From 76c37ca965d721fc358b4b911e97bd2bb82f6f52 Mon Sep 17 00:00:00 2001 From: David Marec Date: Thu, 21 May 2020 12:10:22 +0200 Subject: [PATCH] Jails management --- jail-update.conf | 76 +++++++++++++++++++++++++++++++++++++++++++++++ jail_update.sh | 77 ++++++++++++++++++++++++++++++++++++++++++++++++ portupgrade.sh | 61 ++++++++++++++++++++++++++++++++++++++ update_stage0.sh | 11 ++----- 4 files changed, 217 insertions(+), 8 deletions(-) create mode 100644 jail-update.conf create mode 100755 jail_update.sh create mode 100755 portupgrade.sh diff --git a/jail-update.conf b/jail-update.conf new file mode 100644 index 0000000..3550df1 --- /dev/null +++ b/jail-update.conf @@ -0,0 +1,76 @@ +# $FreeBSD: stable/12/usr.sbin/freebsd-update/freebsd-update.conf 337338 2018-08-04 22:25:41Z brd $ + +# Trusted keyprint. Changing this is a Bad Idea unless you've received +# a PGP-signed email from telling you to +# change it and explaining why. +KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5 + +# Server or server pool from which to fetch updates. You can change +# this to point at a specific server if you want, but in most cases +# using a "nearby" server won't provide a measurable improvement in +# performance. +ServerName update.FreeBSD.org + +# Components of the base system which should be kept updated. +Components world + +# Example for updating the userland and the kernel source code only: +# Components src/base src/sys world + +# Paths which start with anything matching an entry in an IgnorePaths +# statement will be ignored. +IgnorePaths + +# Paths which start with anything matching an entry in an IDSIgnorePaths +# statement will be ignored by "freebsd-update IDS". +IDSIgnorePaths /usr/share/man/cat +IDSIgnorePaths /usr/share/man/whatis +IDSIgnorePaths /var/db/locate.database +IDSIgnorePaths /var/log + +# Paths which start with anything matching an entry in an UpdateIfUnmodified +# statement will only be updated if the contents of the file have not been +# modified by the user (unless changes are merged; see below). +UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile + +# When upgrading to a new FreeBSD release, files which match MergeChanges +# will have any local changes merged into the version from the new release. +MergeChanges /etc/ + +### Default configuration options: + +# Directory in which to store downloaded updates and temporary +# files used by FreeBSD Update. +# WorkDir /var/db/freebsd-update + +# Destination to send output of "freebsd-update cron" if an error +# occurs or updates have been downloaded. +# MailTo root + +# Is FreeBSD Update allowed to create new files? +# AllowAdd yes + +# Is FreeBSD Update allowed to delete files? +# AllowDelete yes + +# If the user has modified file ownership, permissions, or flags, should +# FreeBSD Update retain this modified metadata when installing a new version +# of that file? +# KeepModifiedMetadata yes + +# When upgrading between releases, should the list of Components be +# read strictly (StrictComponents yes) or merely as a list of components +# which *might* be installed of which FreeBSD Update should figure out +# which actually are installed and upgrade those (StrictComponents no)? +# StrictComponents no + +# When installing a new kernel perform a backup of the old one first +# so it is possible to boot the old kernel in case of problems. +BackupKernel no + +# If BackupKernel is enabled, the backup kernel is saved to this +# directory. +# BackupKernelDir /boot/kernel.old + +# When backing up a kernel also back up debug symbol files? +BackupKernelSymbolFiles no diff --git a/jail_update.sh b/jail_update.sh new file mode 100755 index 0000000..bff8866 --- /dev/null +++ b/jail_update.sh @@ -0,0 +1,77 @@ +#!