Why am I unable to update my FreeBSD jails?

Hello,

I'm trying to update the base system of the jails on my host. I created the jails using EZJail. On the host or on the jails, I think the correct way to check if my base system is up to date is to call
# freebsd-update fetch

This way I get a list of available updates. If the list is empty, this means my base system is up to date. Otherwise, it means my base system is not up to date. I wanted to update the base system, both on the host and on the jails.
On the host:
Code:
# freebsd-update fetch
# freebsd-update install

Checking that no more updates are needed on the host:

Code:
# freebsd-update fetch
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 11.0-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 11.0-RELEASE-p8.

So the host is up to date.

Using ezjail-admin(8) on the host to try to update the base system of the jails:
Code:
# ezjail-admin update -u
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 11.0-RELEASE from update5.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 11.0-RELEASE-p8.
No updates are available to install.
Run '/usr/sbin/freebsd-update fetch' first.
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 11.0-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

The following files will be added as part of updating to 11.0-RELEASE-p8:
/usr/share/zoneinfo/Asia/Barnaul
/usr/share/zoneinfo/Asia/Famagusta
/usr/share/zoneinfo/Asia/Tomsk
/usr/share/zoneinfo/Asia/Yangon
/usr/share/zoneinfo/Europe/Astrakhan
/usr/share/zoneinfo/Europe/Kirov
/usr/share/zoneinfo/Europe/Ulyanovsk
Installing updates...mkdir: /usr/jails/newjail//boot: No such file or directory
mtree: /usr/jails/newjail//boot/kernel: No such file or directory
mtree: /usr/jails/newjail//boot/kernel.old: No such file or directory
touch: /usr/jails/newjail//boot/kernel.old/.freebsd-update: No such file or directory
Could not create kernel backup directory

This returns without an error code. I think that running the same command again should not display the same list of updates but it does.
Code:
# ezjail-admin update -u
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 11.0-RELEASE from update5.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 11.0-RELEASE-p8.
No updates are available to install.
Run '/usr/sbin/freebsd-update fetch' first.
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 11.0-RELEASE from update6.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

The following files will be added as part of updating to 11.0-RELEASE-p8:
/usr/share/zoneinfo/Asia/Barnaul
/usr/share/zoneinfo/Asia/Famagusta
/usr/share/zoneinfo/Asia/Tomsk
/usr/share/zoneinfo/Asia/Yangon
/usr/share/zoneinfo/Europe/Astrakhan
/usr/share/zoneinfo/Europe/Kirov
/usr/share/zoneinfo/Europe/Ulyanovsk
Installing updates...mkdir: /usr/jails/newjail//boot: No such file or directory
mtree: /usr/jails/newjail//boot/kernel: No such file or directory
mtree: /usr/jails/newjail//boot/kernel.old: No such file or directory
touch: /usr/jails/newjail//boot/kernel.old/.freebsd-update: No such file or directory
Could not create kernel backup directory

So it seems the ezjail-admin update -u had no effect. Now on one of the jail's command line, checking if the system is up to date. It doesn't seem to be.

Code:
# freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 11.0-RELEASE from update5.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

The following files will be added as part of updating to 11.0-RELEASE-p8:
/usr/src/contrib/ntp/include/libssl_compat.h
/usr/src/contrib/ntp/libntp/libssl_compat.c
/usr/src/contrib/ntp/sntp/unity/ulib_setup.c
/usr/src/contrib/ntp/sntp/unity/ulib_teardown.c
/usr/src/contrib/tzdata/CONTRIBUTING
/usr/src/contrib/tzdata/LICENSE
/usr/src/contrib/tzdata/Makefile
/usr/src/contrib/tzdata/NEWS
/usr/src/contrib/tzdata/README
/usr/src/contrib/tzdata/Theory
/usr/src/contrib/tzdata/backzone
/usr/src/contrib/tzdata/checklinks.awk
/usr/src/contrib/tzdata/checktab.awk
/usr/src/contrib/tzdata/leapseconds.awk
/usr/src/contrib/tzdata/version
/usr/src/contrib/tzdata/zoneinfo2tdf.pl

