From owner-freebsd-jail@FreeBSD.ORG Tue Dec 25 05:14:00 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0033816A468 for ; Tue, 25 Dec 2007 05:13:59 +0000 (UTC) (envelope-from jon.passki@hursk.com) Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.191]) by mx1.freebsd.org (Postfix) with ESMTP id 9CC0113C455 for ; Tue, 25 Dec 2007 05:13:59 +0000 (UTC) (envelope-from jon.passki@hursk.com) Received: by fk-out-0910.google.com with SMTP id b27so2878241fka.11 for ; Mon, 24 Dec 2007 21:13:58 -0800 (PST) Received: by 10.78.200.20 with SMTP id x20mr6407876huf.16.1198558137348; Mon, 24 Dec 2007 20:48:57 -0800 (PST) Received: by 10.78.192.11 with HTTP; Mon, 24 Dec 2007 20:48:57 -0800 (PST) Message-ID: Date: Mon, 24 Dec 2007 22:48:57 -0600 From: "Jon Passki" To: "Andrew Hotlab" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: Cc: FreeBSD-Jail Subject: Re: How to better update a jail host system X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Dec 2007 05:14:00 -0000 On 12/19/07, Andrew Hotlab wrote: [snip] > All that is working fine now, but I wonder if I could speed up the whole process, by switching to the binary update method. By using the freebsd-update(8) utility on the host I think to maintain the system cleaner (this utility only updates the installed distributions) and to reduce the administrative effort (no mergemaster(8) required, I'm right?). > > Do you think my thinking is right, or there are some aspects I'm missing? (As I said, I'm not a very experienced FreeBSD sysadmin) :) I've wrestled with jail update schemes for a while now. Here's what I've tried: --) jail(8) method (direct output of make world) --) Taking make world and creating a tarball. Use that tarball for a custom port input and use the port to create the jail (make JAIL_IP=1.2.3.4 JAIL_NAME=blah), recording everything as a package (still in use) --) Use subversion to store the binaries and have subversion drive things (not very complex w/ base, but becomes highly complex with ports and one-off integration; got my docs, but never went into production) I've come to realize I had the "Not Invented Here" [1] syndrome. This still existed even though I mainly track RELENG_6_2 (6.2-RELEASE Security branch) and have maybe 5 human hours a week at most to devote to FreeBSD sysadmin. Colin Percival has already solved how to update the base system with minimal effort via freebsd-update(8). I'm now embracing the FreeBSD way of doing things. You can re-create your binary jail setup easily from sysinstall: sysinstall _ftpPath=ftp://ftp.FreeBSD.org/pub/FreeBSD/ nonInteractive=yes mediaSetFTP releaseName=6.2-RELEASE dists=base distSetCustom installRoot=/path/to/jail installCommit Then, the only thing you have to manage is packages. With a patched freebsd-update [2], you can even update from 6.2 to 6.3. If ezjail supports a binary tarball update, it would be trivial to take the output of the sysinstall and freebsd-update and roll one. I dunno if your thinking is OK, but mine wasn't. Now, hopefully mine will be :-) [1] http://en.wikipedia.org/wiki/Not_Invented_Here [2] http://www.daemonology.net/blog/2007-11-10-freebsd-minor-version-upgrade.html Cheers, Jon