Update: I have suggested a minor improvement to this setup.  Read More…

For some time now I’ve been maintaining about a dozen FreeBSD jails, each running a different set of services. Everything from email to BIND, DHCP to nagios. One of the difficulties of trying to maintain so many servers has been tracking and applying updates, particularly servers that use the ports system which is updated so frequently.

The solution that I’ve come up with is to use portmaster inside a weekly cron job to notify me of available updates on each machine. This requires a slightly different cron job on the host system that within the jails. Here is an example of what I’m running within each:

#!/usr/local/bin/bash

/usr/sbin/portsnap cron

/usr/local/bin/ezjail-admin update -P

/usr/local/sbin/portmaster -L | egrep -B1 ‘(ew|ort) version|Aborting|installed|dependencies|IGNORE|marked|reason:|MOVED’ | grep -v ‘^–‘ | mail -s “Portmaster Weekly Check for $(hostname)” [email protected]

<br /> #!/usr/local/bin/bash

/usr/local/sbin/portmaster -L | egrep -B1 ‘(ew|ort) version|Aborting|installed|dependencies|IGNORE|marked|reason:|MOVED’ | grep -v ‘^–‘ | mail -s “Portmaster Weekly Check for $(hostname)” [email protected]

As you can probably tell, the only major difference between the two is that the cron job as run on the host system also updates the ports tree prior to checking for updates. The cron job within the jail system simply runs the check.

I save these two scripts inside /etc/periodic/weekly/999.portmaster and make them executable.  From that point on I’m notified via email regarding updates available to my installed ports.

I’d be interested in hearing what solutions others have come up with for monitoring and maintaining ports updates from so many FreeBSD servers.