From owner-freebsd-jail@freebsd.org  Sun Dec 13 12:04:51 2020
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3F0944B6E58
 for <freebsd-jail@mailman.nyi.freebsd.org>;
 Sun, 13 Dec 2020 12:04:51 +0000 (UTC)
 (envelope-from antranigv@freebsd.am)
Received: from evncert.am (evncert.am [212.42.214.164])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Cv39Y4yg3z3lqY
 for <freebsd-jail@freebsd.org>; Sun, 13 Dec 2020 12:04:48 +0000 (UTC)
 (envelope-from antranigv@freebsd.am)
Received: from evncert.am (localhost [127.0.0.1])
 by evncert.am (OpenSMTPD) with ESMTP id f8999814
 for <freebsd-jail@freebsd.org>; Sun, 13 Dec 2020 16:04:43 +0400 (+04)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=post.evncert.am; h=
 message-id:subject:from:to:date:content-type:mime-version
 :content-transfer-encoding; s=selector0; bh=CDLTIOzmK53mytkiMKFw
 CFkiStg=; b=hxQ7MrUWcj4NwGL8nFjo/Xuf4fJXETnV0AGNq+icwNxR1ShasI3O
 wGqQ6xwfx6Z6cpCPebU5vFWt1Yehaocb5Xq6dsBKAmuB8w1pDIXw9BzAMvXp82J6
 D/0plV2HdQhNr339feWMIYYAqm3zgKw36KCiQXmnFKFAptlhLvUs2Ro=
Received: by post.evncert.am (OpenSMTPD) with ESMTPSA id b2cf2bfa
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO)
 for <freebsd-jail@freebsd.org>; Sun, 13 Dec 2020 16:04:43 +0400 (+04)
Message-ID: <5db512d7b8a9a27000b5f2742a3da71d112a681b.camel@freebsd.am>
Subject: Upgrading multiple Jails via freebsd-update
From: antranigv <antranigv@freebsd.am>
To: freebsd-jail@freebsd.org
Date: Sun, 13 Dec 2020 16:04:39 +0400
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.38.1 FreeBSD GNOME Team
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4Cv39Y4yg3z3lqY
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=post.evncert.am header.s=selector0 header.b=hxQ7MrUW;
 dmarc=none;
 spf=pass (mx1.freebsd.org: domain of antranigv@freebsd.am designates
 212.42.214.164 as permitted sender) smtp.mailfrom=antranigv@freebsd.am
X-Spamd-Result: default: False [-3.43 / 15.00]; MID_RHS_MATCH_FROM(0.00)[];
 RBL_DBL_DONT_QUERY_IPS(0.00)[212.42.214.164:from];
 R_DKIM_ALLOW(-0.20)[post.evncert.am:s=selector0];
 ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+mx];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org];
 TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1];
 SPAMHAUS_ZRD(0.00)[212.42.214.164:from:127.0.2.255];
 DMARC_NA(0.00)[freebsd.am];
 DKIM_TRACE(0.00)[post.evncert.am:+];
 NEURAL_HAM_SHORT(-0.98)[-0.981];
 NEURAL_HAM_MEDIUM(-0.95)[-0.952];
 NEURAL_HAM_LONG(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[];
 ASN(0.00)[asn:49800, ipnet:212.42.192.0/19, country:AM];
 RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-jail]
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Dec 2020 12:04:51 -0000

Greetings!

freebsd-update is an amazing tool to upgrade the system without
compiling from sources and upgrading jails can be as easy as freebsd-
update -b /path/to/jail upgrade -r 12.2-RELEASE, however I have noticed
that when using the utility multiple times, it still fetches the files
multiple times.

My question is: Is there a way to use FreeBSD-update in a way, that
allows the user to download once and upgrade multiple Jails. I run
dozens of jails on multiple hosts and it's very frustrating to download
the same content.

I think it's okay for the patch files to be downloaded every time
(freebsd-update fetch install), since they are small and don't require
a lot of time, but the upgrade process is somehow a pain.

Some things I know I don't want: 1) Thin Jails (I like using zfs clone
on ZFS systems and tar xf base.txz -C jail0/ on UFS) as a solution,
since I change the base a lot. 2) Using network caching (say, via
Varnish), it seems like more overhead, although any new suggestions
would be nice 3) compiling the sources at all (but I'm rethinking this
lately, however my CPU is not that fast).

