====== Updating FreeBSD Servers ======

All four physical hosts run FreeBSD. Upgrade them in this order:

  - mustafar
  - hoth
  - geonosis
  - bane

This order matters: start with the least critical server so any issues are caught early.

===== OS Patches =====

SSH into the server and become root:

<code>
ssh mustafar
su -
</code>

Check for available updates:

<code>
freebsd-rustdate check-fetch
</code>

Fetch and install patches:

<code>
freebsd-rustdate fetch
freebsd-rustdate install
</code>

===== Packages =====

Review automatically installed packages -- decide what to keep and what to remove:

<code>
pkg noauto
</code>

Then update and upgrade all packages:

<code>
pkg update
pkg upgrade
</code>

===== Before Rebooting =====

Before restarting, check who is currently connected:

<code>
root@mustafar:~ # sockstat -4
USER COMMAND      PID FD PROTO LOCAL ADDRESS         FOREIGN ADDRESS
root sshd-sessi 79454  7 tcp4  172.20.200.90:22      172.20.96.2:40808
root sshd-sessi 78971  7 tcp4  172.20.200.90:22      172.20.96.2:40808
root sshd       47125  7 tcp4  *:22                  *:*
root nfsd       34681  7 tcp4  *:2049                *:*
ntpd ntpd        3208 21 udp4  *:123                 *:*
ntpd ntpd        3208 22 udp4  172.20.200.90:123     *:*
ntpd ntpd        3208 25 udp4  127.0.0.1:123         *:*
??   ??            ?? ?? udp4  *:2049                *:*
</code>

If you need more detail on connections:

<code>
root@mustafar:~ # netstat -4
Active Internet connections
Proto     Recv-Q Send-Q Local Address          Foreign Address        (state)  
tcp4           0    108 mustafar.ssh           172.20.96.2.40808      ESTABLISHED
udp4           0      0 localhost.ntp          *.*
udp4           0      0 mustafar.ntp           *.*
</code>

When you've confirmed it's safe to reboot:

<code>
shutdown -r now
</code>

The ''-r'' flag tells the system to reboot.

===== Jails and VMs =====

Some servers have jails and VMs that need attention after reboot.

==== Jails (bane, geonosis) ====

Jails on bane and geonosis start automatically on boot.

==== VMs (bane) ====

VMs on bane need to be configured for auto-start. For example, to enable ''scontrol-01'':

<code>
root@bane:~ # sysrc vm_list="scontrol-01"
root@bane:~ # cat /etc/rc.conf| grep vm_list
vm_list="scontrol-01" 
</code>

Confirm auto-start is enabled:

<code>
root@bane:~ # vm list
NAME          DATASTORE  LOADER  CPU  MEMORY  VNC  AUTO     STATE
mitte-dev-01  default    uefi    1    4G      -    No       Stopped
scontrol-01   default    uefi    2    4G      -    Yes [1]  Running (5469)
</code>

===== See Also =====

  * [[infra:servers|Server Inventory]]
  * [[infra:virtual_machines|Virtual Machine Mechanics]]