11.2-RELEASE upgrade with local mirror : Unable to get files from update.freebsd.org/11.1-RELEASE/amd64/tp/

[fbsd_scp]

Hello all, I am using FreeBSD since 4 months and have completed upgrading from 11.1-RELEASE to 11.2-RELEASE using the freebsd-update(8) utility.

Now as next task, I am setting up a local mirror for the 11.1 to 11.2-RELEASE upgrade and have downloaded files from ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/11.2-RELEASE
Updated /etc/freebsd-update.conf with the mirror.FreeBSD ServerName.

Downloaded the latest.ssl, metadata signature and metadata index files to necessary folders in the mirror. I am aware that I need to download many more files..

Now, when I try to upgrade a test machine from 11.1 to 11.2-RELEASE from the mirror,

root@freebsd-test:/var/db/freebsd-update # /usr/sbin/freebsd-update  -s mirror.FreeBSD -r 11.2-RELEASE

From nginx logs, I am unable to get the below files, which are need for the upgrade :

10.1x.x.x - - [31/Oct/2018:13:05:03 +0100] "GET /11.1-RELEASE/amd64/tp/c9f2d4fdf57d4843af1a66a8fd1a7555d750c1bc72e98a186a9390d1922aa028-643475fdfeed9bc8bbe0b9f5375921eb9b7ec01f7d05bc16005de41d15a5614d.gz HTTP/1.1" 404 162 "-" "freebsd-update (upgrade, 11.1-RELEASE)"
10.1x.x.x - - [31/Oct/2018:13:05:12 +0100] "GET /11.2-RELEASE/amd64/tp/643475fdfeed9bc8bbe0b9f5375921eb9b7ec01f7d05bc16005de41d15a5614d-c9f2d4fdf57d4843af1a66a8fd1a7555d750c1bc72e98a186a9390d1922aa028.gz HTTP/1.1" 404 162 "-" "freebsd-update (upgrade, 11.1-RELEASE)"

Also, I need the files from /to-11.2-RELEASE/amd64/bp/ folder to be downloaded to the respective mirror directory. But I am unable to download all the files from this folder with 403 Forbidden. It is possible to download each file(thousands of files in this folder it seems)

Any thoughts?

Thank you

 

[SirDice]

I suggest using a caching proxy instead, much easier to maintain. The first machine to upgrade will cause the files to be downloaded, consecutive upgrades will get their files from the proxy's cache. If anything is missing it will automatically be downloaded and cached.

This is a configuration for Apache to proxy and cache freebsd-update(8) files:

<VirtualHost *:80>
  ServerAdmin info@example.com
  ServerName fbsd-update.example.com

  ProxyRequests Off
  ProxyPreserveHost Off

  <Proxy *>
    Require all granted
  </Proxy>

  ProxyPass / http://update.freebsd.org/

  <Location />
    ProxyPassReverse /
    Require all granted
  </Location>

  <IfModule cache_module>
    <IfModule cache_disk_module>
      CacheEnable disk /
      CacheRoot /var/cache/freebsd-update/
    </IfModule>
  </IfModule>

</VirtualHost>

I've set this up a long time ago and has served me well. Probably have upgraded a couple of dozen machines over numerous major and minor upgrades using it without having to change anything.

You do need to add this:

htcacheclean_cache="/var/cache/freebsd-update/"
htcacheclean_enable="YES"

This will keep the cache nice and clean, old files will eventually be removed from the cache.

You can do something similar with nginx if you prefer to use that. Or use a "proper" proxy like Squid.

 

[fbsd_scp]

I had already gone through the wiki page regarding proxy: https://wiki.freebsd.org/VladimirKrstulja/Guides/FreeBSDUpdateReverseProxy

My requirement cannot use proxy and the updates are planned to work differently.

The update-mirror is hosted by our deployment server and all appliances that is connected to deployment server get the updates
Deployment Server builds update-mirror by downloading packages from the Internet.

We plan it to be continuous process where we could serve many customers and the server upgrades happen smoothly using the local update-mirror server once they are delivered.

Any thoughts?

Thank you

 

[SirDice]

Any thoughts?

Two actually, first is pkgbase so you can use pkg(8) to update/upgrade the base OS. Second is setting up your own update server: https://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/article.html

 

[fbsd_scp]

I have started with the second option with setting update own update server:

While going through the freebsd-update-server download scripts, it seems like 11.2-RELEASE is not updated yet.

https://svnweb.freebsd.org/base/user/cperciva/freebsd-update-build/scripts/

While trying the steps, i got as below. Am i missing something here?

[root@deployment /usr/local/freebsd-update-server]# sh scripts/init.sh amd64 11.2-RELEASE

Wed Oct 31 16:03:28 CET 2018 Starting fetch for FreeBSD/amd64 11.2-RELEASE

fetch: ftp://ftp4.FreeBSD.org/pub/FreeBSD/releases/FreeBSD-11.2-RELEASE-amd64-dvd1.iso: File unavailable (e.g., file not found, no access)

Wed Oct 31 16:03:28 CET 2018 Verifying dvd1 hash for FreeBSD/amd64 11.2-RELEASE

sha512: /usr/local/freebsd-update-server/work/11.2-RELEASE/amd64/iso.img: No such file or directory

FreeBSD 11.2-RELEASE-amd64-dvd1.iso has incorrect hash.

rm: /usr/local/freebsd-update-server/work/11.2-RELEASE/amd64/iso.img: No such file or directory

mdconfig: realpath: No such file or directory

mount_cd9660: /dev/md: No such file or directory

 

[SirDice]

Download URL isn't entirely correct, it should be ftp://ftp4.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/11.2/FreeBSD-11.2-RELEASE-amd64-dvd1.iso

 

[fbsd_scp]

I have followed the steps in https://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/article.html

and have updated my local mirror with 11.2-RELEASE and 11.1-RELEASE updates and uploaded them to a folder. I have configured the webserver also.

Next on agenttest01 server that needs to be upgraded from 11.1-RELEASE to 11.2-RELEASE, i have updated

/etc/freebsd-update.conf with the serverName as my "local-mirror" ip and also with the keyprint generated.

Now on trying to fetch for updates, it does not fetch updates for the 11.2-RELEASE as shown below:

root@agenttest01:/usr/home/admin # freebsd-update install
No updates are available to install.
Run '/usr/sbin/freebsd-update fetch' first.
root@agenttest01:/usr/home/admin # freebsd-update fetch
Looking up local-mirror mirrors... none found.
Fetching metadata signature for 11.1-RELEASE from local-mirror... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 11.1-RELEASE-p0.

WARNING: FreeBSD 11.1-RELEASE HAS PASSED ITS END-OF-LIFE DATE.
Any security issues discovered after Sat Jul  1 00:00:00 CEST 2017
will not have been corrected.

What needs to be done for fetching the latest release updates for my local mirror ? Any thoughts?

 

[SirDice]

A freebsd-update fetch only fetches updates for the current version (from 11.1-p1 to 11.1-p2 for example), it does not upgrade versions. You'll need to run freebsd-update -r 11.2-RELEASE upgrade to download the upgrade.

     fetch     Based on the currently installed world and the configuration
               options set, fetch all available binary updates.

     upgrade   Fetch files necessary for upgrading to a new release.  Before
               using this command, make sure that you read the announcement
               and release notes for the new release in case there are any
               special steps needed for upgrading.  Note that this command may
               require up to 500 MB of space in workdir depending on which
               components of the FreeBSD base system are installed.

See freebsd-update(8).