FreeBSD has an awesome support document library called the FreeBSD Handbook. There's so much there, it can be overwhelming. Here, I'll attempt to simplify and document how I've kept my FreeBSD servers and jails updated.
Preface:
One of my servers runs a custom kernel to allow for multiple FIBs. In short, a FIB is a routing table. Out of the box, you have a single FIB on your system, and it will contain a single default route:
# netstat -r
Destination Gateway Flags Netif Expire
default 192.168.0.1 UGS ix0
In my use case, I attach jails to a myriad of FIBs (bound to different VLANs) to perform filtering on a pfSense firewall (different physical host). Think of it as the common "router on a stick".
With this requirement, I cannot use the traditional freebsd-update fetch install
commands as kernel updates would overwrite my custom kernel. Instead, I have to download the source code, compile and install.
- Download the source code:
or switch to a new version:svnlite co https://svn.freebsd.org/base/releng/11.2 /usr/src
cd /usr/src/ svnlite switch https://svn.freebsd.org/base/releng/11.2
- Make sure your custom kernel config file exists. If not, relink:
cd /usr/src/sys/amd64/conf ln -s /root/kernels/ROUTING .
- For userland updates, make (with a 10 core Xeon, I use
-j20
):cd /usr/src make -j20 buildworld
- For kernel updates, make, install, and reboot:
Before moving on to step 5, you might want to run mergemaster to introduce required changes to your system:make -j20 buildkernel KERNCONF=ROUTING make installkernel KERNCONF=ROUTING reboot
mergemaster -m /usr/src/ -p
- For userland updates, install, reboot:
cd /usr/src make installworld reboot
- Merge config files - This updates
.conf
files with the updated ones from source. This is a tedious task but using the search feature in your editor, you can search for <<< or >>> to find the differences in long files.
mergemaster -Ui
- Upgrade all packages
pkg upgrade -F
- Clean up
make check-old make delete-old make check-old-libs make delete-old-libs