By sbr ·

FreeBSD 15.1


An upgrade story

Today FreeBSD 15.1 was released and we got to use the new'ish pkg base process to update all our machines and jails. This was an entirely pain free and enjoyable process, although perhaps still a touch more complicated then a true rolling release experience.

Upgrading host system to 15.1

This could be better, and I suspect one day it will be. Ideally one would type something like "pkg upgrade release" and not have to fuss around with this small step, but its a huge improvement on the old way so I won't complain too much.


mkdir /tmp/upgrade-15.1


echo 'FreeBSD-base: {url: "pkg+https://pkg.FreeBSD.org/${ABI}/base_release_1"}' > /tmp/upgrade-15.1/upgrade.conf


doas pkg -o REPOS_DIR=/etc/pkg,/usr/local/etc/pkg/repos,/tmp/upgrade-15.1 -o IGNORE_OSVERSION=yes upgrade -r FreeBSD-base


doas reboot


Then I updated third party pkgs on the new kernel, in theory one could also reboot here

doas pkg update -f
doas pkg upgrade


Upgrading Jails

Grab the new release

doas bastille bootstrap --pkgbase 15.1-RELEASE

Then update jails to that new release, write a tiny script for many of them

doas bastille upgrade -a MyJailName 15.1-RELEASE

Upgrade all the jails third party pkgs with a single command. Wonder why the same doesn't exist for the jails themselves.

doas bastille pkg ALL upgrade -y


Pkg Caching saves some of the day

This may be to where our servers are based in the world, but at times the pkg updates can very slow. And as we have multiple machines, even more jails per machine that need updating. This gets painful quickly.

I had a machine already running with some spare ram and nginx already running. So I mounted /var/cache in ram and setup some proxy rules in nginx.

part of nginx.conf

proxy_cache_path /var/cache/nginx/pkg
levels=1:2
keys_zone=pkg_cache:10m
max_size=4g
inactive=30d
use_temp_path=off;

proxy_cache_path /var/cache/nginx/pkg-meta
levels=1:2
keys_zone=pkg_meta:5m
max_size=500m
inactive=1h
use_temp_path=off;

server {
listen 80;
server_name pkg.8by3.net;
# Binary packages — cache 30 days
location ~* /All/[^/]+\.pkg$ {
proxy_pass https://pkg.freebsd.org;
proxy_cache pkg_cache;
proxy_cache_valid 200 30d;
proxy_cache_use_stale error timeout updating;
proxy_cache_lock on;
proxy_ssl_server_name on;
proxy_set_header Host pkg.freebsd.org;
proxy_ignore_headers Cache-Control Expires Set-Cookie;
add_header X-Cache-Status $upstream_cache_status always;
}

# Catalog / metadata — cache 30 minutes
location / {
proxy_pass https://pkg.freebsd.org;
proxy_cache pkg_meta;
proxy_cache_valid 200 30m;
proxy_cache_valid 404 1m;
proxy_cache_use_stale error timeout updating;
proxy_cache_lock on;
proxy_ssl_server_name on;
proxy_set_header Host pkg.freebsd.org;
proxy_ignore_headers Cache-Control Expires Set-Cookie;
add_header X-Cache-Status $upstream_cache_status always;
}
}


Then on all machines I want to pull pkgs via the cache, update the pkg config file to point to pkg.8by3.net instead of pkg.freebsd.org

/etc/pkg/FreeBSD.conf

FreeBSD-ports: {
url: "pkg+http://pkg.8by3.net/${ABI}/latest",
mirror_type: "srv",
signature_type: "fingerprints",
fingerprints: "/usr/share/keys/pkg",
enabled: yes
}
FreeBSD-ports-kmods: {
url: "pkg+http://pkg.8by3.net/${ABI}/kmods_latest_${VERSION_MINOR}",
mirror_type: "srv",
signature_type: "fingerprints",
fingerprints: "/usr/share/keys/pkg",
enabled: yes
}
FreeBSD-base: {
url: "pkg+http://pkg.8by3.net/${ABI}/base_release_${VERSION_MINOR}",
mirror_type: "srv",
signature_type: "fingerprints",
fingerprints: "/usr/share/keys/pkgbase-${VERSION_MAJOR}",
enabled: no
}


I don't know if there is an existing / simpler way of doing this. It was an idea I had using a rather unix'y philosophy of combining simple tools I already had on hand. The eagle eyed amongst you will notice the 30m cache for the catalogue, this is there to avoid locking onto old version of the catalogue without shortening the caching of everything else to only 30m.

Pkgabaseify

If you are totally new to the idea of pkg base and are still doing pkgs the "bad old" way, i.e using freebsd-update fetch, freebsd-update install etc. Then go check this lua script to migrate to using pkg base. I've successfully migrated both a 14.2 and 15.0 system over to pkg base.

Normal x.x.# upgrades

Once you are on pkg base, then doing patch version updates is as simple as

pkg upgrade


And that's all folks, I need to figure out how to write more about this sort of thing.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

#freebsd #pkgbase #upgrade
RSS