From owner-freebsd-jail@FreeBSD.ORG Thu Aug 20 19:22:51 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C9FE1106568B; Thu, 20 Aug 2009 19:22:51 +0000 (UTC) (envelope-from jose.amengual@gmail.com) Received: from mail-px0-f198.google.com (mail-px0-f198.google.com [209.85.216.198]) by mx1.freebsd.org (Postfix) with ESMTP id 958F78FC16; Thu, 20 Aug 2009 19:22:51 +0000 (UTC) Received: by pxi36 with SMTP id 36so3415678pxi.7 for ; Thu, 20 Aug 2009 12:22:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:in-reply-to:subject :x-priority:references:message-id:content-type :content-transfer-encoding:mime-version:date:cc:x-mailer; bh=qzPtAo6dCi2coejcbEc1tzPUTg2I3CpRJRlMQczQdOA=; b=kfTmRHPZGdJoRlaMG5nDDBCpjBQeEw7lgXbi6LZsFTn28hBSYIHw2KbhfCyH3yiz8c 90UOUZJWlZninsidroa96dUBKBpq/4bLRGYcA/TrdDY+QYxmaT6k5tDFJF7aMMdiIQ7i rKLSFQNZyxUeo4f7YjxrqJ+yIJU7ENj0vU6Ec= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:in-reply-to:subject:x-priority:references:message-id :content-type:content-transfer-encoding:mime-version:date:cc :x-mailer; b=xkqZSRYwnlCJBf7+KX7iihS9jCMm4d71rXPb8ZNXmmz9SeKq4Szk+x0qasH29p5PSb XK3PmxLkPncMX8TJ7nMwg+iL8KplpI97ue19wjL6Dnob1r3E401C6gBaHlh6ZZgi5hw3 h8UsEqvuY7QpxGqppvRGh3+839uAPQY0nvFMg= Received: by 10.115.100.35 with SMTP id c35mr178427wam.104.1250794252762; Thu, 20 Aug 2009 11:50:52 -0700 (PDT) Received: from PePewi.workatplay ([96.49.96.182]) by mx.google.com with ESMTPS id n40sm611925wag.22.2009.08.20.11.50.50 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 20 Aug 2009 11:50:51 -0700 (PDT) From: Jose Amengual To: freebsd-jail@freebsd.org In-Reply-To: <20090820121309.122740@gmx.net> X-Priority: 5 References: <20090820121309.122740@gmx.net> Message-Id: <9C042ACE-8677-4104-BBB5-5F80C7EAFD3C@gmail.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v936) Date: Thu, 20 Aug 2009 11:50:49 -0700 X-Mailer: Apple Mail (2.936) Cc: freebsd-virtualization@freebsd.org Subject: Best practice to update jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Aug 2009 19:22:51 -0000 Hi guys. I have a dev server for our developers that holds around 40 jails, each jail has php, mysql, python etc. The server is now 7.0 and was wondering what is the best practice to maintain security patches and kernel updates and I came out with the following idea : 1.- freebsd-update fetch install ( host system) 2.- rebuild kernel ( I have a custom kernel ) 3.- ezjail-update -b ( update basejail for all jails ) 4.- run in cron portaudit on the jails for thirty party security updates 5.- run portupgrade in case of a security update or for apps upgrade on the jails. I red in some forums that if you run freebsd-update you will need to do a portuprade -fa to reinstall all the thirty party apps because freebsd-update could upgrade or remove some libraries linked to that programs, is this true ?, will be better to run a cvsup and instead ? That are some points of my idea but reading on internet I finished more confuse about how will be the best way to do this. any ideas will more appreciate. Thanks.