Re: How to better update a jail host system

Wed, 19 Dec 2007 23:51:36 -0800

Quoting Andrew Hotlab <[EMAIL PROTECTED]> (from Wed, 19 Dec 2007 14:42:31 +0000):
Coming from a MSFT professional experience, I've been particularly impressed by the FreeBSD jail system, and I'm using the ezjail framework to manage some jails on a FreeBSD 6.2-RELEASE host in a pre-production environment. To track the security branch both on the host and the jails I'm using the "update from source" method: I synchronize the source tree with csup(1), build and install the kernel, build and install the userland for the host first and then for the jails (using the ezjail-admin(1) "update -i" switch). 


You should maybe use "make delete-old DESTDIR=/path/to/basejail" (and  
delete-old-libs after making sure all ports which depend upon the old  
files (check-old-files lists the old files) are rebuild with the new  
ones) in the src directory. On a -stable branch there should be not  
much removed, but if you keep the system over several releases, it's  
handy.



All that is working fine now, but I wonder if I could speed up the   
whole process, by switching to the binary update method. By using   
the freebsd-update(8) utility on the host I think to maintain the   
system cleaner (this utility only updates the installed   
distributions) and to reduce the administrative effort (no   
mergemaster(8) required, I'm right?).



I don't know how freebsd-update handles the changes in /etc, but it  
can not do magic (for the update you have to update the basejail, and  
as such freebsd-update doesn't know about the etc directory of each  
jail), so something like mergemaster has to be done. I also don't know  
how it handles old (removed) files, maybe is doesn't touch them, to be  
on the safe side.



Regarding the distributions which you haven't installed: you can  
exclude parts from building/installation. If you have a 7.x system,  
you can do "man src.conf" for all the options  
(http://www.freebsd.org/cgi/man.cgi?query=src.conf&apropos=0&sektion=0&manpath=FreeBSD+7.0-RELEASE&format=html). 6.x has similar options, but IIRC you have to specify them in  
make.conf.


Bye,
Alexander.

--
The egg cream is psychologically the opposite of circumcision -- it
*pleasurably* reaffirms your Jewishness.
                -- Mel Brooks

http://www.Leidinger.net    Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org       netchild @ FreeBSD.org  : PGP ID = 72077137
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[EMAIL PROTECTED]"






















					Reply via email to