From owner-freebsd-ports@FreeBSD.ORG Sun Oct 19 18:15:00 2014 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8F965668 for ; Sun, 19 Oct 2014 18:15:00 +0000 (UTC) Received: from albert.catwhisker.org (mx.catwhisker.org [198.144.209.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 44A2867C for ; Sun, 19 Oct 2014 18:14:59 +0000 (UTC) Received: from albert.catwhisker.org (localhost [127.0.0.1]) by albert.catwhisker.org (8.14.9/8.14.9) with ESMTP id s9JIEwgE002070 for ; Sun, 19 Oct 2014 11:14:58 -0700 (PDT) (envelope-from david@albert.catwhisker.org) Received: (from david@localhost) by albert.catwhisker.org (8.14.9/8.14.9/Submit) id s9JIEwLv002069 for freebsd-ports@freebsd.org; Sun, 19 Oct 2014 11:14:58 -0700 (PDT) (envelope-from david) Date: Sun, 19 Oct 2014 11:14:58 -0700 From: David Wolfskill To: freebsd-ports@freebsd.org Subject: Re: dns/bind99 and the migration from FreeBSD 9.x -> 10.x Message-ID: <20141019181458.GB1235@albert.catwhisker.org> References: <20140227232737.GV1630@albert.catwhisker.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="1LKvkjL3sHcu1TtY" Content-Disposition: inline In-Reply-To: <20140227232737.GV1630@albert.catwhisker.org> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Oct 2014 18:15:00 -0000 --1LKvkjL3sHcu1TtY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 27, 2014 at 03:27:37PM -0800, David Wolfskill wrote: > I am not at all clear how to perform a migration of machines that > run authoritative nameservers from FreeBSD 9.x -> 10.x, given the > current setup of the dns/bind99 port. I'm hoping for some clues, > if not insight. > .... I seem to have managed to perform the above migration for one of the two machines that I have here at home that meet the above description. (I have not yet attempted it for the other; if things seem OK after a week, it's next up.) Unrelated to this issue, I acquired the use of a test machine (to which I restored the backup images of the file systems of the machine I just upgraded, then changed the hostname & IP address). I was thus able to experiment a bit. On these machines, I have them set up to boot from either of 2 slices (each of which contains its own / and /usr; /var is the same file system (on a 3rd slice) regardless of which slice is booted), and flip from one slice to the other at each upgrade. I normally track a stable/N branch, updating weekly. Salient parts of the upgrade process for these intra-branch upgrades: * "Clone" the running slice to the other one. * Ensure that the root and usr file systems from the non-booted slice are mounted at a suitable mountpoint. * Mount /usr/src and /usr/obj read-only via NFS from the "build machine." * cd /usr/src && \ make installkernel installworld DESTDIR=3D${other_slice_mountpoint}; mergemaster gets a -D flag for similar purposes. * Reboot from the newly-populated "other slice." * Mount /usr/src and /usr/obj read-only via NFS from the "build machine" (because some ports (e.g., sysutils/lsof) want access to that information). * Update installed ports. (I have been using "portmaster -ad" for some time for this.) * Perform the "make delete-old-libs" mentioned in src/UPDATING. * Reboot to ensure that nothing is still using old ports. For this exercise (9.x -> 10.x on a machine running an authoritative name server), here's what worked for me: * Mount /usr/src and /usr/obj read-only via NFS from the "build machine" (because some ports (e.g., sysutils/lsof) want access to that information). * Update installed ports. * cp -pr /var/named/etc/namedb /usr/local/etc/ * cd /usr/local/etc/namedb &&=20 foreach f (`find . -type d -name RCS -prune -o -type f -print0 | \ xargs -0 grep -l '"/etc/'`) sed -i "" -e 's/"\/etc/"\/usr\/local\/etc/g' $f end * "Clone" the running slice to the other one. * Ensure that the root and usr file systems from the non-booted slice are mounted at a suitable mountpoint. * Mount /usr/src and /usr/obj read-only via NFS from the "build machine." * cd /usr/src && \ make installkernel installworld DESTDIR=3D${other_slice_mountpoint}; mergemaster gets a -D flag for similar purposes. * Reboot from the newly-populated "other slice." * Install ports/misc/compat9x (e.g., "portmaster misc/compat9x")/ * Re-install ports/dns/bind99 (e.g., "portmaster dns/bind99")/ * service named restart (and verify that lookups are faster now that the first nameserver listed in /etc/resolv.conf actually has named running). * Perform the "make delete-old-libs" mentioned in src/UPDATING. * Reboot to ensure that nothing is still using old ports. Note that while dns/bind99 and misc/compat9x were built/installed under 10.x, the rest of the ports on the system are still running after having been built/installed under 9.x. This is intentional, so I have a relatively easy fallback option in case of Something Bad happening (reboot from the previous slice, which still has stable/9 installed). After a week (or two), I expect to cut over fully, and perform the process documented near the bottom of portmaster(8) to rebuild/iinstall all installed ports under stable/10. And then I expect to do the same for my laptop and the build machine... and then I'll stop tracking stable/9. YMMV, and all that. Peace, david --=20 David H. Wolfskill david@catwhisker.org Taliban: Evil cowards with guns afraid of truth from a 14-year old girl. See http://www.catwhisker.org/~david/publickey.gpg for my public key. --1LKvkjL3sHcu1TtY Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJUQ/+iXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4RThEMDY4QTIxMjc1MDZFRDIzODYzRTc4 QTY3RjlDOERFRjQxOTNCAAoJEIpn+cje9Bk79WUP/jC251qM6nuhrjARfw4orduR t/R8dMnKO9Af7Ka2lul+27xgwgnjcbOVIXr3cfNvWu7GbU/XX0WjAGZ1lwWnNRHl EQcs1BuWvGy4WJXJYk1gGFU8AW85/YHENdeKX4usWnq6DTImQdmK+gTqAkEtYGWe 8UdirZWIHT7eNwxJcxZx2AyHsGPdo5A3v1D73x98hzZeyHxnCr/LUuq/NH/ogzp7 NNPKMAO/rGB9+rr7oj1yRocfWLfFNaXORR055cL4tYb8H1gSFUUyMauQW+GMl3N9 7WnIKQmuNNiI0TWDYlloZe/YifEY+zH8Yea31tPx/7KEcEt4Imt7fNeB2ONV2FqX ibH1MA3DFWdvVwaX4qKdjJuZq2lNcF+En/MjbtARAAcfUxIr3ixJyMh2mX8FP8YZ X0z1RP4ZA2GbcxD8iAUswgb/bVa0qFjjcYjzc2sjeHdM+xMbInTtklqhWX9+rRHt BuGz82zvLaUTa+x0TdQuDWK2yOYvOAyVb0dHr59161vhMXWQqxOAksV4/TPmehEu BB/1lvFlf38YxmozyAnOenjPV+sYiVcPWxIpGHKhJ7ghJpWL4OuidzXF59NgHvPI gnCwvsspObC9m2ZyQVg4Zn6O4MMN/CX+TR0xsDF5+NpNtt24Rm3GpVooIuxHwKlt iIoxHa4h+v+2RSnLvwzj =kKT3 -----END PGP SIGNATURE----- --1LKvkjL3sHcu1TtY--