Any tips and suggestions would be nice!

P.S. In an ideal solution, it would be nice to just download the ISO or
tarballs from the mirrors and pass that to freebsd-update, but looks
like that required a lot of work.

-- 
antranigv
https://antranigv.am/



From owner-freebsd-jail@freebsd.org  Sun Dec 13 16:04:29 2020
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9D0E24BCDF4;
 Sun, 13 Dec 2020 16:04:29 +0000 (UTC)
 (envelope-from mj-mailinglist@gmx.de)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest
 SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "mout.gmx.net",
 Issuer "TeleSec ServerPass Class 2 CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Cv8V43yXTz4bRp;
 Sun, 13 Dec 2020 16:04:28 +0000 (UTC)
 (envelope-from mj-mailinglist@gmx.de)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net;
 s=badeba3b8450; t=1607875466;
 bh=etI9zXFsF1Dv+ctlmvLD01JxSlHdoTImPWkUTEF6drU=;
 h=X-UI-Sender-Class:From:To:Subject:Date;
 b=TG4EnVDcHF8ic7vPURG6c3MJKa8im7YIHzK/a+2vcMgWOS8DF0qXTH9PfcuhznfQE
 WPahZp5m0kgS8t21CMe4ASlv/CcBCNzYdNvSFnhMoDAY3CwHxPhYsBg/4rl3+8vOKz
 ypvqu4Q2n5UhsNYz+YH7+RabSo14UoVAMKEaCraw=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [89.247.37.65] ([89.247.37.65]) by web-mail.gmx.net
 (3c-app-gmx-bap80.server.lan [172.19.172.138]) (via HTTP); Sun, 13 Dec 2020
 17:04:26 +0100
MIME-Version: 1.0
Message-ID: <trinity-1eddb95f-d7d8-4b02-be03-0296774a8434-1607875466295@3c-app-gmx-bap80>
From: mj-mailinglist@gmx.de
To: freebsd-questions@freebsd.org, freebsd-jail@freebsd.org
Subject: Questions about the output of jls
Content-Type: text/plain; charset=UTF-8
Date: Sun, 13 Dec 2020 17:04:26 +0100
Importance: normal
Sensitivity: Normal
X-Priority: 3
X-Provags-ID: V03:K1:4PXiH94zCSqwg5DjmLZzjTxas3BwtrEs0ZCQ533Bw/lXC0aViBGnabHFlzwC4VwWDaofV
 DPQ+3ajmpjWDBQSS7xFWRd51J3/FY/Gb+KrhboaY+EUtGKVpO76KM3lac1oWxEr8rZlXEhI/q2D+
 tcmatDuUE+4xyp3265xluwHxystpJJeVf3Sc9Ya0n0NWz9N6BhM1d3Rvx7/gRItcOSmdUPgS4NVc
 vIYjBotgQiAsCEvX8Bja1eW4UVANSZXSFqpieHnwCty6BwPusoIDc0BJVjaNv8oMDRguThFWRwHD
 L8=
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:GI5RwaChLHc=:JgahHsx6kNmaiK6xx+oS99