/bin/sh + +# Update freebsd base of all running jails +# +# one has first to create the suitable configuration file +# by default /usr/local/etc/jail-update.conf +# or pass it as the first argument +# +# + +usage() { + echo 'Usage: ...' + echo -e '-c\tconfiguration file' + echo -e '\t\tdefault to /usr/local/etc/jail-update.conf' + echo -e '-j\tjail list' + echo -e '\t\tdefault to all running jails' + echo -e '-u\tthis message' + echo '-------------------------------------------------' +} + +parse() { + RED='\033[0;31m' + NC='\033[0m' # No Color + while getopts "cuj:" option + do + case ${option} in + c) + CONF=${OPTARG} + ;; + j) + JLIST=${OPTARG} + ;; + *) + usage + exit 0 + ;; + esac + done +} + +# default parameters +CONF=/usr/local/etc/jail-update.conf +# get currently running names (or jids) list +JLIST=`jls name 2>/dev/null` + +parse ${*} + +[ -z "${JLIST}" ] && echo 'no jail to check.exiting.' && exit 0 +[ ! -r "${CONF}" ] && echo 'no configuration file for updating.exiting.' && exit 1 + +echo '' +echo 'Ready to update jail(s) <'${JLIST}'>, according to the <'${CONF}'> configuration.' +echo '' + +for J in ${JLIST}; +do + # jail path + JPATH=`jls -j ${J} path 2>/dev/null` + if [ -n "${JPATH}" ]; then + echo '[ :: ' $J ' ::]' + # freebsd version this jail is running + JVERSION=`jexec ${J} freebsd-version -u` + if [ -n "${JVERSION}" ]; then + echo 'Updating <'${J}'> from version <'${JVERSION}'>, path <${JPATH}>.' + freebsd-update -f ${CONF} --currently-running ${JVERSION} -b ${JPATH} fetch install + + else + echo 'Unable to get jail <'${J}'> path.Skipping' + + fi + + else + echo 'Jail <'${J}'> unavailable.Skipping.' + + fi +done + diff --git a/portupgrade.sh b/portupgrade.sh new file mode 100755 index 0000000..bc766e4 --- /dev/null +++ b/portupgrade.sh @@ -0,0 +1,61 @@ +#!/bin/sh + +all_jails=`jls jid` +DO_CLEAN="" +DO_DIST="" + +do_all_jails(){ + + echo '---------------------------------------' + echo ":: Host ::" + echo + pkg upgrade + echo + echo Cleaning host + echo + [ -n "${DO_CLEAN}" ] && pkg ${DO_CLEAN} + [ -n "${DO_CLEAN}" ] && pkg ${DO_DIST} + for j in ${all_jails} + do + echo '---------------------------------------' + echo ":: jail `jls -j ${j} name` [ ${j} ] ::" + echo '' + + pkg -j ${j} upgrade + echo + echo Cleaning + echo + [ -n "${DO_CLEAN}" ] && pkg -j ${j} ${DO_CLEAN} + echo + echo Cleanup distfiles + echo + [ -n "${DO_CLEAN}" ] && pkg -j ${j} ${DO_DIST} + done +} + +echo +read -r -p "Would you like to clean up (autoremove) ports ? [Y/n] " yn +echo + +case "${yn}" in + [Yy][eE][sS]|[yY]) + DO_CLEAN="autoremove" + ;; + *) + ;; +esac + + +echo +read -r -p "Would you like to remove distfiles ? [Y/n] " yn +echo + +case "${yn}" in + [Yy][eE][sS]|[yY]) + DO_DIST="clean -a" + ;; + *) + ;; +esac +echo removing distfiles +do_all_jails diff --git a/update_stage0.sh b/update_stage0.sh index 31edbce..bc10a0f 100755 --- a/update_stage0.sh +++ b/update_stage0.sh @@ -31,22 +31,17 @@ parse() { ;; esac ;; + *) + usage;; esac done } jarg=`sysctl -n hw.ncpu` - - usrsrc=${USRSRC:-/usr/src} -if [ $? -ne 0 ] -then - usage -else - parse ${*} -fi +parse ${*} if [ ${UPDATE:=-0} -eq 1 ]; then echo "updating ..." -- 2.45.0