# updating packages in iocage jails



## brunoschwartz (Nov 1, 2016)

Hello All,

I have a newbie question.
What is the best way to check for update for packages installed in iocage jails but not on the host?

Is it necessary to run freebsd-update cronjob within the jail to see whether there are any updates available and then do iocage update xxx from the host?

Or is there a way to do it as a part of host update cron job?

Best wishes

T
PS: I looked long and hard but the iocage documentation is very sparse


----------



## Oko (Nov 2, 2016)

iocage documentation is excellent. There is a whole section on updating jails

http://iocage.readthedocs.io/en/latest/advanced-use.html

One can take a clue and see that would be the best practice for upgrading all packages.


First option, take a snapshot of a jail. Then `iocage console` to the jail and use your favorite tool to upgrade all packages. If something is broken just role back.
If you can effort zero down time clone the jail. `iocage console` to the clone. Upgrade all packages with your favorite tool. It nothing is broken promote the clone to the master and trash the original master.


----------



## brunoschwartz (Nov 2, 2016)

Thanks for that Oko.
I did the option 2 from your outline.

My question was related to checking whether there are any updates for the particular jail. Can it be done from the host system? Or does it need freebsd-update cron running within jail only to receive as many emails as the amount of jails one has?

Best regards,

T


----------



## Oko (Nov 2, 2016)

brunoschwartz said:


> Thanks for that Oko.
> I did the option 2 from your outline.
> 
> My question was related to checking whether there are any updates for the particular jail. Can it be done from the host system? Or does it need freebsd-update cron running within jail only to receive as many emails as the amount of jails one has?
> ...


You upgrade jail itself from the host machine per iocage documentation. I am not sure that you can upgrade hand installed packages inside the jail from the host machine. It would be worth trying `iocage updage TAG` with an obsolete package and see if it get update. Note that in my experience package slightly lag behind the port which is typically not problem for me. They are also usually compiled with very conservative options which is OK for my needs.


----------