 v9WLPNPjhcdqvsaKOTmT2R0L97mkBIzVIuEaCu/e1FPNlUOlAdX8ztatSrMx7zteSREG0ZhA5
 3tKxmmuHpIRThCfKiw/2NZCHCws1JGy/hnIuRIRBYRbPXaKaftkwm8JgQFzYeYmg0wLD/HFaS
 F4rWKsgGwapwlWaNV9dV0pjc3FwfX0V9bjct+nU34SDSji3DaPOFLMghvkYfhCMUXjGzntP7a
 oM1Pj/YU6oNR9/4D+T0Gc9IumrTbcmpZkrIxZkaH32b4sbtI0H1z8S48bhSV8vr4MzUQEgCBT
 EHjQSksCf8Oe8LcBa14cffe9+LWxwd4Tmw4JRTU0MimoBvdul/K4hDotd1FWMXB4RbO1w3syX
 ss8bjXC+KLAOR/ztKimNnWsaI3HRwDKBN8sr7H1A71w0u9OLXo2ANEHYgiFDmqVPBD9dImQsk
 cGGmqo18posdBJzRnVEZ404De30RqcGOxtWUQ7+uNhX/YncUKzH3zu41TJoQetbN5WgxjSuvw
 dA55/yCKVgtNZfEPK5UrJfZ7USQi9Ae81S+9BIyu9NODduzaDDZwUUOio6PHiKiavD4mnSDGZ
 kzeM73d8fWZs0=
X-Rspamd-Queue-Id: 4Cv8V43yXTz4bRp
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmx.net header.s=badeba3b8450 header.b=TG4EnVDc;
 dmarc=pass (policy=none) header.from=gmx.de;
 spf=pass (mx1.freebsd.org: domain of mj-mailinglist@gmx.de designates
 212.227.17.21 as permitted sender) smtp.mailfrom=mj-mailinglist@gmx.de
X-Spamd-Result: default: False [-3.59 / 15.00]; FREEMAIL_FROM(0.00)[gmx.de];
 R_SPF_ALLOW(-0.20)[+ip4:212.227.17.0/27]; TO_DN_NONE(0.00)[];
 DKIM_TRACE(0.00)[gmx.net:+]; RCPT_COUNT_TWO(0.00)[2];
 HAS_X_PRIO_THREE(0.00)[3]; NEURAL_HAM_SHORT(-0.99)[-0.991];
 DMARC_POLICY_ALLOW(-0.50)[gmx.de,none];
 RECEIVED_SPAMHAUS_PBL(0.00)[89.247.37.65:received];
 RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+];
 FREEMAIL_ENVFROM(0.00)[gmx.de];
 ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE];
 RBL_DBL_DONT_QUERY_IPS(0.00)[212.227.17.21:from];
 FROM_EQ_ENVFROM(0.00)[]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000];
 R_DKIM_ALLOW(-0.20)[gmx.net:s=badeba3b8450];
 RCVD_IN_DNSWL_LOW(-0.10)[212.227.17.21:from];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000];
 MIME_GOOD(-0.10)[text/plain];
 SPAMHAUS_ZRD(0.00)[212.227.17.21:from:127.0.2.255];
 FROM_NO_DN(0.00)[];
 RWL_MAILSPIKE_POSSIBLE(0.00)[212.227.17.21:from];
 MID_RHS_NOT_FQDN(0.50)[]; RCVD_COUNT_TWO(0.00)[2];
 MAILMAN_DEST(0.00)[freebsd-questions,freebsd-jail]
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Dec 2020 16:04:29 -0000

