Celebrazio Net



Contact Us

Timely Maintenance of your Gentoo Linux Virtual Machine

Gentoo provides a lot of great help and documentation online. However, I haven't seen much on the topic of LXC guest maintenance. This is an attempt to build the body of knowledge about maintaining the Gentoo system as an LXC guest. My Gentoo is used only as a server and development machine, which keeps it simple: no Xorg, QT, or heavy to compile graphic applications. And since it's on LXC, no kernel to compile either.

Objectives of the maintenance

  • (optional) Review USE flags and CFLAGS, other emerge settings.
  • Upgrade some software applications in eselect modules
  • Remove obsolete packages.
  • (occasionally) Emerge everything with the new toolchain, and USE config (if changing).
  • Fine-tune the maintenance procedure a little. Old maint. procedure can be viewed here: Celebrazio Gentoo Maintenance

Local References:

Preparation

Any configuration items need changing?

 user@system% su - root
        # important to give us the right ENV variables
 root@system# cat /etc/portage/make.conf
 root@system# cat /etc/portage/package.mask
 root@system# cat /etc/portage/package.accept_keywords
 root@system# ls  /etc/portage/package.use
 root@system# emerge -pv world 
 root@system# emerge --info 
 root@system# equery --help
 root@system# equery u packagename
        # gives USE flags of that packagename
 root@system# qlist -I linux-headers
        # very good tool for listing packages. 
 root@system# less /var/db/repos/gentoo/profiles/use.desc

The first 3 lines here are to read and check over the masked packages or any other special keywords settings. If these were set up for a reason a few months ago, maybe that reason has since disappeared. Check out the Gentoo Packages handy site to learn whether a package at the version level you want is stable (x86) or not (~x86) now. This site also has an excellent USE flags reference. And check dependencies and reverse dependencies if you want. Equery is also useful to learn about the packages. Emerge --info gives the USE settings, among other things.

In the "emerge -pv world" line above, we are mainly trying to check whether there are any blocking issues. If you get blocking issues now, then you'll need to resolve them before trying to emerge world. Search the forums for your specific blocking issue. There are various possibilities for fixing the issue: sometimes just unmerge something you don't want, other times use a package.mask or package.keywords
Package.mask might look like this:

>sys-devel/gcc-3.4.3.20050110-r2
>sys-apps/groff-1.19.1-r2

It is a good time now, before any time has been spent, to verify that USE settings are as wanted. If you are upgrading PHP or Apache, maybe the USE settings have changed. Here is one way to keep your USE values tidy after modification: quickly re-organize them alphabetically, then just paste back to the file /etc/make.conf. If you do this script, leave whitespace around the quote marks that surround all the flags.

root@system# cat /etc/make.conf | grep "USE=" | grep -v "^#" | awk '{ for (
i = (NF -1); i >= 2; i-- )  print $i}' | sort | xargs echo

If the emerge -pv world output looks like some risks will be involved, or if it's been a while since you last made a backup, it might be a good idea to make a backup of the LXC guest.

root@system# lxc-stop -n Guest_Gentoo
root@system# lxc-copy -n Guest_Gentoo -N Guest2_Gentoo
 [ now my backup is Guest2_Gentoo ]

If things go south, revert back to lxc guest [Guest2_Gentoo] and attempt the emerge maintenance later, with more preparation.

Profile Upgrade

First Reference: Gentoo wiki, Upgrading
According to this guide, it's pretty easy to change profiles. So it can be done like this, using eselect:

 root@system# eselect profile list
 root@system# eselect profile set <item>
[follow the guide and change the item value in the 2nd line to fit your gentoo]
[next it is a good time to] 
 root@system# emerge --sync

There is no 'emerge sync' again until the very end, so try to do this step at the beginning of your maintenance window. Try to do this sync closely followed by the next build steps -- to ensure freshness. Next, check on any blocking issues that you found above. If you still have any blocking issues at 'emerge -uvDNp system', they will need to be cleared now.

