Date: Thu, 23 Mar 2006 04:07:54 -0500 From: "Russell E. Meek" <rmeek@russellmeek.net> To: Philippe Lang <philippe.lang@attiksystem.ch> Cc: freebsd-questions@freebsd.org Subject: Re: Make installworld in single-user mode all the time? Message-ID: <4422656A.90506@russellmeek.net> In-Reply-To: <6C0CF58A187DA5479245E0830AF84F421D0AA4@poweredge.attiksystem.ch> References: <6C0CF58A187DA5479245E0830AF84F421D0AA4@poweredge.attiksystem.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
Philippe Lang wrote: > Hi, > > I'd like to patch a production server, with about 10 jails, running FreeBSD > 6.0 Release, in order to get FreeBSD 6.0-p6. > > Since this server is being hosted on a remote location, rebooting in > single-user mode before doing the installworld requires me to move to the > hosting center. > > Documentation mentions that a reboot in single-user mode is necessary. But > on the opposite, /usr/src/UPDATING says: > >> Also, when doing a major release upgrade, it is required that >> you boot into single user mode to do the installworld. > > Since this is no "major release upgrade", does that mean I can do the > installworld in multi-user mode? > > I have tested that on a smaller test server yesterday evening, I have even > done the installworld in running jails, and it worked just fine. Was I lucky > maybe? > > Does anyone have a definitive guide to update FreeBSD correctly? > > Here is what I did: > > ---------- > > 1) Cleaning >> cd /usr/obj >> chflags -R noschg * >> rm -rf > > 2) Buildworld & Kernel >> cd /usr/src >> make buildworld (/usr/src/UPDATING mentions we should avoid the -j option) >> make kernel KERNCONF=<MY_KERNEL_CONF> > > 4) When doing a major release upgrade: >> reboot in single-user mode >> fsck -p >> mount -u / >> mount -a -t ufs >> swapon -a >> adjkerntz -i > > 6) Installworld >> cd /usr/src >> mergemaster -p >> make installworld >> mergemaster > > 7) Update jail1 >> mergemaster -p -D /usr/jails/my_jail1 >> make installworld DESTDIR=/usr/jails/my_jail1 >> mergemaster -D /usr/jails/my_jail1 > > 8) Update jail2 >> mergemaster -p -D /usr/jails/my_jail2 >> make installworld DESTDIR=/usr/jails/my_jail2 >> mergemaster -D /usr/jails/my_jail2 > > 9) Reboot > > ---------- > > Regards, > > ---------------------------------- > Philippe Lang, Ing. Dipl. EPFL > Attik System > rte de la Fonderie 2 > 1700 Fribourg > Switzerland > http://www.attiksystem.ch > > Tel: +41 (26) 422 13 75 > Fax: +41 (26) 422 13 76 > Email: philippe.lang@attiksystem.ch Here is the way I have always perform installworlds. Although this method may be disregarded and unwarranted, it has yet to fail me. All functions are performed in multi-user mode. -------------------------------------------------------------------- If using kern_securelevel_enable="YES" in rc.conf ee /etc/rc.conf (change kern_securelevel_enable="YES" to kern_securelevel_enable="NO") -------------------------------------------------------------------- ee /etc/fstab (remove nosuid,noexec from /tmp if applied) I have noticed installworld issues if noexec / nosuid are applied to mounted /tmp. --------------------------------------------------------------------- su - cd /usr/obj rm -rf * cd /usr/src cvsup -g -L2 -h freebsd11.cvsup.org /root/<cvsup file> Place kernel file in /usr/src/sys/<arch>/conf make buildworld && make buildkernel KERNCONF=<kernel name> && make installkernel KERNCONF=<kernel name> && mergemaster -p reboot cd /usr/src/ make installworld && mergemaster ee /etc/rc.conf (change kern_securelevel_enable="NO" to kern_securelevel_enable="YES") ee /etc/fstab (add your nodev,noexec,nosuid tags to /tmp) reboot cd /usr/obj/ rm -rf * cd /usr/src/ make cleandir; make cleandir --------------------------------------------------------------- I picked this method (most of it) up off of taosecurity. I have used it countless times with no issues whatsoever on remote servers. Thanks, Russell
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4422656A.90506>