Hi,

I habe a current system, where i have current and 12.2-STABLE jails. Checking with jls, i get this output:

root@fbsd13:~ # jls -h jid name ip4.addr host.hostname vnet osrelease path | column -t
jid  name  ip4.addr      host.hostname  vnet  osrelease     path
8    j0    192.168.0.10  j0.local       2     13.0-CURRENT  /jails/j0
10   j1    -             j1.local       1     13.0-CURRENT  /jails/j1
12   j2    -             j2.local       1     13.0-CURRENT  /jails/j2

the jails are running this versions:

root@fbsd13:~ # jexec -l j0 freebsd-version -u
12.2-STABLE
root@fbsd13:~ # jexec -l j1 freebsd-version -u
13.0-CURRENT
root@fbsd13:~ # jexec -l j2 freebsd-version -u
12.2-STABLE


What is "osrelease"? Looking at the name, i would have guessed, it is the
version of the freebsd userland, running in the jail. But it does't seem so.
j1 and j2 are VNET jails, so it seems the 1 in the vnet column signifies this,
j0 is a "standard" jail using the hosts network stack, so the 2 stands for standard?

Is ist possible for jls to get the ip address and the userland version of/in the jail?
Or is the only way to get this information to jexec ifconfig and freebsd-version?

--
Martin


From owner-freebsd-jail@freebsd.org  Sun Dec 13 16:16:59 2020
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id C1C5B4BD72C;
 Sun, 13 Dec 2020 16:16:59 +0000 (UTC)
 (envelope-from kevans@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "smtp.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Cv8mW55Nvz4c3G;
 Sun, 13 Dec 2020 16:16:59 +0000 (UTC)
 (envelope-from kevans@freebsd.org)
Received: from mail-qk1-f178.google.com (mail-qk1-f178.google.com
 [209.85.222.178])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 (Authenticated sender: kevans)
 by smtp.freebsd.org (Postfix) with ESMTPSA id 9C7498AB8;
 Sun, 13 Dec 2020 16:16:59 +0000 (UTC)
 (envelope-from kevans@freebsd.org)
Received: by mail-qk1-f178.google.com with SMTP id p14so4310275qke.6;
 Sun, 13 Dec 2020 08:16:59 -0800 (PST)
X-Gm-Message-State: AOAM5313ohJflbWUANgMlhSvTha1S4HCTFmCb5by2qG4KB9vDEUiDRUp
 nX5uTO63GRGCYP6bOAes3r0uNLAIBBlVWO/yto4=
X-Google-Smtp-Source: ABdhPJxb3kNtlshrSbcCHL9bvAKHqAQYIn1xu9q+1uf6mV6hngsghP6VDslUy3RlXS1h+xHbSh79C7zeN6nopRLDuTA=
X-Received: by 2002:a05:620a:2010:: with SMTP id
 c16mr27280955qka.493.1607876219222; 
 Sun, 13 Dec 2020 08:16:59 -0800 (PST)
MIME-Version: 1.0
References: <trinity-1eddb95f-d7d8-4b02-be03-0296774a8434-1607875466295@3c-app-gmx-bap80>
In-Reply-To: <trinity-1eddb95f-d7d8-4b02-be03-0296774a8434-1607875466295@3c-app-gmx-bap80>
From: Kyle Evans <kevans@freebsd.org>
Date: Sun, 13 Dec 2020 10:16:46 -0600
X-Gmail-Original-Message-ID: <CACNAnaHjBmr2F2+aZHOH3UsgOE0FL+SknUV7-a825NBRJJ+AHw@mail.gmail.com>
Message-ID: <CACNAnaHjBmr2F2+aZHOH3UsgOE0FL+SknUV7-a825NBRJJ+AHw@mail.gmail.com>
Subject: Re: Questions about the output of jls
To: mj-mailinglist@gmx.de
Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org>,
 freebsd-jail <freebsd-jail@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Dec 2020 16:16:59 -0000

On Sun, Dec 13, 2020 at 10:04 AM <mj-mailinglist@gmx.de> wrote:
>
> Hi,
>
> I habe a current system, where i have current and 12.2-STABLE jails. Checking with jls, i get this output:
>
> root@fbsd13:~ # jls -h jid name ip4.addr host.hostname vnet osrelease path | column -t
> jid  name  ip4.addr      host.hostname  vnet  osrelease     path
> 8    j0    192.168.0.10  j0.local       2     13.0-CURRENT  /jails/j0
> 10   j1    -             j1.local       1     13.0-CURRENT  /jails/j1
> 12   j2    -             j2.local       1     13.0-CURRENT  /jails/j2
>
> the jails are running this versions:
>
> root@fbsd13:~ # jexec -l j0 freebsd-version -u
> 12.2-STABLE
> root@fbsd13:~ # jexec -l j1 freebsd-version -u
> 13.0-CURRENT
> root@fbsd13:~ # jexec -l j2 freebsd-version -u
> 12.2-STABLE
>
>
> What is "osrelease"? Looking at the name, i would have guessed, it is the
> version of the freebsd userland, running in the jail. But it does't seem so.
> j1 and j2 are VNET jails, so it seems the 1 in the vnet column signifies this,
> j0 is a "standard" jail using the hosts network stack, so the 2 stands for standard?
>

Hi,

osrelease is what the jail sees as kern.osrelease and uname -r (see:
jail(8)) (i.e. kernel version); it's either specified during jail
creation or inherited from the parent prison if none is specified.

It looks like it's exporting a jailsys int for vnet, so these correspond to:

JAIL_SYS_DISABLE=0
JAIL_SYS_NEW=1
JAIL_SYS_INHERIT=2

So 2 is 'use parent vnet', 1 is 'new one created' -- I don't see this
described in either jls(1) or jail(8), it'd probably be nice if we
translated jailsys ints into "new"/"inherit" since one specifies
"new"/"inherit" for them during creation.

