How to better update a jail host system
Jon Passki
jon.passki at hursk.com
Mon Dec 24 21:14:00 PST 2007
On 12/19/07, Andrew Hotlab <andrew.hotlab at hotmail.com> wrote:
[snip]
> All that is working fine now, but I wonder if I could speed up the whole process, by switching to the binary update method. By using the freebsd-update(8) utility on the host I think to maintain the system cleaner (this utility only updates the installed distributions) and to reduce the administrative effort (no mergemaster(8) required, I'm right?).
>
> Do you think my thinking is right, or there are some aspects I'm missing? (As I said, I'm not a very experienced FreeBSD sysadmin) :)
I've wrestled with jail update schemes for a while now. Here's what I've tried:
--) jail(8) method (direct output of make world)
--) Taking make world and creating a tarball. Use that tarball for a
custom port input and use the port to create the jail (make
JAIL_IP=1.2.3.4 JAIL_NAME=blah), recording everything as a package
(still in use)
--) Use subversion to store the binaries and have subversion drive
things (not very complex w/ base, but becomes highly complex with
ports and one-off integration; got my docs, but never went into
production)
I've come to realize I had the "Not Invented Here" [1] syndrome. This
still existed even though I mainly track RELENG_6_2 (6.2-RELEASE
Security branch) and have maybe 5 human hours a week at most to devote
to FreeBSD sysadmin. Colin Percival has already solved how to update
the base system with minimal effort via freebsd-update(8). I'm now
embracing the FreeBSD way of doing things.
You can re-create your binary jail setup easily from sysinstall:
sysinstall _ftpPath=ftp://ftp.FreeBSD.org/pub/FreeBSD/
nonInteractive=yes mediaSetFTP releaseName=6.2-RELEASE dists=base
distSetCustom installRoot=/path/to/jail installCommit
Then, the only thing you have to manage is packages. With a patched
freebsd-update [2], you can even update from 6.2 to 6.3. If ezjail
supports a binary tarball update, it would be trivial to take the
output of the sysinstall and freebsd-update and roll one.
I dunno if your thinking is OK, but mine wasn't. Now, hopefully mine
will be :-)
[1] http://en.wikipedia.org/wiki/Not_Invented_Here
[2] http://www.daemonology.net/blog/2007-11-10-freebsd-minor-version-upgrade.html
Cheers,
Jon
More information about the freebsd-jail
mailing list