The following files will be updated as part of updating to 11.0-RELEASE-p8:
/usr/src/contrib/mdocml/mandocdb.c
/usr/src/contrib/netbsd-tests/lib/libc/locale/t_mbstowcs.c
/usr/src/contrib/ntp/ChangeLog
/usr/src/contrib/ntp/CommitLog
/usr/src/contrib/ntp/NEWS
/usr/src/contrib/ntp/configure
/usr/src/contrib/ntp/html/drivers/driver40.html
/usr/src/contrib/ntp/html/miscopt.html
/usr/src/contrib/ntp/include/Makefile.am
/usr/src/contrib/ntp/include/Makefile.in
/usr/src/contrib/ntp/include/ntp.h
/usr/src/contrib/ntp/include/ntp_intres.h
/usr/src/contrib/ntp/include/ntpd.h
/usr/src/contrib/ntp/lib/isc/netaddr.c
/usr/src/contrib/ntp/libntp/Makefile.am
/usr/src/contrib/ntp/libntp/Makefile.in
/usr/src/contrib/ntp/libntp/a_md5encrypt.c
/usr/src/contrib/ntp/libntp/audio.c
/usr/src/contrib/ntp/libntp/ntp_calendar.c
/usr/src/contrib/ntp/libntp/ntp_intres.c
/usr/src/contrib/ntp/libntp/ssl_init.c
/usr/src/contrib/ntp/libntp/work_fork.c
/usr/src/contrib/ntp/libparse/clk_hopf6021.c
/usr/src/contrib/ntp/ntpd/complete.conf.in
/usr/src/contrib/ntp/ntpd/invoke-ntp.conf.texi
...[AROUND 600 MORE LINES]...
/usr/src/contrib/ntp/ntpd/ntp_parser.c
/usr/src/contrib/ntp/ntpd/ntp_parser.h
/usr/src/contrib/ntp/ntpd/ntp_peer.c
/usr/src/contrib/ntp/ntpd/ntp_proto.c
/usr/src/usr.sbin/bhyve/vga.c
/usr/src/usr.sbin/ntp/config.h
/usr/src/usr.sbin/ntp/doc/ntp-keygen.8
/usr/src/usr.sbin/ntp/doc/ntp.conf.5
/usr/src/usr.sbin/ntp/doc/ntp.keys.5
/usr/src/usr.sbin/ntp/doc/ntpd.8
/usr/src/usr.sbin/ntp/doc/ntpdc.8
/usr/src/usr.sbin/ntp/doc/ntpq.8
/usr/src/usr.sbin/ntp/doc/sntp.8
/usr/src/usr.sbin/ntp/libntp/Makefile
/usr/src/usr.sbin/ntp/scripts/mkver

The result is the same after restarting the jail.

Why aren't my jails updated?

Thanks a lot for your help.
 
ezjail-admin -u should be correct. In the jails I have /usr/src is not populated. May be this is why freebsd-update fetch wants to fetch some stuff. What does uname -a in the console of the jail output? May be the jails are updated.
 
Thanks for pointing out that all the files that appears to remain subject to an update in my jail starts with the path /usr/src.

/usr/src in my jail is populated (a lot of files and du -h /usr/src returns a total disk usage of 626M).

What does uname -a in the console of the jail output? May be the jails are updated.

In the host:

Code:
# uname -a
FreeBSD myhostname 11.0-RELEASE-p8 FreeBSD 11.0-RELEASE-p8 #0: Wed Feb 22 06:12:04 UTC 2017     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

In the jail:

Code:
# uname -a
FreeBSD myjailname 11.0-RELEASE-p8 FreeBSD 11.0-RELEASE-p8 #0: Wed Feb 22 06:12:04 UTC 2017     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

It's the same except for the hostname.
But if I understand correctly, the jail and the host share the same kernel so it should always be the case. The problem is to update the rest of the base system (the world) which is not shared with the host, right?
 
freebsd-version -u returns the same output on the host and in the jail:

Code:
11.0-RELEASE-p8

Not sure what I should conclude about this.
 
This is a bad way to check the version of a jail. A jail doesn't have a kernel and a uname -a will show the host's kernel version. Use freebsd-version -u.
Yes. I have mixed it up. I hope I will not forget to check that the next time I upgrade the host before upgrading the jails.
freebsd-version -u returns the same output on the host and in the jail:

Code:
11.0-RELEASE-p8

Not sure what I should conclude about this.
This looks good. Since a jail as no kernel the output of the command in the jail is interesting and clear
Code:
# freebsd-version -k
freebsd-version: unable to locate kernel
 
I don't understand why I should run mergemaster(8) for every jail.
I don't run mergemaster(8) when I freebsd-update the main host. Should I?

I realized that my freebsd-update.conf (both in the host and in the jail) has the line

Code:
Components src world kernel

In a previous message, you confirmed to me that the jails use the kernel of the host, and you taught me that each jail has its own world (still unsure why each jail has its own world by the way, I don't see what's the point of each jail having its own world). What about the src? Does each jail have its own src or is it shared with the host? Or is it shared with some sort of base jail that ezjail uses?

Maybe I should stop using EZJail and try to create and update my jails without it. Maybe if hides too much details and that's why I don't understand what's happening.

At this point, I'm thinking about modifying the freebsd-update.conf in my jails to

Code:
Components src world

or maybe (if you tell me that src is shared with the host)

Code:
Components world

and, after running the following commands on the host:

# freebsd-update fetch
# freebsd-update install

I'll run, inside each jail, the following commands:

# freebsd-update fetch
# freebsd-update install

What would be wrong with that?
 
Back
Top