clawdie/layered-soul
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

skill(freebsd): add .pkgnew merge, service health check, pkg autoremove

Browse source 
Three additions from pre-merge review:

1. .pkgnew config merge — pkgbase drops updated configs as /etc/*.pkgnew.
   Find and merge them before rebooting so the 15.1 system boots with its
   own configs, not 15.0-era ones.

2. Service health check — post-reboot verification now includes explicit
   checks: colibri_daemon, postgresql, tailscaled, bastille jails, pfctl.
   Version numbers matching is not enough — services must be running.

3. pkg autoremove — clean up orphaned packages the upgrade leaves behind.
   Dry-run first, then remove.
This commit is contained in:
Sam & Claude 2026-06-25 13:10:41 +02:00
parent 245e25200f
commit 09632c16e7
1 changed files with 25 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
skills/freebsd-os-upgrade/SKILL.md
View file

@ -118,17 +118,40 @@ pkg update -f && pkg upgrade # ports packages (separate from base here)
- **freebsd-update**: `freebsd-update -r <target> upgrade` then - **freebsd-update**: `freebsd-update -r <target> upgrade` then
`freebsd-update install`. `freebsd-update install`.
Either way the new kernel is staged; the system runs the old one until reboot. Either way the new kernel is staged; the system runs the old one until reboot.
**After the upgrade, before rebooting** — pkgbase drops updated config files
as `/etc/*.pkgnew`. Find and merge them now so the 15.1 system boots with
its own configs, not 15.0-era ones:
```sh
find /etc -name '*.pkgnew' -type f
# For each relevant file: diff old new, then mv .pkgnew over the original
```
4. **Confirm a reboot is needed**: `freebsd-version -k` newer than `uname -r` 4. **Confirm a reboot is needed**: `freebsd-version -k` newer than `uname -r`
means staged-not-active. State that plainly and **reboot only on explicit means staged-not-active. State that plainly and **reboot only on explicit
operator go-ahead** — never reboot the always-on board host autonomously. operator go-ahead** — never reboot the always-on board host autonomously.
5. **After reboot**: on freebsd-update hosts, run `freebsd-update install` again 5. **After reboot**: on freebsd-update hosts, run `freebsd-update install` again
to finish userland. Then the *Post-reboot verification* block — `-k`/`-u`/ to finish userland. Then the *Post-reboot verification* block — `-k`/`-u`/
`uname -r` must all match, and the app-readiness checks (Clawdie control `uname -r` must all match. Verify services came up on the new kernel:
plane, Forgejo, jails, PF, Tailscale) must pass.
```sh
service colibri_daemon status
service postgresql status
service tailscaled status
bastille list # jails running
pfctl -s info # firewall active
```
6. **Packages**: same-major ABI (`FreeBSD:15:amd64`) is unchanged, so this is a 6. **Packages**: same-major ABI (`FreeBSD:15:amd64`) is unchanged, so this is a
freshness refresh, not a rebuild — pkgbase already covered it in step 3; freshness refresh, not a rebuild — pkgbase already covered it in step 3;
freebsd-update hosts do `pkg update -f && pkg upgrade`. A same-major freebsd-update hosts do `pkg update -f && pkg upgrade`. A same-major
PostgreSQL bump needs no dump/restore (restart/reboot to load new binaries). PostgreSQL bump needs no dump/restore (restart/reboot to load new binaries).
After the package refresh, clean up orphans the upgrade left behind:
```sh
pkg autoremove -n # preview
pkg autoremove # remove orphaned packages
```
7. **Upgrade the jails** — the host upgrade does NOT touch them. Do this after 7. **Upgrade the jails** — the host upgrade does NOT touch them. Do this after
the host is on the new kernel. See *Jails* below. the host is on the new kernel. See *Jails* below.
8. **Re-register with mother** — the node's OS version changed. Re-run the 8. **Re-register with mother** — the node's OS version changed. Re-run the