On Thu, Feb 27, 2014 at 03:27:37PM -0800, David Wolfskill wrote: > I am not at all clear how to perform a migration of machines that > run authoritative nameservers from FreeBSD 9.x -> 10.x, given the > current setup of the dns/bind99 port. I'm hoping for some clues, > if not insight. > ....
I seem to have managed to perform the above migration for one of the two machines that I have here at home that meet the above description. (I have not yet attempted it for the other; if things seem OK after a week, it's next up.) Unrelated to this issue, I acquired the use of a test machine (to which I restored the backup images of the file systems of the machine I just upgraded, then changed the hostname & IP address). I was thus able to experiment a bit. On these machines, I have them set up to boot from either of 2 slices (each of which contains its own / and /usr; /var is the same file system (on a 3rd slice) regardless of which slice is booted), and flip from one slice to the other at each upgrade. I normally track a stable/N branch, updating weekly. Salient parts of the upgrade process for these intra-branch upgrades: * "Clone" the running slice to the other one. * Ensure that the root and usr file systems from the non-booted slice are mounted at a suitable mountpoint. * Mount /usr/src and /usr/obj read-only via NFS from the "build machine." * cd /usr/src && \ make installkernel installworld DESTDIR=${other_slice_mountpoint}; mergemaster gets a -D flag for similar purposes. * Reboot from the newly-populated "other slice." * Mount /usr/src and /usr/obj read-only via NFS from the "build machine" (because some ports (e.g., sysutils/lsof) want access to that information). * Update installed ports. (I have been using "portmaster -ad" for some time for this.) * Perform the "make delete-old-libs" mentioned in src/UPDATING. * Reboot to ensure that nothing is still using old ports. For this exercise (9.x -> 10.x on a machine running an authoritative name server), here's what worked for me: * Mount /usr/src and /usr/obj read-only via NFS from the "build machine" (because some ports (e.g., sysutils/lsof) want access to that information). * Update installed ports. * cp -pr /var/named/etc/namedb /usr/local/etc/ * cd /usr/local/etc/namedb && foreach f (`find . -type d -name RCS -prune -o -type f -print0 | \ xargs -0 grep -l '"/etc/'`) sed -i "" -e 's/"\/etc/"\/usr\/local\/etc/g' $f end * "Clone" the running slice to the other one. * Ensure that the root and usr file systems from the non-booted slice are mounted at a suitable mountpoint. * Mount /usr/src and /usr/obj read-only via NFS from the "build machine." * cd /usr/src && \ make installkernel installworld DESTDIR=${other_slice_mountpoint}; mergemaster gets a -D flag for similar purposes. * Reboot from the newly-populated "other slice." * Install ports/misc/compat9x (e.g., "portmaster misc/compat9x")/ * Re-install ports/dns/bind99 (e.g., "portmaster dns/bind99")/ * service named restart (and verify that lookups are faster now that the first nameserver listed in /etc/resolv.conf actually has named running). * Perform the "make delete-old-libs" mentioned in src/UPDATING. * Reboot to ensure that nothing is still using old ports. Note that while dns/bind99 and misc/compat9x were built/installed under 10.x, the rest of the ports on the system are still running after having been built/installed under 9.x. This is intentional, so I have a relatively easy fallback option in case of Something Bad happening (reboot from the previous slice, which still has stable/9 installed). After a week (or two), I expect to cut over fully, and perform the process documented near the bottom of portmaster(8) to rebuild/iinstall all installed ports under stable/10. And then I expect to do the same for my laptop and the build machine... and then I'll stop tracking stable/9. YMMV, and all that. Peace, david -- David H. Wolfskill da...@catwhisker.org Taliban: Evil cowards with guns afraid of truth from a 14-year old girl. See http://www.catwhisker.org/~david/publickey.gpg for my public key.
pgpB9XBjVnbhK.pgp
Description: PGP signature