From nobody Thu Oct 10 20:13:51 2024 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XPgvF2HKkz5YZG9 for ; Thu, 10 Oct 2024 20:14:01 +0000 (UTC) (envelope-from cli_junkie@protonmail.com) Received: from mail-4316.protonmail.ch (mail-4316.protonmail.ch [185.70.43.16]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "protonmail.com", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XPgvC5ztpz4S1f for ; Thu, 10 Oct 2024 20:13:59 +0000 (UTC) (envelope-from cli_junkie@protonmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=protonmail.com header.s=protonmail3 header.b=ix9Ziuan; spf=pass (mx1.freebsd.org: domain of cli_junkie@protonmail.com designates 185.70.43.16 as permitted sender) smtp.mailfrom=cli_junkie@protonmail.com; dmarc=pass (policy=quarantine) header.from=protonmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1728591234; x=1728850434; bh=yyltwO1dXKpu4MS5iGZ8KTc3TgdRetv2I45cmt9CMBk=; h=Date:To:From:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=ix9ZiuanLemBhW9GcKIIfdVIxZR1FTmhkRuigYCmyA4/CLLgoSkVthlIpWFUhd97z YAoFSI1FANPjpQCqs7y3JHqpaRJwaGLnzujKYeU7xCQ+gNI8a/sAS3Q7UN25TjEZzi ObLelIMPOlmXk86F7Z/B85KF1F9al72nIm2DfwAIqt3x0JoDm856zhAIY1/zcf8iYP REV3HeRSyFK+M5ZFqspbqBn+SMHaJI9f7S8hTP5w1D5sUiceVm+Zvba0vywwU0fjPv Twc1MTXAE37XU01B1a+ex6h0Vc3xZaPkvlPLAG3dDq52LHugsMiCrVQ5Q0E3WEWx/N hLkBxrIb5M6xA== Date: Thu, 10 Oct 2024 20:13:51 +0000 To: freebsd-questions From: Pat Subject: Re: Updating disconnected systems Message-ID: In-Reply-To: References: Feedback-ID: 34340203:user:proton X-Pm-Message-ID: d63bff4195c34192bd659c8210ff745b36ed999b List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-4.20 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; DMARC_POLICY_ALLOW(-0.50)[protonmail.com,quarantine]; R_DKIM_ALLOW(-0.20)[protonmail.com:s=protonmail3]; R_SPF_ALLOW(-0.20)[+ip4:185.70.43.0/24]; RWL_MAILSPIKE_VERYGOOD(-0.20)[185.70.43.16:from]; MIME_GOOD(-0.10)[text/plain]; FREEMAIL_ENVFROM(0.00)[protonmail.com]; FREEMAIL_FROM(0.00)[protonmail.com]; MIME_TRACE(0.00)[0:+]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:62371, ipnet:185.70.43.0/24, country:CH]; MISSING_XM_UA(0.00)[]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[protonmail.com:+] X-Rspamd-Queue-Id: 4XPgvC5ztpz4S1f X-Spamd-Bar: ---- On Monday, September 30th, 2024 at 06:50, Dave Cottlehuber wrote: >=20 >=20 > On Fri, 27 Sep 2024, at 19:18, Pat wrote: >=20 > > I figure can use Poudriere for packages, but that doesn't work for the > > core system as far as I can tell? >=20 >=20 > Yes this is also possible. >=20 > Klara Systems released a tool, sync-be, to use zfs boot environments and > poudriere-image which works very nicely in airgapped systems. >=20 > It is a lot less complicated to setup and use than it appears to be, > probably is exactly what you want. >=20 > - servers configured with zfs boot environments > - poudriere-image (builds freebsd from sources and then builds packages) > - the resulting output is a new zfs boot environment, as a single tarball > - use https://github.com/KlaraSystems/sync-be to fetch and deploy it > - insert airgaps at appropriate points in the process >=20 > So a high-level upgrade process looks like: >=20 > - [net] update src & ports, and ports distfile tarballs > - [air] move them to your build machine > - `poudriere image -t zfs+send+be -j builder ...` > - [air] move the image file to the airgapped system > - install `/usr/local/bin/sync-be 13.4-RELEASE /etc/syncbe.conf < be20240= 9301146.be.zfs` > - `bectl activate -t ...` and reboot >=20 > the boot env allows a trivial rollback in case of issues to the prior > boot env. >=20 > The syncbe.conf file takes a little bit of work to prepare, it's the > server-specific files and directories that should be shifted from > the current BE (root / dataset) into the new one. /etc/sshd/, /etc/hostid= , > password files etc are common examples, and any custom stuff in /usr/loca= l/etc/ > or similar depending on your circumstances. >=20 > A+ > Dave Thank you Dave, and previously to Dewayne as well. Very nice and useful information. I plan to start this migration soon and may be back with further questions as I progress. And apologies for the extended delay, I've been traveling. Regards, Pat