You've loaded an old revision of the document! If you save it, you will create a new version with this data. Media Files====== Updating FreeBSD Servers ====== All four physical hosts run FreeBSD. Upgrade them in this order: - mustafar - hoth - geonosis - bane This order matters: start with the least critical server so any issues are caught early. ===== OS Patches ===== SSH into the server and become root: <code> ssh mustafar su - </code> Check for available updates: <code> freebsd-rustdate check-fetch </code> Fetch and install patches: <code> freebsd-rustdate fetch freebsd-rustdate install </code> ===== Packages ===== Review automatically installed packages -- decide what to keep and what to remove: <code> pkg noauto </code> Then update and upgrade all packages: <code> pkg update pkg upgrade </code> ===== Before Rebooting ===== Before restarting, check who is currently connected: <code> root@mustafar:~ # sockstat -4 USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root sshd-sessi 79454 7 tcp4 172.20.200.90:22 172.20.96.2:40808 root sshd-sessi 78971 7 tcp4 172.20.200.90:22 172.20.96.2:40808 root sshd 47125 7 tcp4 *:22 *:* root nfsd 34681 7 tcp4 *:2049 *:* ntpd ntpd 3208 21 udp4 *:123 *:* ntpd ntpd 3208 22 udp4 172.20.200.90:123 *:* ntpd ntpd 3208 25 udp4 127.0.0.1:123 *:* ?? ?? ?? ?? udp4 *:2049 *:* </code> If you need more detail on connections: <code> root@mustafar:~ # netstat -4 Active Internet connections Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 108 mustafar.ssh 172.20.96.2.40808 ESTABLISHED udp4 0 0 localhost.ntp *.* udp4 0 0 mustafar.ntp *.* </code> When you've confirmed it's safe to reboot: <code> shutdown -r now </code> The ''-r'' flag tells the system to reboot. ===== Jails and VMs ===== Some servers have jails and VMs that need attention after reboot. ==== Jails (bane, geonosis) ==== Jails on bane and geonosis start automatically on boot. ==== VMs (bane) ==== VMs on bane need to be configured for auto-start. For example, to enable ''scontrol-01'': <code> root@bane:~ # sysrc vm_list="scontrol-01" root@bane:~ # cat /etc/rc.conf| grep vm_list vm_list="scontrol-01" </code> Confirm auto-start is enabled: <code> root@bane:~ # vm list NAME DATASTORE LOADER CPU MEMORY VNC AUTO STATE mitte-dev-01 default uefi 1 4G - No Stopped scontrol-01 default uefi 2 4G - Yes [1] Running (5469) </code> ====== Updating Jails ====== Aside from all the jails on the **bane** server and others, we have a status page jail running UptimeKuma. For understandable reasons, this jail must outlive the other ones to be able to notify us about the others' instability from time to time. So UptimeKuma is held in a remote FreeBSD server in Chicago called **bespin** (hosted on Vultr), in a jail called **st-01**. ===== What is specific about Bespin ===== Bespin is **NOT** pkg-base; meaning you cannot use ''pkg'' to update/upgrade the OS on the host itself. By contrast, the jail **st-01** (for **status.abi.am**) **is** pkg-base. The two are independent: a jail can be pkg-base even if its host is not, and vice versa. ===== pkg-base vs. NOT pkg-base ===== **pkg-base** means using ''pkg'' for updating the base system. This is a relatively new practice in FreeBSD, available since 15.0. Before ''pkg update/upgrade'', people would use ''freebsd-update'' (traditional) or ''freebsd-rustdate'' (newer alternative) for updating the OS. See ''/etc/pkg/Base.conf'' for further information. In Bespin, ''/etc/pkg/FreeBSD.conf'' has a field saying ''freebsd-base { …, enabled: no, … }'' meaning the host is **not** pkg-base. Note, it is possible to migrate a non-pkg-base system to pkg-base. Look that up if needed. ===== Updating pkgbase Jails ===== <code> mount -t devfs devfs <path/to/jail>/dev pkg-static -c </path/to/jail> update && pkg-static -c </path/to/jail> upgrade </code> ===== Updating NOT pkgbase Jails ===== You can use ''freebsd-update'' or ''freebsd-rustdate'' **from the host**, targeting the jail. You give ''freebsd-rustdate'' the path of the jail base with the ''-b'' flag and the path of the updating tool with ''-w'', and pass the subcommand at the end to be executed: <code> freebsd-rustdate -b /path/to/jail -w /path/to/jail/var/db/freebsd-update/ <subcommand> </code> More precisely, in our case we run: <code> freebsd-rustdate -b /usr/local/jails/<jailname> -w /usr/local/jails/<jailname>/var/db/freebsd-update/ check freebsd-rustdate -b /usr/local/jails/<jailname> -w /usr/local/jails/<jailname>/var/db/freebsd-update/ fetch freebsd-rustdate -b /usr/local/jails/<jailname> -w /usr/local/jails/<jailname>/var/db/freebsd-update/ install </code> ===== See Also ===== * [[infra:servers|Server Inventory]] * [[infra:virtual_machines|Virtual Machine Mechanics]] SavePreviewCancel Edit summary