Thanks,

Kyle Evans

From owner-freebsd-jail@freebsd.org  Mon Dec 14 06:37:25 2020
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0FA034AF6CB
 for <freebsd-jail@mailman.nyi.freebsd.org>;
 Mon, 14 Dec 2020 06:37:25 +0000 (UTC)
 (envelope-from lars.engels@0x20.net)
Received: from mail.0x20.net (mail.0x20.net [46.251.251.56])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4CvWsJ1QVLz4Sy1
 for <freebsd-jail@freebsd.org>; Mon, 14 Dec 2020 06:37:24 +0000 (UTC)
 (envelope-from lars.engels@0x20.net)
Received: from 0x20.net (webs.0x20.net [46.251.251.54])
 (Authenticated sender: lala)
 by mail.0x20.net (Postfix) with ESMTPA id AA1801348ED
 for <freebsd-jail@freebsd.org>; Mon, 14 Dec 2020 07:37:16 +0100 (CET)
MIME-Version: 1.0
Date: Mon, 14 Dec 2020 07:37:16 +0100
From: Lars Engels <lars.engels@0x20.net>
To: freebsd-jail@freebsd.org
Subject: Re: Upgrading multiple Jails via freebsd-update
In-Reply-To: <5db512d7b8a9a27000b5f2742a3da71d112a681b.camel@freebsd.am>
References: <5db512d7b8a9a27000b5f2742a3da71d112a681b.camel@freebsd.am>
User-Agent: Roundcube Webmail/1.4.9
Message-ID: <276b7ed781d29973637d911b82a627ec@0x20.net>
X-Sender: lars.engels@0x20.net
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4CvWsJ1QVLz4Sy1
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of lars.engels@0x20.net designates
 46.251.251.56 as permitted sender) smtp.mailfrom=lars.engels@0x20.net
X-Spamd-Result: default: False [-1.89 / 15.00]; RCVD_TLS_LAST(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[];
 FROM_HAS_DN(0.00)[];
 RBL_DBL_DONT_QUERY_IPS(0.00)[46.251.251.56:from];
 TO_MATCH_ENVRCPT_ALL(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:46.251.251.56];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org];
 TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1];
 SPAMHAUS_ZRD(0.00)[46.251.251.56:from:127.0.2.255];
 ARC_NA(0.00)[]; NEURAL_SPAM_SHORT(0.41)[0.410];
 NEURAL_HAM_LONG(-1.00)[-1.000]; DMARC_NA(0.00)[0x20.net];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:31400, ipnet:46.251.251.0/24, country:DE];
 RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-jail]
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Dec 2020 06:37:25 -0000

Am 2020-12-13 13:04, schrieb antranigv:
> Greetings!
> 
> freebsd-update is an amazing tool to upgrade the system without
> compiling from sources and upgrading jails can be as easy as freebsd-
> update -b /path/to/jail upgrade -r 12.2-RELEASE, however I have noticed
> that when using the utility multiple times, it still fetches the files
> multiple times.
> 
> My question is: Is there a way to use FreeBSD-update in a way, that
> allows the user to download once and upgrade multiple Jails. I run
> dozens of jails on multiple hosts and it's very frustrating to download
> the same content.
> 
> I think it's okay for the patch files to be downloaded every time
> (freebsd-update fetch install), since they are small and don't require
> a lot of time, but the upgrade process is somehow a pain.
> 
> Some things I know I don't want: 1) Thin Jails (I like using zfs clone
> on ZFS systems and tar xf base.txz -C jail0/ on UFS) as a solution,
> since I change the base a lot. 2) Using network caching (say, via
> Varnish), it seems like more overhead, although any new suggestions
> would be nice 3) compiling the sources at all (but I'm rethinking this
> lately, however my CPU is not that fast).
> 
> Any tips and suggestions would be nice!
> 
> P.S. In an ideal solution, it would be nice to just download the ISO or
> tarballs from the mirrors and pass that to freebsd-update, but looks
> like that required a lot of work.

You can nullfs-mount /var/db/freebsd-update from the host into the jails 
you want to update.

