Solved How to update a jail /etc with etcupdate?

[HL1234]

How do I update configuration files in a jail ../etc with etcupdate ?
I have nothing found in the handbook, either in the Updating nor in the Jails chapter.

The jail has no /usr/src/..., so I think I should do it on the host.
But what happens with the ../current and the /old folder from /var/db/etcupdate ? Will they get overwrite?

Could this working?
etcupdate -B -D /usr/local/jails/jail1/etc -d /var/db/etcupdate-jail1

This is my first upgrade for the jails. Should I do first a etcupdate bootstrap for the jails?
Must I create /var/db/etcupdate-jail1/current/...old files from jail1... ?

 

[Emrion]

You must provide the path of the sources with the -s option (in your case the default is ok if jails have the same FreeBSD version than the host). You do not need to create any dir, I think.

Why don't you use each jail for the working dir? I mean -d /usr/local/jails/jail1/var/db/etcupdate

For my jails, I use jexec but they have access to their sources on /usr/src (a nullfs mount, in fact).

On each jail, I run:

etcupdate diff
etcupdate
etcupdate resolve

 

[HL1234]

Why don't you use each jail for the working dir? I mean -d /usr/local/jails/jail1/var/db/etcupdate

In the jails there is no var/db/etcupdate.
My jails have no access to the sources on /usr/src

So my question keeps unanswered.

 

[Emrion]

So my question keeps unanswered.

Hem...

Well, if you have /var/db in your jails, etcupdate will create /var/db/etcupdate. But, you need first to run an etcupdate extract for each jail before to proceed. This creates the current tree it needs.

Edit: I don't know if it will work because the config files of your jails come from a precedent version. Here you create the tree for the host version... Maybe a better procedure is to download the sources of this precedent version somewhere and etcupdate extract your jails with that thanks to the -s option, then etcupdate your jails with the sources of your host.

 

[furaisanjin]

In the jails there is no var/db/etcupdate.
My jails have no access to the sources on /usr/src

So my question keeps unanswered.

You should create tarball by

etcupdate build files.tar.bz2

on host machine. And then copy files.tar.bz2 into the jail and

etcupdate -t /path/files.tar.bz2

on the jail.

 

[HL1234]

What have I done until now:

% cd /var/db
% cpdup -d -I etcupdate etcupdate-jail1 ............. #cpdup is from ports - mirror filesystems
# I delete all files and subdirectory content in current and old, etc... in /var/db/etcupdate-jail1

# Fetching the FreeBSD 13.1 - my last before 14.0
% cd /usr
% mkdir src-13_1
% cd src-13_1
% git clone --branch releng/13.1 --depth 1 https://git.FreeBSD.org/src.git /usr/src-13_1

# Then I do Bootstrapping with this command
% etcupdate extract -d /var/db/etcupdate-jail1 -s /usr/src-13_1

# that has worked
# save it
% cpdup -d -I etcupdate-jail1 etcupdate-jail1-240229

Explantation:
I have a Thin Jail construction, i.e
/usr/local/jails/jail-server/ # with the FreeBSD OS but without "etc root tmp usr/local var"
/usr/local/jails/jail-skelection/ # with etc root tmp usr/local var
/usr/local/jails/jail1/ # empty

jail-server and jail-skelection will mounted nullfs in jail1 when the jail starts. For Updates all mounted "rw"
That is configuriged in /etc/jail.conf and /etc/fstab.jail1

I started the jail1.
/usr/local/jails/jail1/ has now all the files.

And then I do:
% etcupdate -B -D /usr/local/jails/jail1/etc -d /var/db/etcupdate-jail1
............ -B ............... - Do not build generated files in a private object tree.
............ -D -destdir - Specify an alternate destination directory
.................................... The default destination directory is an empty string which results
.................................... in merges updating /etc on the local machine.
............ -d -workdir - Specify an alternate directory... then "<destdir>/var/db/etcupdate"

# it does something...
# now in ../etcupdate-jail1/old are the files from ../etcupdate-jail1/current
# in /etcupdate-jail1/current are the new tree build from /usr/src (the default source)

But catastrophe!
After stoping the jail. In /usr/local/jails/jail-skelection/etc are mostly not new files, especially I can see this in
/usr/local/jails/jail-skelection/etc/rc.d - nothing changed here ???
And there are /jail-skelection/etc/etc with a rc.d directory and 6 new files, and so on...

Conclusion: etcupdate can not work with that jail construct - or what have I done wrong?

 

[Emrion]

Well... It's deeply inspired by the handbook, isn't it? As I already said to some people, it's complex and I don't see how this can work, especially for upgrade. Each jail should have its own /etc and such. Among other things, they must also have their own etcupdate tree.

