Maintenance

Security Patches

It’s crucial to reguraly install new security patches for the system. FreeBSD offers a simple process for patching the system.

freebsd-update fetch
# fetch will look for new patches and if such exist, download them to the host

freebsd-update install
# install will apply all patches which have been downloaded

If anything does wrong during the installation or things stop working, one can undo the latest patches with

freebsd-update rollback

Upgrading the System

Make sure to fetch and install any security patches before attempting a system upgrade.

Note

It is usually fine to run a FreeBSD Version which isn’t the latest and greatest as long as it is supported, runs everything you need and you apply security patches regularly for the OS and the Applications.

Host System

If a new Minor or Major FreeBSD Version has been released, on can upgrade the system through freebsd-update by specifiying the release and the upgrade command.

# Upgrade to system to version 14.3
freebsd-update -r 14.3-RELEASE upgrade

Follow the instructions of the update tool. All changes/merging/etc will be done in a separate directory. Once all steps have run, the new configuration can be applied with

freebsd-update install

Afterwards, the system should be rebooted.

Jails

Bastille offers various helpers to update and upgrade our jails. The process differs, if jails should be updated but keep their version, if they should be upgraded to a new minor version or a new major version.

Note

While it is possible to run different jails on different freebsd versions (as long as they are the same or older than the host system), we do not recomment it since maintenance can become complex fast.

Updating a Release

Since our jails mount the base system from a single zfs pool, we can simply update the base system. If your current release is 14.2-RELEASE, the command would be as follows:

bastille update 14.2-RELEASE

Upgrading to a new minor version

To keep with the example, if we want to upgrade all our jails to 14.3-RELEASE, we would use the followng process

Note

Always upgrade the host system first, before upgrading jails since they cannot be on a newer version than the host system.

# Fetch the new release
bastille bootstrap 14.3-RELEASE

# Apply the new release to all jails
bastille upgrade ALL 14.3-RELEASE update

# Restart all jails
bastille restart ALL

# Finish the update on all jails
bastille upgrade ALL 14.3-RELEASE update

All jails are now upgraded to 14.3-RELEASE

Upgrading to a new major version

Follow the following process to upgrade to a new major version. E.g. from 14.3-RELEASE to 15.0-RELEASE

# Fetch the new release
bastille bootstrap 15.0-RELEASE

# Update the newly fetched release
bastille update 15.0-RELEASE

# Stop all jails (any jails to be updated need to be stopped)
bastille stop ALL

# Change the mountpoint of all jails to the new base system, effectively upgrading them
bastille upgrade ALL 15.0-RELEASE

# Fetch the content of /etc for the new release
bastille etcupdate bootstrap 15.0-RELEASE

# Upgrade the contents of /etc for all jails
bastille etcupdate ALL update 15.0-RELEASE

# Resolve merge conflicts
bastille etcupdate ALL resolve

# Start all jails again
bastille start ALL

# Force the reinstallation of packages due to ABI changes
bastille pkg ALL upgrade -f

And now all our jails are running 15.0-RELEASE

Applications

Verify Backups

Introduction Troubleshooting