done the installworld in running jails, and it worked just fine. Was I lucky
> maybe?
>
> Does anyone have a definitive guide to update FreeBSD correctly?
>
> Here is what I did:
>
> ----------
>
> 1) Cleaning
>> cd /usr/obj
>> chflags -R noschg *
>> rm -rf
>
> 2) Buildworld & Kernel
>> cd /usr/src
>> make buildworld (/usr/src/UPDATING mentions we should avoid the -j option)
>> make kernel KERNCONF=<MY_KERNEL_CONF>
>
> 4) When doing a major release upgrade:
>> reboot in single-user mode
>> fsck -p
>> mount -u /
>> mount -a -t ufs
>> swapon -a
>> adjkerntz -i
>
> 6) Installworld
>> cd /usr/src
>> mergemaster -p
>> make installworld
>> mergemaster
>
> 7) Update jail1
>> mergemaster -p -D /usr/jails/my_jail1
>> make installworld DESTDIR=/usr/jails/my_jail1
>> mergemaster -D /usr/jails/my_jail1
>
> 8) Update jail2
>> mergemaster -p -D /usr/jails/my_jail2
>> make installworld DESTDIR=/usr/jails/my_jail2
>> mergemaster -D /usr/jails/my_jail2
>
> 9) Reboot
>
> ----------
>
> Regards,
>
> ----------------------------------
> Philippe Lang, Ing. Dipl. EPFL
> Attik System
> rte de la Fonderie 2
> 1700 Fribourg
> Switzerland
> http://www.attiksystem.ch
>
> Tel: +41 (26) 422 13 75
> Fax: +41 (26) 422 13 76
> Email: philippe.lang at attiksystem.ch
Here is the way I have always perform installworlds. Although this
method may be disregarded and unwarranted, it has yet to fail me.
All functions are performed in multi-user mode.
--------------------------------------------------------------------
If using kern_securelevel_enable="YES" in rc.conf
ee /etc/rc.conf (change kern_securelevel_enable="YES" to
kern_securelevel_enable="NO")
--------------------------------------------------------------------
ee /etc/fstab (remove nosuid,noexec from /tmp if applied)
I have noticed installworld issues if noexec / nosuid are applied to
mounted /tmp.
---------------------------------------------------------------------
su -
cd /usr/obj
rm -rf *
cd /usr/src
cvsup -g -L2 -h freebsd11.cvsup.org /root/<cvsup file>
Place kernel file in /usr/src/sys/<arch>/conf
make buildworld && make buildkernel KERNCONF=<kernel name> && make
installkernel KERNCONF=<kernel name> && mergemaster -p
reboot
cd /usr/src/
make installworld && mergemaster
ee /etc/rc.conf (change kern_securelevel_enable="NO" to
kern_securelevel_enable="YES")
ee /etc/fstab (add your nodev,noexec,nosuid tags to /tmp)
reboot
cd /usr/obj/
rm -rf *
cd /usr/src/
make cleandir; make cleandir
---------------------------------------------------------------
I picked this method (most of it) up off of taosecurity. I have used it
countless times with no issues whatsoever on remote servers.
Thanks,
Russell
More information about the freebsd-questions
mailing list