a methodology to do a binary update on a jailed system
doug at safeport.com
doug at safeport.com
Mon Aug 25 23:03:28 UTC 2014
This documents the method I used to use freebsd-update to update a jail host,
and a guest jail. I then installed a second jail after the updates to test that
the basejail was updated correctly. This method follows the methodology laid
out by Kozlov Sergey on the ezjail mailing list. His outline works. I have
included a bit more detail here.
The method I followed is basically doing the following steps:
shutdown jail[s] and host system services
freebsd-update [fetch|update] -- host system
freebsd-update install
freebsd-update [fetch|update] -- basejail
freebsd-update install
freebsd-update [fetch|update] -- each jail
freebsd-update install
set rc.conf so jail[s] do not start
reboot
freebsd-update install
reboot [or not, as instructed; I usually reboot anyway]
In this test I started with a 9.1-RC3 system, upgraded it to 9.2, installed
ezjail and some other stuff and added a jail. I then followed the above to
update the systems to 9.3.
To do this two freebsd-update.conf files are needed:
freebsd-update-basejail.conf
Components world/base world/lib32
IgnorePaths /etc /root /var /usr/games /usr/home /usr/local /usr/obj
StrictComponents yes
ServerName ---\___ copied from /etc/freebsd-update.conf
KeyPrint ---/
freebsd-update-jails.conf
IgnorePaths /bin /boot /home /lib /libexec /proc /rescue /sbin /sys /tmp \
/usr/bin /usr/sbin /usr/include /usr/lib /usr/lib32 /usr/libdata \
/usr/libexec /usr/share /usr/src
ServerName ...
KeyPrint ...
I found by trial and error that ServerName and KeyPrint are required, either on
the command line or in the file (my choice). You must tailor the Components line
in the base jail conf file. I did not have lib32 installed on the host system
but left it in to see what would happen. Basejail and the jail I created were
updated to include /usr/lib32 without (I assume) the supporting kernel stuff.
That probably does not hurt but ...
The commands used are then:
base: freebsd-update -b /usr/jails/basejail -f freebsd-update-basejail.conf <cmd>
jail: freebsd-update -b /usr/jails/jail1 -f freebsd-update-jails.conf <cmd>
It would seem to me this method will work for any jail system where the jails
share a base via symlinks. I have not tested going across a major version. That
has the added complexity of updating the ports. I found that the ezjail source
update worked as documented.
_____
Douglas Denault
http://www.safeport.com
doug at safeport.com
Voice: 301-217-9220
Fax: 301-217-9277
More information about the freebsd-questions
mailing list