• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

freebsd-update mirror

Tomse

Member

Thanks: 1
Messages: 36

#1
Since I have quite a few FreeBSD installations on a totally closed network, I'm looking to
create a local mirror to update/upgrade these installations.

The handbook has this nice article
Build your own FreeBSD update server

This may or may not be what I need, but I have questions
as this seems to build the binaries rather than just get the binaries already available.
Am I wrong?
If I'm not wrong, are there alternatives, as I just need updates for 2 versions, my current
version + next version.. i.e. 10.2 latest + 10.3 latest. which will then later be replaced by 10.3 + 11 once 10.2 are no longer used.

Do anyone know if maintenance with a monthly update here would require 10's of minutes, hours or more/less (thinking manual work and not just waiting for the computer to download).

cheers
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,998
Messages: 26,762

#2
Let me find it again, I have an Apache config that will proxy and cache the updates.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,998
Messages: 26,762

#3
Ok, you obviously need to change a few things but this works for me:
Code:
<VirtualHost *:80>
  ServerAdmin info@example.com
  ServerName fbsd-update.example.com

  ProxyRequests Off
  ProxyPreserveHost Off

  <Proxy *>
    Order Deny,Allow
    Allow from All
  </Proxy>

  ProxyPass / http://update.freebsd.org/

  <Location />
    ProxyPassReverse /
    Order Allow,Deny
    Allow from All
  </Location>

  <IfModule cache_module>
    <IfModule disk_cache_module>
      CacheEnable disk /
      CacheRoot /var/cache/freebsd-update/
    </IfModule>
  </IfModule>

</VirtualHost>
Then change the line in /etc/freebsd-update.conf:
Code:
ServerName fbsd-update.example.com
You'll also want to clean the cache regularly:
Code:
htcacheclean_cache="/var/cache/freebsd-update/"
htcacheclean_enable="YES"

On the network I maintain (around 30 servers) every server is set to update via the proxy. The proxy forwards to the official update servers and caches everything. So only the first machine that runs the update actually downloads them, the rest usually gets it from the cache.

I've set this up when our servers were all 9.1, they've since been upgraded to 9.3 and recently to 10.3. I didn't have to change anything or do anything special for that.
 

Tomse

Member

Thanks: 1
Messages: 36

#4
How would this work on a closed network.

I connect the proxy server server to the internet, run freebsd-update from the server hosting the proxy, letting it update through the proxy.

What would happen when the proxy is back on the closed network, and clients differ from the proxy and some updates are not available?

cheers
 

Tabs

Member

Thanks: 20
Messages: 69

#5
Maybe you could use freebsd-update fetch combined with --currently-running release to populate the cache with updates for different versions?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,998
Messages: 26,762

#7
How would this work on a closed network.
Ah, yeah, oops.

I'm not aware of any mirroring tools. But freebsd-update(8) is actually a large script, not a binary. Perusing through it I think it'll be fairly easy to write a script that simply fetches all the relevant files. The important functions appear to be fetch_metadata_index() and fetch_files(). I can easily imagine a script that fetches the metadata and pulls in all the relevant patch files.
 

Tomse

Member

Thanks: 1
Messages: 36

#8
Maybe you could use freebsd-update fetch combined with --currently-running release to populate the cache with updates for different versions?
I didn't complete the test as of yet, but as I can see, it requires the updating server to be in sync with the clients (exact same patch level), it could be a good workaround, but in the long run might end badly.


Ah, yeah, oops.

I'm not aware of any mirroring tools. But freebsd-update(8) is actually a large script, not a binary. Perusing through it I think it'll be fairly easy to write a script that simply fetches all the relevant files. The important functions appear to be fetch_metadata_index() and fetch_files(). I can easily imagine a script that fetches the metadata and pulls in all the relevant patch files.
if the freebsd-script gets this new function I think it would be able to do what I need, knowing my shell scripting skills I'm not being too optimistic about coding this myself :p
atleast I'll give it a try :)
 
Top