Zelut’s Blog
msgbartop
msgbarbottom

06 Mar 09 Update: Weekly Update Reporting Via Portmaster

Not so long ago I wrote about how you can configure FreeBSD to email you regarding available updates on a weekly basis.  This is something that I have had in place for a while now, and I really enjoy the ability to keep things on the patched (read: bleeding) edge.  Recently I found a small issue with the setup I had been using.  I wanted to share the fix with anyone that may have been doing the same thing.

First of all, let me tell you about the issue I came across.

When I would recieve an email regarding available updates I would connect to the FreeBSD Jail and use portmaster -a -d to apply all available updates.  I noticed that the number of updates applied did not match the number of updates listed in the email.  Odd.  Well, after thinking about it for a bit I realized what the problem was.

The cron job (as seen in the previous post) was running at the same time on the FreeBSD host as well as the FreeBSD Jail.  Why is that a problem, you ask?  Remember the slight variation in the host cronjob verses the jail.  The host system is pulling down the updated ports tree before it compares and emails any available updates.  The problem is introduced because the jails start doing their comparison and email reporting right away, while the host system is fetching and applying the updated tree.  Oops!  The ports tree update isn’t finished fast enough for the jails to actually have the new information.

The solution I came up with is a very simple one.  Simply update the cron daily run time on the host to give it an adequate headstart from the jails.  On my systems the /etc/crontab files now look like this:

HOST:
# Perform daily/weekly/monthly maintenance.
1   2   *   *   *   root    periodic daily
15  4   *   *   6   root    periodic weekly
30  5   1   *   *   root    periodic monthly

JAIL:
# Perform daily/weekly/monthly maintenance.
1   3   *   *   *   root    periodic daily
15  4   *   *   6   root    periodic weekly
30  5   1   *   *   root    periodic monthly

If you didn’t notice the change look closer. It’s a very small fix. The “periodic daily” row on the host is now set to run at 2:00am while the same field is set to 3:00am on the jail. I’m sure that is more than enough time for the host to update the ports tree before the jails start to do their reporting.

In conclusion, if you’re using a similar reporting system you’ll likely want to apply this small change as well.  Giving the host system enough time to update the ports tree will be critical in getting updated, accurate information within the jail systems.

Tags: , , , ,

Filed in FreeBSD with 1 Comment

21 Feb 09 Weekly Update Notifications via Portmaster

Update: I have suggested a minor improvement to this setup.  Read More

For some time now I’ve been maintaining about a dozen FreeBSD jails, each running a different set of services. Everything from email to BIND, DHCP to nagios. One of the difficulties of trying to maintain so many servers has been tracking and applying updates, particularly servers that use the ports system which is updated so frequently.

The solution that I’ve come up with is to use portmaster inside a weekly cron job to notify me of available updates on each machine. This requires a slightly different cron job on the host system that within the jails. Here is an example of what I’m running within each:

#!/usr/local/bin/bash

/usr/sbin/portsnap cron
/usr/local/bin/ezjail-admin update -P

/usr/local/sbin/portmaster -L | egrep -B1 ‘(ew|ort) version|Aborting|installed|dependencies|IGNORE|marked|reason:|MOVED’ | grep -v ‘^–’ | mail -s “Portmaster Weekly Check for $(hostname)” admin@domain.tld


#!/usr/local/bin/bash

/usr/local/sbin/portmaster -L | egrep -B1 ‘(ew|ort) version|Aborting|installed|dependencies|IGNORE|marked|reason:|MOVED’ | grep -v ‘^–’ | mail -s “Portmaster Weekly Check for $(hostname)” admin@domain.tld

As you can probably tell, the only major difference between the two is that the cron job as run on the host system also updates the ports tree prior to checking for updates. The cron job within the jail system simply runs the check.

I save these two scripts inside /etc/periodic/weekly/999.portmaster and make them executable.  From that point on I’m notified via email regarding updates available to my installed ports.

I’d be interested in hearing what solutions others have come up with for monitoring and maintaining ports updates from so many FreeBSD servers.

Tags: , , ,

Filed in FreeBSD with 1 Comment
sidebartop

Rules of System Administration:

  • A Good Admin is a Lazy Admin
  • Use Your Powers for Good
sidebarbottom
sidebartop

Tags

Apple Arch beastie bind boot boot menu build-depends CDBS chromium chroot cron D630 D680 dban dell d630 eeepc encrpytion firefox 3 FreeBSD freebsd 7.0 goals Interweb ipw3945 jail jails lighttpd lintian localsettings.php man page mysql openbox origami OS X pbuilder portmaster ports pxe repository RPM security slim snd_hda sound source package wordpress
sidebarbottom
sidebartop

Blogroll

sidebarbottom
sidebartop

RSS Ubuntu Tutorials Feed

sidebarbottom
sidebartop

Spam Blocked

sidebarbottom
© Zelut’s Blog / Hosting Provided by: Linux Web Hosting Server