On May 10, 2006, at 2:33 AM, Iantcho Vassilev wrote:

On 5/9/06, Chad Leigh -- Shire.Net LLC <[EMAIL PROTECTED]> wrote:

On May 9, 2006, at 5:53 AM, Michael Grant wrote:

> When it comes time to upgrade, how does one upgrade 100 different
> jails?  This will be a nightmare!

Actually, not.  You only need 1 master jail and a bunch of nullfs
read only mounts plus some exclusive space for each jail.    I run 44
jails at the moment this way.  Upgrading is relatively easy as I only
have to upgrade one master jail (and unfortunately lots of jail etc
if such happens but a few scripts can automate much of that).


All the jails run out of one installed jail and they also have the
side benefit of the main system directories being read only so
exploits in one jail cannot affect all the running jails.

I really like the setup you have make..

One question.How do you update the system(and the jail) ?

I shut all the jails down, and update the system. Then I boot without starting the jails and rebuild the master jail according to "man jail". Then I start a special main jail that was used to install ports used, if any, into a common area and do any updates necessary -- this last one from 5.4 to 6.0 I just made sure I had the 5x compatibility stuff installed and all was fine for now so I have more time to redo individual ports or SW built frmo scratch. When that is done I restart all the jails.

I had about 40 jails active when I went from 5.4 to 6.0 on this particular machine (some earlier ones I did from 5.4 to 6.0 had maybe 1 or 2 jails so they were not the definitive test case). Had no problems once I made sure all the jails were accessing the compat 5x stuff (which I did by editing in each jail /etc -- you could use a script but I am lousy at writing more than simple scripts -- the rc.conf and making sure that "ldconfig_paths=" was set appropriately to the master jail wide compat5x library location...

Done, finis


Chad Leigh -- Shire.Net LLC
Your Web App and Email hosting provider
chad at shire.net

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to