From owner-freebsd-questions@FreeBSD.ORG  Thu Mar 23 09:07:53 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2D6A216A401
	for <freebsd-questions@freebsd.org>;
	Thu, 23 Mar 2006 09:07:53 +0000 (UTC)
	(envelope-from rmeek@russellmeek.net)
Received: from aries.russellmeek.net (aries.russellmeek.net [64.92.164.178])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C581B43D49
	for <freebsd-questions@freebsd.org>;
	Thu, 23 Mar 2006 09:07:52 +0000 (GMT)
	(envelope-from rmeek@russellmeek.net)
Received: (qmail 36283 invoked by uid 89); 23 Mar 2006 09:07:52 -0000
Received: by simscan 1.2.0 ppid: 36278, pid: 36280, t: 0.1655s
	scanners: attach: 1.2.0 clamav: 0.88/m:36/d:1348
Received: from unknown (HELO ?192.172.1.115?)
	(rmeek@russellmeek.net@67.79.176.182)
	by 180.164.92.64.reverse.layeredtech.com with (DHE-RSA-AES256-SHA
	encrypted) SMTP; 23 Mar 2006 09:07:51 -0000
Message-ID: <4422656A.90506@russellmeek.net>
Date: Thu, 23 Mar 2006 04:07:54 -0500
From: "Russell E. Meek" <rmeek@russellmeek.net>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: Philippe Lang <philippe.lang@attiksystem.ch>
References: <6C0CF58A187DA5479245E0830AF84F421D0AA4@poweredge.attiksystem.ch>
In-Reply-To: <6C0CF58A187DA5479245E0830AF84F421D0AA4@poweredge.attiksystem.ch>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: Make installworld in single-user mode all the time?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Mar 2006 09:07:53 -0000

Philippe Lang wrote:
> Hi,
> 
> I'd like to patch a production server, with about 10 jails, running FreeBSD
> 6.0 Release, in order to get FreeBSD 6.0-p6.
> 
> Since this server is being hosted on a remote location, rebooting in
> single-user mode before doing the installworld requires me to move to the
> hosting center.
> 
> Documentation mentions that a reboot in single-user mode is necessary. But
> on the opposite, /usr/src/UPDATING says:
> 
>> Also, when doing a major release upgrade, it is required that
>> you boot into single user mode to do the installworld.
> 
> Since this is no "major release upgrade", does that mean I can do the
> installworld in multi-user mode?
> 
> I have tested that on a smaller test server yesterday evening, I have even
> done the installworld in running jails, and it worked just fine. Was I lucky
> maybe?
> 
> Does anyone have a definitive guide to update FreeBSD correctly?
> 
> Here is what I did:
> 
> ----------
> 
> 1) Cleaning
>> cd /usr/obj 
>> chflags -R noschg * 
>> rm -rf 
> 
> 2) Buildworld & Kernel
>> cd /usr/src 
>> make buildworld (/usr/src/UPDATING mentions we should avoid the -j option)
>> make kernel KERNCONF=<MY_KERNEL_CONF>
> 
> 4) When doing a major release upgrade:
>> reboot in single-user mode
>> fsck -p 
>> mount -u / 
>> mount -a -t ufs 
>> swapon -a 
>> adjkerntz -i 
> 
> 6) Installworld
>> cd /usr/src 
>> mergemaster -p 
>> make installworld 
>> mergemaster 
>  
> 7) Update jail1
>> mergemaster -p -D /usr/jails/my_jail1
>> make installworld DESTDIR=/usr/jails/my_jail1
>> mergemaster -D /usr/jails/my_jail1
>  
> 8) Update jail2
>> mergemaster -p -D /usr/jails/my_jail2
>> make installworld DESTDIR=/usr/jails/my_jail2
>> mergemaster -D /usr/jails/my_jail2
> 
> 9) Reboot
> 
> ----------
> 
> Regards,
> 
> ----------------------------------
> Philippe Lang, Ing. Dipl. EPFL
> Attik System
> rte de la Fonderie 2
> 1700 Fribourg
> Switzerland
> http://www.attiksystem.ch
> 
> Tel:      +41 (26) 422 13 75 
> Fax:      +41 (26) 422 13 76
> Email:    philippe.lang@attiksystem.ch
Here is the way I have always perform installworlds.  Although this 
method may be disregarded and unwarranted, it has yet to fail me.

All functions are performed in multi-user mode.

--------------------------------------------------------------------

If using kern_securelevel_enable="YES" in rc.conf

ee /etc/rc.conf (change kern_securelevel_enable="YES" to 
kern_securelevel_enable="NO")

--------------------------------------------------------------------

ee /etc/fstab (remove nosuid,noexec from /tmp if applied)

I have noticed installworld issues if noexec / nosuid are applied to 
mounted /tmp.

---------------------------------------------------------------------

su -

cd /usr/obj
rm -rf *

cd /usr/src

cvsup -g -L2 -h freebsd11.cvsup.org /root/<cvsup file>

Place kernel file in /usr/src/sys/<arch>/conf

make buildworld && make buildkernel KERNCONF=<kernel name> && make 
installkernel KERNCONF=<kernel name> && mergemaster -p

reboot

cd /usr/src/

make installworld && mergemaster

ee /etc/rc.conf (change kern_securelevel_enable="NO" to 
kern_securelevel_enable="YES")

ee /etc/fstab (add your nodev,noexec,nosuid tags to /tmp)

reboot

cd /usr/obj/
rm -rf *

cd /usr/src/

make cleandir; make cleandir

---------------------------------------------------------------

I picked this method (most of it) up off of taosecurity.  I have used it 
countless times with no issues whatsoever on remote servers.

Thanks,

Russell