Re: Managing updates in jails
On Wed, May 18, 2005 at 06:29:42PM +0200, Ruben Bloemgarten wrote: What I find a lot easier is to use freebsd-update for the base system updates and, after having mount_nullfs'd /usr/ports from the host system onto the jailed systems, portsnap and portupgrade. - host system : freebsd-update/portsnap/portupgrade Jailed system : freebsd-update/portupgrade Thanks Ruben. I have a couple follow-up questions. (1) When do you run cvsup? I don't understand the relationship between cvsup and portupgrade. As I understand things, portupgrade fetches the latest tarball of the given port. If this is indeed the case, why does the portupgrade man page have a tip that says be sure to run portsdb -Uu everytime you cvsup? This tip suggests that you should run cvsup as part of the portupgrade routine. (2) What value do you use for the base parameter in your cvsup file? Should these bookkeeping files be shared between the jail and the mothership? Thanks, m ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Managing updates in jails
Mark Bucciarelli wrote: On Wed, May 18, 2005 at 06:29:42PM +0200, Ruben Bloemgarten wrote: What I find a lot easier is to use freebsd-update for the base system updates and, after having mount_nullfs'd /usr/ports from the host system onto the jailed systems, portsnap and portupgrade. - host system : freebsd-update/portsnap/portupgrade Jailed system : freebsd-update/portupgrade Thanks Ruben. I have a couple follow-up questions. (1) When do you run cvsup? I don't understand the relationship between cvsup and portupgrade. As I understand things, portupgrade fetches the latest tarball of the given port. If this is indeed the case, why does the portupgrade man page have a tip that says be sure to run portsdb -Uu everytime you cvsup? This tip suggests that you should run cvsup as part of the portupgrade routine. cvsup is a tool for maintaining a set of checked out files in sync with a remote CVS repository without having to use CVS directly. In the case of the ports tree, those files are things like the Makefile, package descriptions and patches. These describe what tarball is needed to install a port, how to patch and make it for FreeBSD, and just as importantly how to uninstall it. The tarball is the source code for the package, and is not handled by cvsup at all. If you never install a port then the tarball for it never lives on your system. portupgrade is a tool for automating the installing or upgrading of a port, including keeping track of your preferred options (/etc/pkgtools.conf) and handling dependencies between ports. portsdb is a tool for updating /usr/ports/INDEX{-5} and /usr/ports/INDEX.db (the latter being created from the former). The index is used when you do e.g. a make search in /usr/ports. See man ports for the details. If you want the index to be up-to-date after you have run cvsup, then you also need to run portsdb -Uu to rebuild it based on the new updates you downloaded with cvsup. There is no requirement to update ports with portupgrade after you have run cvsup, and portupgrade does not even always need the index to be up-to-date. However, if you specify a portorigin glob e.g. archivers/p5-*, this is apparently looked up in the index so it helps if it is up-to-date. Many people run a cron job to do a cvsup regularly, and at the end of that job run portsdb-Uu just so everything is tidy and up-to-date. The when you come to do a portupgrade you know that everything is in sync. cvsup is also used to keep the system source (/usr/arc) up-to-date, but that has nothing to do with portupgrade or portsdb. (2) What value do you use for the base parameter in your cvsup file? Wherever you want cvsup to keep its bookkeeping files. I don't specify anything so use the default /usr/local/etc/cvsup (the files going into the sub-directory sup) Should these bookkeeping files be shared between the jail and the mothership? No clue, sorry. --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Managing updates in jails
On Sun, Jun 26, 2005 at 12:31:42AM +0100, Alex Zbyslaw wrote: Mark Bucciarelli wrote: I don't understand the relationship between cvsup and portupgrade. cvsup is a tool for maintaining a set of checked out files in sync with a remote CVS repository without having to use CVS directly. In the case of the ports tree, those files are things like the Makefile, package descriptions and patches. Ahhh ... light bulb goes off. Thanks for your detailed post! m ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Managing updates in jails
Hi Mark, What I find a lot easier is to use freebsd-update for the base system updates and, after having mount_nullfs'd /usr/ports from the host system onto the jailed systems, portsnap and portupgrade. - host system : freebsd-update/portsnap/portupgrade Jailed system : freebsd-update/portupgrade All in all in takes about 20-40 minutes to update all systems host+5Jails. Good luck, Ruben -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Bucciarelli Sent: May 13, 2005 7:46 PM To: FreeBSD-questions@FreeBSD.org Subject: Managing updates in jails I'm a recent convert to FreeBSD, mainly because of the jail functionality. I am trying to figure out a good system for keeping jails updated and am running against my lack of experience with the compile-from-source approach as well as the different startup scripts. I have pretty much settled on the idea of creating a template or base jail, updating that, then creating a tarball that I can extract over any other jail I need to update. I figure I won't have more than six jails and the complexity of hardlinks and/or unionfs/nullfs for me is not worth the saved disk space. Currently, I have been making buildworld, make buildkernel, etc on the host, then repeating the process inside the template jail. The host is just going to run sshd and ntpd, the template will be apache+mysql+php. A couple questions: - is there a correct way to reuse the makekernel and makeworld done on the host system for the template jail? for example, using DESTDIR and/or NOREBUILD? (I tried DESTDIR initially to install vim into the template jail, but when I ran vim inside the jail, it wouldn't start b/c it was missing a library. So I back tracked and installed the entire ports tree inside the jail and built stuff from there.) It takes around three hours to rebuild everything once, so this will be a limiting factor on how fast I can patch the system (unless I invest in another, faster machine just for compiling). - what directories in the template jail do i need to tar when applying an upgrade to other jails? just /usr and some selected pieces of /etc? - i need to support multiple ip's per jail. i found a patch that applies (pretty much--some wierdness in netinet6) against 5.4, but would like to use the existing rc.conf to manage startup. where would i look to modify the jail startup command to pass multiple ips? - what do people do with the mount command inside a jail--just delete it? are there other commands you take out? Thanks for any pointers, I think a section on jails would be a good addition to the handbook. Regards, m ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.11.9 - Release Date: 05/12/2005 -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.11.9 - Release Date: 05/12/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.11.12 - Release Date: 05/17/2005 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]