From owner-freebsd-virtualization@FreeBSD.ORG Thu Aug 20 20:34:25 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2F45B106568C; Thu, 20 Aug 2009 20:34:25 +0000 (UTC) (envelope-from reddvinylene@gmail.com) Received: from mail-ew0-f209.google.com (mail-ew0-f209.google.com [209.85.219.209]) by mx1.freebsd.org (Postfix) with ESMTP id 775C48FC16; Thu, 20 Aug 2009 20:34:24 +0000 (UTC) Received: by ewy5 with SMTP id 5so203043ewy.36 for ; Thu, 20 Aug 2009 13:34:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=9eOyVLIyykcrwtvqg+wST5Xlx/pfKQBzpZFtNl9vshk=; b=ZlRcMEwlLj1uoq4ws3cJwC+sZlUwCmx5D4gCk8ainyZBr4r8joHcM6uPQwNRolXCAF XmjXC7LPAx0UqHedBUZkUqMR9bQzRlHp0Teg4vAaI1p6izIuQ/P7JOKHS9L725VSvhWV 1SqOuTHuuoQB9QXxGW/uZ+lzO1LlBVdMHWa5k= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=OXYnDc2xK7Et82yPfQKVdBQ5hM9D3bpDO8TC7GjYxjSh5//dK4FIFZSSzTCxtpBVvk C4Ea51sWjWqT6W9b2cpm86abST4rzf8+tZQOFTQck2CaZ9KaCqM1yc6LngfvGDO3AOF4 SIgtj6eLyYznpTCHGRjmSknmpbXJn43amxH74= MIME-Version: 1.0 Received: by 10.216.36.82 with SMTP id v60mr41104wea.120.1250799036028; Thu, 20 Aug 2009 13:10:36 -0700 (PDT) In-Reply-To: <9C042ACE-8677-4104-BBB5-5F80C7EAFD3C@gmail.com> References: <20090820121309.122740@gmx.net> <9C042ACE-8677-4104-BBB5-5F80C7EAFD3C@gmail.com> Date: Thu, 20 Aug 2009 22:10:36 +0200 Message-ID: From: Redd Vinylene To: Jose Amengual X-Mailman-Approved-At: Fri, 21 Aug 2009 08:23:48 +0000 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-jail@freebsd.org, freebsd-virtualization@freebsd.org Subject: Re: Best practice to update jails X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Aug 2009 20:34:25 -0000 On Thu, Aug 20, 2009 at 8:50 PM, Jose Amengual wrote: > Hi guys. > > I have a dev server for our developers that holds around 40 jails, each > jail has php, mysql, python etc. > > The server is now 7.0 and was wondering what is the best practice to > maintain security patches and kernel updates and I came out with the > following idea : > > 1.- freebsd-update fetch install ( host system) > 2.- rebuild kernel ( I have a custom kernel ) > 3.- ezjail-update -b ( update basejail for all jails ) > 4.- run in cron portaudit on the jails for thirty party security updates > 5.- run portupgrade in case of a security update or for apps upgrade on the > jails. > > I red in some forums that if you run freebsd-update you will need to do a > portuprade -fa to reinstall all the thirty party apps because freebsd-update > could upgrade or remove some libraries linked to that programs, is this > true ?, will be better to run a cvsup and instead ? > > That are some points of my idea but reading on internet I finished more > confuse about how will be the best way to do this. > > any ideas will more appreciate. > > Thanks. > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > Hi, here's how I do it, hope it helps: http://pastie.org/590295 Redd Vinylene -- http://www.home.no/reddvinylene