From owner-freebsd-jail@freebsd.org  Mon Dec 14 09:42:22 2020
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id CE8F44B4CC4
 for <freebsd-jail@mailman.nyi.freebsd.org>;
 Mon, 14 Dec 2020 09:42:22 +0000 (UTC)
 (envelope-from SRS0=5ggR=FS=perdition.city=julien@bebif.be)
Received: from orval.bbpf.belspo.be (orval.bbpf.belspo.be [193.191.208.90])
 by mx1.freebsd.org (Postfix) with ESMTP id 4Cvbyj725gz4dsG
 for <freebsd-jail@freebsd.org>; Mon, 14 Dec 2020 09:42:21 +0000 (UTC)
 (envelope-from SRS0=5ggR=FS=perdition.city=julien@bebif.be)
Received: from x1 (unknown [77.109.122.160])
 by orval.bbpf.belspo.be (Postfix) with ESMTPSA id 222801D4FC97;
 Mon, 14 Dec 2020 10:42:14 +0100 (CET)
Date: Mon, 14 Dec 2020 10:42:11 +0100
From: Julien Cigar <julien@perdition.city>
To: antranigv <antranigv@freebsd.am>
Cc: freebsd-jail@freebsd.org
Subject: Re: Upgrading multiple Jails via freebsd-update
Message-ID: <20201214094211.xlesr2cd32bjgkr6@x1>
Mail-Followup-To: antranigv <antranigv@freebsd.am>,
	freebsd-jail@freebsd.org
References: <5db512d7b8a9a27000b5f2742a3da71d112a681b.camel@freebsd.am>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <5db512d7b8a9a27000b5f2742a3da71d112a681b.camel@freebsd.am>
X-Rspamd-Queue-Id: 4Cvbyj725gz4dsG
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of
 SRS0=5ggR=FS=perdition.city=julien@bebif.be designates 193.191.208.90 as
 permitted sender) smtp.mailfrom=SRS0=5ggR=FS=perdition.city=julien@bebif.be
X-Spamd-Result: default: False [-2.37 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000];
 FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
 R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000];
 MIME_GOOD(-0.10)[text/plain]; MID_RHS_NOT_FQDN(0.50)[];
 DMARC_NA(0.00)[perdition.city];
 SPAMHAUS_ZRD(0.00)[193.191.208.90:from:127.0.2.255];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 RBL_DBL_DONT_QUERY_IPS(0.00)[193.191.208.90:from];
 NEURAL_HAM_SHORT(-0.97)[-0.974]; RCPT_COUNT_TWO(0.00)[2];
 FORGED_SENDER(0.30)[julien@perdition.city,SRS0=5ggR=FS=perdition.city=julien@bebif.be];
 RCVD_NO_TLS_LAST(0.10)[];
 RECEIVED_SPAMHAUS_PBL(0.00)[77.109.122.160:received];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 RCVD_COUNT_TWO(0.00)[2];
 ASN(0.00)[asn:2611, ipnet:193.191.192.0/19, country:BE];
 FROM_NEQ_ENVFROM(0.00)[julien@perdition.city,SRS0=5ggR=FS=perdition.city=julien@bebif.be];
 MAILMAN_DEST(0.00)[freebsd-jail]
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Dec 2020 09:42:22 -0000

On Sun, Dec 13, 2020 at 04:04:39PM +0400, antranigv wrote:
> Greetings!

Hello,

> 
> freebsd-update is an amazing tool to upgrade the system without
> compiling from sources and upgrading jails can be as easy as freebsd-
> update -b /path/to/jail upgrade -r 12.2-RELEASE, however I have noticed
> that when using the utility multiple times, it still fetches the files
> multiple times.
> 
> My question is: Is there a way to use FreeBSD-update in a way, that
> allows the user to download once and upgrade multiple Jails. I run
> dozens of jails on multiple hosts and it's very frustrating to download
> the same content.
> 
> I think it's okay for the patch files to be downloaded every time
> (freebsd-update fetch install), since they are small and don't require
> a lot of time, but the upgrade process is somehow a pain.
> 
> Some things I know I don't want: 1) Thin Jails (I like using zfs clone
> on ZFS systems and tar xf base.txz -C jail0/ on UFS) as a solution,
> since I change the base a lot. 2) Using network caching (say, via
> Varnish), it seems like more overhead, although any new suggestions
> would be nice 3) compiling the sources at all (but I'm rethinking this
> lately, however my CPU is not that fast).
> 
> Any tips and suggestions would be nice!
> 
> P.S. In an ideal solution, it would be nice to just download the ISO or
> tarballs from the mirrors and pass that to freebsd-update, but looks
> like that required a lot of work.

