On May 10, 2006, at 2:33 AM, Iantcho Vassilev wrote:
On 5/9/06, Chad Leigh -- Shire.Net LLC <[EMAIL PROTECTED]> wrote:
On May 9, 2006, at 5:53 AM, Michael Grant wrote:
> When it comes time to upgrade, how does one upgrade 100 different
> jails? This will be a nightmare!
Actually, not. You only need 1 master jail and a bunch of nullfs
read only mounts plus some exclusive space for each jail. I run 44
jails at the moment this way. Upgrading is relatively easy as I only
have to upgrade one master jail (and unfortunately lots of jail etc
if such happens but a few scripts can automate much of that).
All the jails run out of one installed jail and they also have the
side benefit of the main system directories being read only so
exploits in one jail cannot affect all the running jails.
I really like the setup you have make..
One question.How do you update the system(and the jail) ?
I shut all the jails down, and update the system. Then I boot
without starting the jails and rebuild the master jail according to
"man jail". Then I start a special main jail that was used to
install ports used, if any, into a common area and do any updates
necessary -- this last one from 5.4 to 6.0 I just made sure I had the
5x compatibility stuff installed and all was fine for now so I have
more time to redo individual ports or SW built frmo scratch. When
that is done I restart all the jails.
I had about 40 jails active when I went from 5.4 to 6.0 on this
particular machine (some earlier ones I did from 5.4 to 6.0 had maybe
1 or 2 jails so they were not the definitive test case). Had no
problems once I made sure all the jails were accessing the compat 5x
stuff (which I did by editing in each jail /etc -- you could use a
script but I am lousy at writing more than simple scripts -- the
rc.conf and making sure that "ldconfig_paths=" was set appropriately
to the master jail wide compat5x library location...
Chad Leigh -- Shire.Net LLC
Your Web App and Email hosting provider
chad at shire.net
email@example.com mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"