I used ezjail for long but major upgrades wasn't designed and minor ones were a pain. So, I wrote my own framework with these ideas: thin jail and updates / upgrades must be flawless.

In conclusion, I can't help you more on this jail construct.

 

[HL1234]

... see above

I started the jail1.
/usr/local/jails/jail1/ has now all the files.

And then I do:
% etcupdate -B -D /usr/local/jails/jail1/etc -d /var/db/etcupdate-jail1
............ -B ............... - Do not build generated files in a private object tree.
............ -D -destdir - Specify an alternate destination directory
.................................... The default destination directory is an empty string which results
.................................... in merges updating /etc on the local machine.
............ -d -workdir - Specify an alternate directory... then "<destdir>/var/db/etcupdate"
..
Conclusion: etcupdate can not work with that jail construct - or what have I done wrong?

I found what has going wrong. It depend with the man description from etcupdate(). The description is misleading.

-D -destdir - The default destination directory is an empty string which results in merges updating /etc on the local machine.

The default destination directory is not /etc but only / .

I started the jail1.
/usr/local/jails/jail1/ has now all the files.
% etcupdate -B -D /usr/local/jails/jail1/ -d /var/db/etcupdate-jail1

worked.
I found this via google in https://man.netbsd.org/NetBSD-9.3/etcupdate.8

 

[Emrion]

I see... Glad you solved this problem, but... Warnings: the page you pointed out is a NetBSD page, not a FreeBSD one. You have the same here: etcupdate(8). And also, I won't keep the jail system you have.

Having the ectupdate tree at a non-standard place isn't a good idea. It's something that may bite you later.

 

[ShelLuser]

Disclaimer: I'm well aware that this thread is a year old, but I still wanted to re-visit it because I can't help but notice a lot of confusion happening above. Especially about what etcupdate actually does... but having said that: some things could have changed during the past year (and I'm too lazy to check Git's backlog ).

Having that out of the way => First you need to ask yourself if you really need etcupdate, because it all depends on how you're updating your jail. If you rely on freebsd-update (as suggested by the handbook) then there's no need because that process also maintains your configuration files.

But if you're building from source.. then this is probably something to consider doing. Keep in mind though that there's a difference between building from inside the jail, or using the source tree from or on your host. In the first situation you can simply follow the given steps as suggested by /usr/src/Makefile and rely on the automated ("Default") mode.

In my example I've got the source tree on the host, and I'm about to use the installworld build target to update my jail, this jail is located in /opt/jails/gamma.

Step 1

First thing we need is to get ourselves a current tree which etcupdate will be able to compare against. Keep in mind: the current tree is extracted from the source tree (or ... a tarball that was created using the source tree) after which etcupdate is going to compare the local files against this generated tree.

My point being: all etcupdate needs is access to the local files as well as the (current) tree to work against. No more, no less. You can clearly see this if you check the SYNOPSIS section in etcupdate(8).

So => # etcupdate extract -D /opt/jails/gamma.

The result should be /opt/jails/gamma/var/db/etcupdate/current as well as a logfile.

Step 2

Perform the actual update. In my case: # make DESTDIR=/opt/jails/gamma installworld.

Step 3

We could rely on the Default ("auto") mode from here on out, but within the context of having manually build the jail (and assumingly also customized it) this step seems very counter productive to me. Let's keep control over the situation.

So => # etcupdate diff -D /opt/jails/gamma.

Followed by verifying the current situation: # etcupdate status -D /opt/jails/gamma.

With a casual phat ("thick") jail that hasn't been heavily customized I'm expecting everything to be handled fully automagically, in other words I think status won't give you any feedback. Remember the Unix philosophy: no news = good news!

Step 4

Now it's time to clean up our mess, assuming of course that you changed stuff and our system needs a little culling => # /usr/bin/yes | make DESTDIR=/opt/jails/gamma delete-old, optionally followed by the delete-old-libs build target.

And that's all she wrote:

root@bsd:/usr/src # mount | grep jails
zroot/opt/jails on /opt/jails (zfs, local, nosuid, nfsv4acls)
zroot/opt/jails/gamma on /opt/jails/gamma (zfs, local, nosuid, nfsv4acls)
zroot/opt/jails/psi on /opt/jails/psi (zfs, local, nosuid, nfsv4acls)
root@bsd:/usr/src # etcupdate status
Warnings:
  Modified regular file remains: /etc/aliases
  Modified regular file remains: /etc/mail/sendmail.cf
  Modified regular file remains: /etc/mail/submit.cf
  Non-empty directory remains: /etc/mail
root@bsd:/usr/src # etcupdate status -D /opt/jails/gamma/
root@bsd:/usr/src #

(guess who recently trashed the MTA/MDA's ("WITHOUT_MAIL=") in his base system? ).

And there ya have it, the only 3.5 steps you need to sort everything out.