You could setup a caching proxy for freebsd-update with nginx (or ...)

> 
> -- 
> antranigv
> https://antranigv.am/
> 
> 
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"

-- 
Julien Cigar
Belgian Biodiversity Platform (http://www.biodiversity.be)
PGP fingerprint: EEF9 F697 4B68 D275 7B11  6A25 B2BB 3710 A204 23C0
No trees were killed in the creation of this message.
However, many electrons were terribly inconvenienced.

From owner-freebsd-jail@freebsd.org  Tue Dec 15 20:06:23 2020
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 318D94C0D30
 for <freebsd-jail@mailman.nyi.freebsd.org>;
 Tue, 15 Dec 2020 20:06:23 +0000 (UTC)
 (envelope-from jamie@gritton.org)
Received: from gritton.org (gritton.org [199.192.165.131])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4CwTmG0Ny7z4pFS;
 Tue, 15 Dec 2020 20:06:21 +0000 (UTC)
 (envelope-from jamie@gritton.org)
Received: from gritton.org ([127.0.0.131]) (authenticated bits=0)
 by gritton.org (8.15.2/8.15.2) with ESMTPA id 0BFK6K3e063335;
 Tue, 15 Dec 2020 12:06:20 -0800 (PST)
 (envelope-from jamie@gritton.org)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Tue, 15 Dec 2020 12:06:20 -0800
From: James Gritton <jamie@gritton.org>
To: freebsd-jail <freebsd-jail@freebsd.org>
Subject: Re: Questions about the output of jls
In-Reply-To: <CACNAnaHjBmr2F2+aZHOH3UsgOE0FL+SknUV7-a825NBRJJ+AHw@mail.gmail.com>
References: <trinity-1eddb95f-d7d8-4b02-be03-0296774a8434-1607875466295@3c-app-gmx-bap80>
 <CACNAnaHjBmr2F2+aZHOH3UsgOE0FL+SknUV7-a825NBRJJ+AHw@mail.gmail.com>
User-Agent: Roundcube Webmail/1.4.1
Message-ID: <466a825c7a7a1cdbcec72b82f978ad08@gritton.org>
X-Sender: jamie@gritton.org
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2
 (gritton.org [127.0.0.131]); Tue, 15 Dec 2020 13:06:20 -0700 (MST)
X-Rspamd-Queue-Id: 4CwTmG0Ny7z4pFS
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of jamie@gritton.org designates
 199.192.165.131 as permitted sender) smtp.mailfrom=jamie@gritton.org
X-Spamd-Result: default: False [-3.30 / 15.00]; RCVD_TLS_LAST(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; FREEFALL_USER(0.00)[jamie];
 FROM_HAS_DN(0.00)[];
 RBL_DBL_DONT_QUERY_IPS(0.00)[199.192.165.131:from];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[];
 MIME_GOOD(-0.10)[text/plain];
 R_SPF_ALLOW(-0.20)[+ip4:199.192.165.128/28]; ARC_NA(0.00)[];
 DMARC_NA(0.00)[gritton.org];
 SPAMHAUS_ZRD(0.00)[199.192.165.131:from:127.0.2.255];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000]; TO_DN_ALL(0.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000]; RCPT_COUNT_TWO(0.00)[2];
 NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:30247, ipnet:199.192.164.0/22, country:US];
 RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-jail]
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2020 20:06:23 -0000

On 2020-12-13 08:16, Kyle Evans wrote:
> 
> It looks like it's exporting a jailsys int for vnet, so these 
> correspond to:
> 
> JAIL_SYS_DISABLE=0
> JAIL_SYS_NEW=1
> JAIL_SYS_INHERIT=2
> 
> So 2 is 'use parent vnet', 1 is 'new one created' -- I don't see this
> described in either jls(1) or jail(8), it'd probably be nice if we
> translated jailsys ints into "new"/"inherit" since one specifies
> "new"/"inherit" for them during creation.

