Best practice to update jails
Redd Vinylene
reddvinylene at gmail.com
Thu Aug 20 20:34:25 UTC 2009
On Thu, Aug 20, 2009 at 8:50 PM, Jose Amengual <jose.amengual at gmail.com>wrote:
> Hi guys.
>
> I have a dev server for our developers that holds around 40 jails, each
> jail has php, mysql, python etc.
>
> The server is now 7.0 and was wondering what is the best practice to
> maintain security patches and kernel updates and I came out with the
> following idea :
>
> 1.- freebsd-update fetch install ( host system)
> 2.- rebuild kernel ( I have a custom kernel )
> 3.- ezjail-update -b ( update basejail for all jails )
> 4.- run in cron portaudit on the jails for thirty party security updates
> 5.- run portupgrade in case of a security update or for apps upgrade on the
> jails.
>
> I red in some forums that if you run freebsd-update you will need to do a
> portuprade -fa to reinstall all the thirty party apps because freebsd-update
> could upgrade or remove some libraries linked to that programs, is this
> true ?, will be better to run a cvsup and instead ?
>
> That are some points of my idea but reading on internet I finished more
> confuse about how will be the best way to do this.
>
> any ideas will more appreciate.
>
> Thanks.
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
>
Hi,
here's how I do it, hope it helps: http://pastie.org/590295
Redd Vinylene
--
http://www.home.no/reddvinylene
More information about the freebsd-virtualization
mailing list