-
Notifications
You must be signed in to change notification settings - Fork 16
Updating
The procedure to update a service jail is to provision a new one. The procedures for how to do so are:
After a FreeBSD security release, the base jail needs to get updated and a new snapshot with the patches applied is created. After this step, all future provision operations will be based off the newly updated base snapshot.
sudo sh
fetch https://raw.githubusercontent.com/msimerson/Mail-Toaster-6/master/mail-toaster.sh
. mail-toaster.sh
provision host
provision baseThen provision anew any jails affected by the security updates.
-
provision hostneeds the jails to be stopped (service jail stop) - it's often safe to skip
provision host, see Changes - See also jailmanage
Provision anew any jails affected by the security updates.
MySQL was optional prior to 2021. When a toaster was built without it, vpopmail used the CDB backend. Dovecot has since dropped support for vpopmail authentication. The workaround is using dovecot's SQL passdb driver. That requires vpopmail to be converted to the MySQL backend. Vpopmail includes the vconvert utility to do the migration. See #481 regarding domain aliases.
# zfs snapshot zroot/data/mysql@2023-09-27
# zfs snapshot zroot/jails/mysql@2023-09-27
# jexec mysql
# mysql_upgrade
# mysqlcheck --all-databases --check-upgrade
# mysqldump --all-databases --triggers --routines --events --master-data > /data/all.sql
# service mysql-server stop
# pkg install -y mysql80-server
# service mysql-server start
If all has gone well, you'll have MySQL 8.0 running.
Prior to Oct 2023, /data/mysql filesystem was the mysql database directory, mounted within the mysql jail at /var/db/mysql. This prevented the ability to also store other jail metadata, such as etc (config) files on the persistent data filesystem. To resolve this, the MySQL DB files need to be moved into a subdirectory. This must be done while MySQL is not running. The lightly tested process I've used looks like this:
# zfs snapshot zroot/data/mysql@2023-09-27
# zfs snapshot zroot/jails/mysql@2023-09-27
# service jail stop mysql
# cd /data/mysql
# mkdir db
# mv * db/
# vim /etc/jail.conf (update the data mount origin from `/data/mysql` to `/data/mysql/db`)
# service jail start mysql
Test and assure the MySQL service is working correctly. After confirmation, delete the two ZFS snapshots.
- if 'dns' jail was provisioned before 11 Dec 2016, the data volume MUST be added to /etc/jail.conf.
- config directory moved from /usr/local/haraka to /data
- config directory moved to /data/dovecot/etc
- in 2021, vpopmail auth support was removed. This requires manually updating your dovecot config to switch to the SQL based authentication. Reference your locally installed files against the updated ones in the dovecot provisioning script.
- older versions (pre 5.4.1 MT6 update) preserved clamav-unofficial-sigs.conf. That file no longer exists.
- newer versions instead have a user.conf file which is preserved now.
- so, manually copy local changes from clamav-unofficial-sigs.conf to user.conf
As of 2016-12-09, the webmail jail no longer has squirrelmail and roundcube installed within. Once webmail has been rebuilt, squirrelmail and roundcube will be broken until you build those new jails and rebuild the haproxy jail with the new config sections.
- haproxy rules need updating (rebuild haproxy)
- if squirrelmail had sqlite (default) storage, move data from webmail to squirrelmail data volume
mv /data/webmail/squirrelmail/* /data/squirrelmail/
- if roundcube had sqlite storage, move data from webmail to roundcube data volume
mv /data/webmail/roundcube/sqlite.db /data/roundcube/
- if roundcube or squirrelmail used mysql, their mysql perms need updating (see #221)
- the CLI commands are untested and approximations (based on memory) of what need to be done.
There is no courier-imap support in MT6. If you haven't yet converted to Dovecot, now is the time. Have a look at Migrating to Dovecot on the old wiki and issue #201