Date: Sun, 19 Oct 2014 11:14:58 -0700 From: David Wolfskill <david@catwhisker.org> To: freebsd-ports@freebsd.org Subject: Re: dns/bind99 and the migration from FreeBSD 9.x -> 10.x Message-ID: <20141019181458.GB1235@albert.catwhisker.org> In-Reply-To: <20140227232737.GV1630@albert.catwhisker.org> References: <20140227232737.GV1630@albert.catwhisker.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--1LKvkjL3sHcu1TtY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Feb 27, 2014 at 03:27:37PM -0800, David Wolfskill wrote:
> I am not at all clear how to perform a migration of machines that
> run authoritative nameservers from FreeBSD 9.x -> 10.x, given the
> current setup of the dns/bind99 port. I'm hoping for some clues,
> if not insight.
> ....
I seem to have managed to perform the above migration for one of
the two machines that I have here at home that meet the above
description. (I have not yet attempted it for the other; if things
seem OK after a week, it's next up.)
Unrelated to this issue, I acquired the use of a test machine (to
which I restored the backup images of the file systems of the machine
I just upgraded, then changed the hostname & IP address). I was
thus able to experiment a bit.
On these machines, I have them set up to boot from either of 2
slices (each of which contains its own / and /usr; /var is the same
file system (on a 3rd slice) regardless of which slice is booted),
and flip from one slice to the other at each upgrade. I normally
track a stable/N branch, updating weekly. Salient parts of the
upgrade process for these intra-branch upgrades:
* "Clone" the running slice to the other one.
* Ensure that the root and usr file systems from the non-booted slice
are mounted at a suitable mountpoint.
* Mount /usr/src and /usr/obj read-only via NFS from the "build machine."
* cd /usr/src && \
make installkernel installworld DESTDIR=3D${other_slice_mountpoint};
mergemaster gets a -D flag for similar purposes.
* Reboot from the newly-populated "other slice."
* Mount /usr/src and /usr/obj read-only via NFS from the "build machine"
(because some ports (e.g., sysutils/lsof) want access to that
information).
* Update installed ports. (I have been using "portmaster -ad" for some
time for this.)
* Perform the "make delete-old-libs" mentioned in src/UPDATING.
* Reboot to ensure that nothing is still using old ports.
For this exercise (9.x -> 10.x on a machine running an authoritative
name server), here's what worked for me:
* Mount /usr/src and /usr/obj read-only via NFS from the "build machine"
(because some ports (e.g., sysutils/lsof) want access to that
information).
* Update installed ports.
* cp -pr /var/named/etc/namedb /usr/local/etc/
* cd /usr/local/etc/namedb &&=20
foreach f (`find . -type d -name RCS -prune -o -type f -print0 | \
xargs -0 grep -l '"/etc/'`)
sed -i "" -e 's/"\/etc/"\/usr\/local\/etc/g' $f
end
* "Clone" the running slice to the other one.
* Ensure that the root and usr file systems from the non-booted slice
are mounted at a suitable mountpoint.
* Mount /usr/src and /usr/obj read-only via NFS from the "build machine."
* cd /usr/src && \
make installkernel installworld DESTDIR=3D${other_slice_mountpoint};
mergemaster gets a -D flag for similar purposes.
* Reboot from the newly-populated "other slice."
* Install ports/misc/compat9x (e.g., "portmaster misc/compat9x")/
* Re-install ports/dns/bind99 (e.g., "portmaster dns/bind99")/
* service named restart (and verify that lookups are faster now that the
first nameserver listed in /etc/resolv.conf actually has named
running).
* Perform the "make delete-old-libs" mentioned in src/UPDATING.
* Reboot to ensure that nothing is still using old ports.
Note that while dns/bind99 and misc/compat9x were built/installed under
10.x, the rest of the ports on the system are still running after having
been built/installed under 9.x. This is intentional, so I have a
relatively easy fallback option in case of Something Bad happening
(reboot from the previous slice, which still has stable/9 installed).
After a week (or two), I expect to cut over fully, and perform the
process documented near the bottom of portmaster(8) to rebuild/iinstall
all installed ports under stable/10. And then I expect to do the same
for my laptop and the build machine... and then I'll stop tracking
stable/9.
YMMV, and all that.
Peace,
david
--=20
David H. Wolfskill david@catwhisker.org
Taliban: Evil cowards with guns afraid of truth from a 14-year old girl.
See http://www.catwhisker.org/~david/publickey.gpg for my public key.
--1LKvkjL3sHcu1TtY
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQJ8BAEBCgBmBQJUQ/+iXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4RThEMDY4QTIxMjc1MDZFRDIzODYzRTc4
QTY3RjlDOERFRjQxOTNCAAoJEIpn+cje9Bk79WUP/jC251qM6nuhrjARfw4orduR
t/R8dMnKO9Af7Ka2lul+27xgwgnjcbOVIXr3cfNvWu7GbU/XX0WjAGZ1lwWnNRHl
EQcs1BuWvGy4WJXJYk1gGFU8AW85/YHENdeKX4usWnq6DTImQdmK+gTqAkEtYGWe
8UdirZWIHT7eNwxJcxZx2AyHsGPdo5A3v1D73x98hzZeyHxnCr/LUuq/NH/ogzp7
NNPKMAO/rGB9+rr7oj1yRocfWLfFNaXORR055cL4tYb8H1gSFUUyMauQW+GMl3N9
7WnIKQmuNNiI0TWDYlloZe/YifEY+zH8Yea31tPx/7KEcEt4Imt7fNeB2ONV2FqX
ibH1MA3DFWdvVwaX4qKdjJuZq2lNcF+En/MjbtARAAcfUxIr3ixJyMh2mX8FP8YZ
X0z1RP4ZA2GbcxD8iAUswgb/bVa0qFjjcYjzc2sjeHdM+xMbInTtklqhWX9+rRHt
BuGz82zvLaUTa+x0TdQuDWK2yOYvOAyVb0dHr59161vhMXWQqxOAksV4/TPmehEu
BB/1lvFlf38YxmozyAnOenjPV+sYiVcPWxIpGHKhJ7ghJpWL4OuidzXF59NgHvPI
gnCwvsspObC9m2ZyQVg4Zn6O4MMN/CX+TR0xsDF5+NpNtt24Rm3GpVooIuxHwKlt
iIoxHa4h+v+2RSnLvwzj
=kKT3
-----END PGP SIGNATURE-----
--1LKvkjL3sHcu1TtY--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141019181458.GB1235>