Upgrading a jail by replacing it

Leave a Comment / FreeBSD, FreshPorts, Jails, Open Source, ZFS / By /

This new post replaces one on another blog: https://news.freshports.org/2025/09/13/updating-a-jail-by-replacing-it-1-0-1/

I’m placing it over here because:

  1. I’m changing how I do it
  2. I couldn’t find it when I went searching – I was only looking here

In this post:

  • Old jail – FreeBSD 14.3
  • Host has been updated to 15.0
  • That old jail is in a jail already updated to 15.0
  • mkjail-0.0.8

The problem

FreshPorts has three mail jails on each node:

  1. ingress01 – puts stuff into the database
  2. nginx01 – pulls stuff from the database and puts it on the webpage
  3. pg01 – the PostgreSQL database

ingress01 contains another jail, freshports – It is mainly used for isolation and a clean room in which make -V can be run to extract data from the ports tree.

It is this jail which I need to upgrade.

Creating the new jail

Most of this is written for me, and I hope others can also find it useful.

In the ingress01 jail, stop the stuff:

[18:14 r720-02-ingress01 dvl ~] % sudo service freshports stop
Stopping freshports.
Waiting for PIDS: 13329.
[18:14 r720-02-ingress01 dvl ~] % sudo service ingress stop   
Stopping ingress.
Waiting for PIDS: 13367.
[18:14 r720-02-ingress01 dvl ~] % sudo service jail stop                       
Stopping jails: freshports.

These are the two main datasets in question:

[18:17 r720-02 dvl ~] % zfs list | grep /jails/ingress01/jails
data01/freshports/ingress01/jails                                         464M   823G    96K  /jails/ingress01/jails
data01/freshports/ingress01/jails/freshports                              464M   823G   460M  /jails/ingress01/jails/freshports
data01/freshports/ingress01/ports                                        4.91G   823G  2.66G  /jails/ingress01/jails/freshports/usr/ports
[18:14 r720-02 dvl ~] %

I unmount that last dataset, which is mounted inside the second dataset, so I can work on the second:

[18:27 r720-02 dvl ~] % sudo zfs umount data01/freshports/ingress01/ports
[18:27 r720-02 dvl ~] %

Next, I create the new jail, at the host level, not the ingress01 level:

[18:17 r720-02 dvl ~] % sudo mkjail create -v 15.0-RELEASE -j freshports -a amd64
Creating data01/jails/freshports...
Extracting base into /jails/freshports...
Extracting lib32 into /jails/freshports...
Copying in default flavor...
Updating freshports jail...

src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 15.0-RELEASE from update1.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
...
/usr/share/man/man8/devinfo.8.gz
Installing updates... done.

Now put something like the following in /etc/jail.conf:

exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown jail";
exec.clean;
mount.devfs;
path = /jails/$name;
securelevel = 2;

freshports {
    host.hostname = "freshports";
    ip4.addr = 173.228.145.170;
    ip6.addr = 2610:1c0:2000:11:c94e:eea5:e1da:c49b;
    persist;
}

and then you can start the jail like so:

# service jail start freshports

[18:20 r720-02 dvl ~] %

Those are the actual IP addresses output by mkjail.

Renaming old and new

First, I rename the old jail:

[18:27 r720-02 dvl ~] % sudo zfs rename data01/freshports/ingress01/jails/freshports data01/freshports/ingress01/jails/freshports.14.3

Then the new dataset takes its place:

[18:28 r720-02 dvl ~] % sudo zfs rename data01/jails/freshports data01/freshports/ingress01/jails/freshports

Mount that ports tree:

[18:28 r720-02 dvl ~] % sudo zfs mount data01/freshports/ingress01/ports                                   
[18:29 r720-02 dvl ~] %

Copy in the scripts

Going back to https://news.freshports.org/2025/09/13/updating-a-jail-by-replacing-it-1-0-1/ I do this in the ingress01 jail:

[18:14 r720-02-ingress01 dvl ~] % cd /usr/local/libexec/freshports/Jail
[18:33 r720-02-ingress01 dvl /usr/local/libexec/freshports/Jail] % sudo ./copy-scripts-into-jail.sh /jails/freshports
This entry is required in scripts/config.sh:
FRESHPORTS_JAIL_BASE_DIR="/jails/freshports"
This entry is required in /usr/local/etc/freshports/config.pm
$FreshPorts::Config::JailBaseDir = ${JAILBASE}
[18:33 r720-02-ingress01 dvl /usr/local/libexec/freshports/Jail] % sudo cp /jails/freshports/vars.sh.sample /jails/freshports/vars.sh
[18:33 r720-02-ingress01 dvl /usr/local/libexec/freshports/Jail] % diff -ruN /jails/freshports/vars.sh /jails/freshports.14.3/vars.sh
[18:34 r720-02-ingress01 dvl /usr/local/libexec/freshports/Jail] %

That one file needs to be copied manually. The diff confirms it has the same values as before.

Start everything back up

The jail gets started before the freshports service because the service requires the jail.

[18:34 r720-02-ingress01 dvl /usr/local/libexec/freshports/Jail] % sudo service ingress start                                        
Starting ingress.
[18:35 r720-02-ingress01 dvl /usr/local/libexec/freshports/Jail] % sudo service jail start   
Starting jails: freshports.
[18:35 r720-02-ingress01 dvl /usr/local/libexec/freshports/Jail] % sudo service freshports start
Starting freshports.

Done. Thank you for coming to my TED talk.

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

Related Posts

Leave a Comment

Scroll to Top