I have been using my scripts now for quite a while and they seem to work well for the most part. Essentially, every night, the process is:
1. check for freebsd updates
2. check for userland updates
3. check for kernel updates
4. check jails
If any of those require updating (excluding jails), then a new Boot Environment is created, a record is written to a patch file indicating what needs updated, and a message is sent requesting a reboot. On reboot, my crontab entry is picked up, the patch file is read indicating what needs to be patched, and the system is patched accordingly. Upon successful application of the patch, the current timestamp is written to the patch file, then the system continues checking for subsequent updates and repeats the process.
For updating jails, I merely do snapshots and restart the jail.
I keep 5 boot environments for a maximum time period of 30 days. The 'app' is here:
Contribute to walterjwhite/system-maintenance development by creating an account on GitHub.
github.com