Turns out this is a legit bug - I had a "=" where I needed a "|=".  That 
one-character fix will turn "vnet=2" into "vnet=inherit" for "jail -n 
vnet", same as it already is for "jail -n" without explicit parameters.

- Jamie

From owner-freebsd-jail@freebsd.org  Tue Dec 15 21:58:16 2020
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 254CA4C54F5
 for <freebsd-jail@mailman.nyi.freebsd.org>;
 Tue, 15 Dec 2020 21:58:16 +0000 (UTC)
 (envelope-from kevans@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "smtp.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4CwXFN0NdQz3GQt
 for <freebsd-jail@freebsd.org>; Tue, 15 Dec 2020 21:58:16 +0000 (UTC)
 (envelope-from kevans@freebsd.org)
Received: from mail-qv1-f45.google.com (mail-qv1-f45.google.com
 [209.85.219.45])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 (Authenticated sender: kevans)
 by smtp.freebsd.org (Postfix) with ESMTPSA id EF8D41609
 for <freebsd-jail@freebsd.org>; Tue, 15 Dec 2020 21:58:15 +0000 (UTC)
 (envelope-from kevans@freebsd.org)
Received: by mail-qv1-f45.google.com with SMTP id a13so10364332qvv.0
 for <freebsd-jail@freebsd.org>; Tue, 15 Dec 2020 13:58:15 -0800 (PST)
X-Gm-Message-State: AOAM533TVxVroW+UrTCHh8EthRKL4nEPSwU7p/5qeYmTogXEUiPG06qF
 dKz8E4KqNwR92ta6OyscViybJAMzoqwAPHEEUr8=
X-Google-Smtp-Source: ABdhPJw3JBpwOknkvqC2I9vFTfr239PHopsMecofrbT0k5eWoymZUY5lFYII+DqtWz6uMU3eTSXHV3QrxdsePp6E0w0=
X-Received: by 2002:a05:6214:6af:: with SMTP id
 s15mr38128730qvz.34.1608069495623; 
 Tue, 15 Dec 2020 13:58:15 -0800 (PST)
MIME-Version: 1.0
References: <trinity-1eddb95f-d7d8-4b02-be03-0296774a8434-1607875466295@3c-app-gmx-bap80>
 <CACNAnaHjBmr2F2+aZHOH3UsgOE0FL+SknUV7-a825NBRJJ+AHw@mail.gmail.com>
 <466a825c7a7a1cdbcec72b82f978ad08@gritton.org>
In-Reply-To: <466a825c7a7a1cdbcec72b82f978ad08@gritton.org>
From: Kyle Evans <kevans@freebsd.org>
Date: Tue, 15 Dec 2020 15:58:01 -0600
X-Gmail-Original-Message-ID: <CACNAnaG1iRLuVy6xW-7C3zZsm+oB=2poVm+bkoAad+whrfMnng@mail.gmail.com>
Message-ID: <CACNAnaG1iRLuVy6xW-7C3zZsm+oB=2poVm+bkoAad+whrfMnng@mail.gmail.com>
Subject: Re: Questions about the output of jls
To: James Gritton <jamie@gritton.org>
Cc: freebsd-jail <freebsd-jail@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2020 21:58:16 -0000

On Tue, Dec 15, 2020 at 2:06 PM James Gritton <jamie@gritton.org> wrote:
>
> On 2020-12-13 08:16, Kyle Evans wrote:
> >
> > It looks like it's exporting a jailsys int for vnet, so these
> > correspond to:
> >
> > JAIL_SYS_DISABLE=0
> > JAIL_SYS_NEW=1
> > JAIL_SYS_INHERIT=2
> >
> > So 2 is 'use parent vnet', 1 is 'new one created' -- I don't see this
> > described in either jls(1) or jail(8), it'd probably be nice if we
> > translated jailsys ints into "new"/"inherit" since one specifies
> > "new"/"inherit" for them during creation.
>
> Turns out this is a legit bug - I had a "=" where I needed a "|=".  That
> one-character fix will turn "vnet=2" into "vnet=inherit" for "jail -n
> vnet", same as it already is for "jail -n" without explicit parameters.
>

Aha! This is both unexpected and amusing. Thanks for the fix. =)