Remote FreeBSD server upgrade - Guide!
Hello, ok following my recent experience of updating a remote freebsd server for this first time i have come with following method for future updates/upgrades.
This is a work in progress and will try and keep it upto date from feedback.
This was put together after help from:
Updated 18 Feb 09
If there are any points that still need clarification and if you spot anything incorrect or that could be added i would appreciate it
Those marked with * have info in notes section which you should read.
1. Turn OFF kern_securelevel=2 in rc.conf 2. Reboot 3. cd /boot 4. cp -Rp kernel kernel.works * 5. Edit stable-supfile file to required version 6. run: csup stable-supfile 7. cd /usr/src 8. less UPDATE - check for important notes 9. make -j3 buildworld 10. make -j3 buildkernel KERNCONF=MYKERNEL * 11. make KODIR=/boot/kernel.new KERNCONF=MYKERNEL installkernel * 12. nextboot -k kernel.new * 13. reboot 14. rename /boot/kernel.new to /boot/kernel 15. mergemaster -p * 16. make installworld 17. mergemaster -viU * 18. reboot * 19. Turn ON kern_securelevel= in rc.conf 20. reboot
I never found any mention of this in docs or guides as they assume you will be in single user mode, if you don't comment out kern_securelevel= and reboot the make installworld will fail.
(name it after the kernconf file name, version number, or something that is easy to remember). This isn't as big a deal when doing remote upgrades as you can't get a loader prompt (unless using a serial console), but it's a good habit to get into and you may get datacenter to boot for you, as you can then you can use
load /boot/kernel.works/kernel load /boot/kernel.works/acpi.ko
If you use 11. & 12. this is less of an issue.
9. & 10.
The standard recommendation is to use (NUMCPUS + 1). Using too high of a -j setting will slow things down immensely. You judge this on server load, use low setting if doing it when server has high load or higher setting when server not busy, it is case of balancing 'get it done quick with high load on server' or 'take longer but don' load server as much'.
You may want to do a few test runs to find the optimum setting for your systems. Run the following with various -j settings:
# /usr/bin/time -h make -jX buildworld
This will install the kernel as /boot/kernel.new and leave the working kernel as /boot/kernel. (recommended)
If you wish you can also have entry in make.conf that will build generic and custom kernel but only use custom kernel.
KERNCONF= is a space separated list of kernels to build/install, in the order to build/install them. So you can use things like:
# make KERNCONF="MYKERNEL GENERIC" buildkernel # make KERNCONF=GENERIC KODIR=/boot/kernel.generic installkernel # make KERNCONF=MYKERNEL KODIR=/boot/kernel.custom installkernel
# make KERNCONF="MYKERNEL GENERIC" installkernel
This boots into new kernel, if it all goes foobar up then a remote reboot by datacenter should get you back into old kernel.
To make sure the kernel works. You can run an old world on a new kernel, but you can't run a new world on an old kernel. So if you reboot after installworld and things fail, you may be screwed, requiring the use of a fixit CD.
15 & 17
During mergemaster the question about deleting /tmp/temproot kept coming up and was not sure if i should or not, here is explanation given:
This just to make sure all is ok with new kernel and world before setting securelevel.
Single user mode.
In handbook and guides tell you to enter single user mode before doing make installworld, trouble is on remote server this is not possible so you have bypass this step. I am told there is risk but with so many remote servers it does appear to work ok.
Last edited by carpman; 18th February 2009 at 06:23 PM.
|Thread||Thread Starter||Forum||Replies||Last Post|
|Remote backups server using FreeBSD, ZFS, and Rsync||phoenix||Guides||1||5th March 2010 12:17 AM|
|upgrade xorg on freebsd||ccc||FreeBSD Ports and Packages||5||1st February 2009 04:17 PM|
|freebsd 7.1 upgrade buildworld error||map7||FreeBSD Installation and Upgrading||9||30th October 2008 06:54 PM|
|A Comprehensive Guide to FreeBSD||ijk||Book reviews||1||29th July 2008 03:53 PM|
|Remote Access to File Server||Oko||OpenBSD Security||7||23rd June 2008 05:17 PM|