Toolchain Build

It is good to write all the names to a file, in the order in which they will be emerged. It sometimes happens that your emerge command does not complete through the entire list. It may get snagged on a single package. Normally, you would have to re-issue the whole "emerge system" command -- all the packages. But this way, you won't need to repeat from the start. Just edit your input list and continue where the "emerge" command left off. Here, I captured the package list from 'emerge -puvDN system' and formatted it into this format [=dev-libs/openssl-1.2], one per line. Then, it can be passed in to emerge easily. The steps:

 
 root@system# emerge -uvDNp system | tee  /my/inputfilename.txt
 root@system# cat /my/inputfilename.txt | perl -nle '$_ =~ s/^\[ebuild........\] /=/; print ;' >
    /my/inputfilename2.txt
 root@system# cat /my/inputfilename2.txt | awk '{ print $1 }' > /my/inputfilename3.txt
 root@system# emerge -uvDNa `cat /my/inputfilename3.txt`

This is the equivalent of 'emerge -uvDN system' but simplified a bit (for dummies?) I also did "dispatch-conf" and checked for modules changes. I threw an "env-update" in there too. I also did a reboot in there (not shown) to make sure the system came up with the proper environment in place.

 
 root@system# dispatch-conf
 root@system# eselect modules list
     [ look through modules for anything to upgrade ] 
 root@system# eselect module set <desired number>
 root@system# env-update 

Equery is good here too. Next, if it's been a while or I want to make sure everything is clean, I will emerge the entire system with the new toolchain (gcc, glibc, other items). I create a new input file. (emerge world will come later). Read and take notes of all the emerge warnings and messages - there will be a long list - copy it down now before it's gone.

 
 root@system# emerge -evp system | tee /my/inputfilename.txt
 root@system# cat /my/inputfilename.txt | perl -nle '$_ =~ s/^\[ebuild........\] /=/; print ;' >
   /my/inputfilename2.txt
 root@system# cat /my/inputfilename2.txt | awk '{ print $1 }' > /my/inputfilename3.txt
 root@system# emerge -eav `cat /my/inputfilename3.txt`
 root@system# [say Yes]
 root@system# tail -500 /var/log/emerge.log 
  [ you might need this to view progress if the emerge has broken down
    without completing]
 root@system# revdep-rebuild -p

Preparation and World

If anything is blocking your world build, you can unmerge it now. For that matter, if anything is just crufty, not needed, or obstinate, you can nuke it now. Check reverse dependencies first though.

 
 root@system# emerge -uvDNp  --with-bdeps y --backtrack 100 @world
 root@system# equery depends obsoletepkg
 root@system# emerge --unmerge obsoletepkg
 root@system# emerge --unmerge stupidpkg
 root@system# emerge -uvDNp  --with-bdeps y --backtrack 100 @world | tee /my/inputfilename.txt
 root@system# cat /my/inputfilename.txt | perl -nle '$_ =~ s/^\[ebuild........\] /=/; print ;' >
    /my/inputfilename2.txt
 root@system# cat /my/inputfilename2.txt | awk '{ print $1 }' > /my/inputfilename3.txt
 root@system# emerge -uvDNa `cat /my/inputfilename3.txt`
  [ say yes, it updates my world ]
 root@system# emerge -p --depclean

After this completes, it is a successful update of the world. But not a complete tune-up yet. Need to keep the depclean step until last. Always pretend this, it's not safe to let it run.

I manually pick through the depclean list, and get rid of stuff. My success rate was about 50%: about half the stuff depclean wanted to toss, I was worried so I just left it in. 50% I manually unmerged.

 
 root@system# haskell-updater -q
 root@system# revdep-rebuild -p
 root@system# revdep-rebuild
 root@system# eclean-pkg -p
 root@system# eclean-dist -p

You may run into issues with a package or 2 here or there. Don't lose heart. Usually an emerge of one thing or another cures it all. After researching on gentoo-forums, it's common to find a workaround. This was a success.

Optional Followup Steps

 
 root@system# exit
  [ restart the LXC guest from the host. ]
 root@host# lxc-start -n Guest_Gentoo
 root@host# lxc-attach -n Guest_Gentoo
 root@system# emerge -eav  `cat /my/inputfilename3.txt`
  [gives me the new world, all fresh from the new toolchain]
 root@system# revdep-rebuild -p
 root@system# revdep-rebuild
  [ you might need to take care of some things before you can rebuild ]




1998-2020 Celebrazio.net