Updating jails by hand

nicky

Member

Reaction score: 3
Messages: 23

Hello good folks :)

I have at present 8 jails, which were build by hand, and with varying build settings in src.conf. 1 jail operates as a web proxy, 1 as mail server and the rest runs websites with Apache. I would like to continue operating the jails by hand, but I would also like to adjust what parts is built into the jails (to slim them down) now that I have been running them for a few months. And to update them.

Originally I had thought to built new jails and migrate their services to them, but I realized recently that it must be possible to update the jails just like the hosts base system. However, I have tried several times, and broken the designated test jail every time. When updating the hosts base system, I use buildworld, buildkernel (which isn't needed on the jails) and mergemaster and, believe it or not, I really like the process. Is the same process roughly possible with jails?

Ideally, I would reach these goals
  • Updating the jails base system, hopefully while reusing the built binaries to update multiple jails at once, without rebuilding the source
  • Add or remove binaries from the jails (like telnet, mail), depending on the src.conf used
  • Updating the jails base configuration files
I have tried reading the manual and handbook on buildworld, but while they where very informative, I didn't really get any answers on how to build in or build out binaries on jails. Or I missed it. They contain a lot of useful information.

mergemaster seems to install all the configuration files, also configuration files for binaries not currently installed, which I would like to avoid. On the other hand, without running mergemaster, I don't know how to keep the configuration files of the jails current, as I might miss settings available in newer versions of the binaries I have installed in the jails.

I hope the above makes sense. Any pointers will be greatly appreciated.
 

Remington

Aspiring Daemon

Reaction score: 157
Messages: 519

AFAIK ezjail isn't updated to work with the current jails system and people generally use iocage instead.
Ezjail still works very well except you only need to edit /etc/jail.conf manually. I still use it on FreeBSD 12.0.
 
Top