Re: Updating disconnected systems

From: Dave Cottlehuber <dch_at_skunkwerks.at>
Date: Mon, 30 Sep 2024 11:50:08 UTC
On Fri, 27 Sep 2024, at 19:18, Pat wrote:
> I figure can use Poudriere for packages, but that doesn't work for the 
> core system as far as I can tell?

Yes this is also possible.

Klara Systems released a tool, sync-be, to use zfs boot environments and
poudriere-image which works very nicely in airgapped systems.

It is a lot less complicated to setup and use than it appears to be,
probably is exactly what you want.

- servers configured with zfs boot environments
- poudriere-image (builds freebsd from sources and then builds packages)
- the resulting output is a new zfs boot environment, as a single tarball
- use https://github.com/KlaraSystems/sync-be to fetch and deploy it
- insert airgaps at appropriate points in the process

So a high-level upgrade process looks like:

- [net] update src & ports, and ports distfile tarballs
- [air] move them to your build machine
- `poudriere image -t zfs+send+be -j builder ...`
- [air] move the image file to the airgapped system
- install `/usr/local/bin/sync-be 13.4-RELEASE /etc/syncbe.conf < be202409301146.be.zfs`
- `bectl activate -t ...` and reboot

the boot env allows a trivial rollback in case of issues to the prior
boot env.

The syncbe.conf file takes a little bit of work to prepare, it's the
server-specific files and directories that should be shifted from
the current BE (root / dataset) into the new one. /etc/sshd/, /etc/hostid,
password files etc are common examples, and any custom stuff in /usr/local/etc/
or similar depending on your circumstances.

A+
Dave