Long boots after 22.01 update on SG-3100 with pfBlockerng
-
@stephenw10 So I did the update to System Patches and disabled pfB-devel and still got the delay. (FYI, it didn't delay this way in the last firmware release.)
But the Ctrl-T list is a bit different with pfB-devel disabled:
Starting CRON... done. Starting package ntopng...done. Starting package Avahi...done. Starting package OpenVPN Client Export Utility...done. Starting package System Patches...done. load: 1.55 cmd: fcgicli 91461 [sbwait] 30.31r 0.00u 0.00s 0% 2088k load: 1.46 cmd: fcgicli 91461 [sbwait] 40.95r 0.00u 0.00s 0% 2088k load: 1.39 cmd: fcgicli 91461 [sbwait] 49.12r 0.00u 0.00s 0% 2088k load: 1.36 cmd: fcgicli 91461 [sbwait] 54.33r 0.00u 0.00s 0% 2088k load: 1.41 cmd: sleep 89616 [nanslp] 0.53r 0.00u 0.00s 0% 1908k load: 1.38 cmd: sleep 89616 [nanslp] 4.35r 0.00u 0.00s 0% 1912k load: 1.35 cmd: fcgicli 91461 [sbwait] 71.00r 0.00u 0.00s 0% 2088k load: 1.32 cmd: fcgicli 91461 [sbwait] 74.36r 0.00u 0.00s 0% 2088k load: 1.37 cmd: fcgicli 91461 [sbwait] 79.15r 0.00u 0.00s 0% 2088k load: 1.34 cmd: fcgicli 91461 [sbwait] 84.16r 0.00u 0.00s 0% 2088k load: 1.34 cmd: fcgicli 91461 [sbwait] 88.01r 0.00u 0.00s 0% 2088k load: 1.31 cmd: fcgicli 91461 [sbwait] 92.50r 0.00u 0.00s 0% 2088k load: 1.29 cmd: fcgicli 91461 [sbwait] 97.60r 0.00u 0.00s 0% 2088k load: 1.27 cmd: fcgicli 91461 [sbwait] 102.41r 0.00u 0.00s 0% 2088k load: 1.24 cmd: fcgicli 91461 [sbwait] 106.22r 0.00u 0.00s 0% 2088k Starting package pfBlockerNG-devel...done. Starting /usr/local/etc/rc.d/pfb_dnsbl.sh...done. Starting /usr/local/etc/rc.d/pfb_filter.sh...done. Netgate pfSense Plus 22.01-RELEASE arm Mon Feb 07 16:39:01 UTC 2022 Bootup completeI will now try again with System Patches removed, then I'll try removing pfB-devel (keeping settings).
-
@stephenw10 pfB-devel seems to be the culprit.
Disabling didn't have an effect but after I removed the package, the boot sped through the CRON startup section as expected.
However, with the package removed, the following lines appeared in the boot console even after several reboots.
Loading configuration......done. sh: /usr/local/pkg/pfblockerng/pfblockerng.sh: not found Updating configuration...done.I'm reinstalling the package now to see if that clears the behavior.
-
Confirming that re-installing the current pfBlocker-devel causes the boot delay to return even if the package is disabled.
I'd be fine if this thread were moved to the appropriate module forum.
-
S stephenw10 moved this topic from Official Netgate® Hardware on
-
You might try the patch for pfctl latency anyway. See if that makes any difference to the boot times.
-
@stephenw10 Unfamiliar with that patch. Link?
-
@lohphat said in Long boots after 22.01 update on SG-3100 with pfBlockerng:
Link
Install the System_Patches, version 2.0_2.
Go to System > Patches
Probably this one :
( part of the " Recommended System Patches for Netgate pfSense
software version 2.6.0 " list ) -
Still long delay during boot after applying patch:
Starting CRON... done. Starting package ntopng...done. Starting package Avahi...done. Starting package OpenVPN Client Export Utility...done. Starting package System Patches...done. load: 1.20 cmd: php-cgi 62419 [nanslp] 7.64r 0.74u 0.12s 3% 32304k load: 1.18 cmd: php-cgi 62419 [nanslp] 11.46r 0.74u 0.12s 2% 32304k load: 1.18 cmd: php-cgi 62419 [nanslp] 14.91r 0.74u 0.12s 1% 32304k load: 1.17 cmd: php-cgi 62419 [nanslp] 18.47r 0.74u 0.12s 0% 32304k load: 1.15 cmd: php-cgi 62419 [nanslp] 22.77r 0.74u 0.12s 0% 32304k load: 1.14 cmd: php-cgi 62419 [nanslp] 26.28r 0.74u 0.12s 0% 32304k load: 1.14 cmd: php-cgi 62419 [nanslp] 29.63r 0.74u 0.12s 0% 32304k load: 1.13 cmd: sh 99162 [wait] 36.16r 0.00u 0.06s 0% 2408k load: 1.12 cmd: sh 99162 [wait] 38.75r 0.00u 0.06s 0% 2408k load: 1.12 cmd: sh 99162 [wait] 41.85r 0.00u 0.06s 0% 2408k load: 1.11 cmd: sh 99162 [wait] 44.27r 0.00u 0.06s 0% 2408k load: 1.11 cmd: sh 99162 [wait] 46.87r 0.00u 0.06s 0% 2408k load: 1.10 cmd: sh 99162 [wait] 49.87r 0.00u 0.06s 0% 2408k load: 1.09 cmd: sh 99162 [wait] 53.35r 0.00u 0.06s 0% 2408k load: 1.09 cmd: sh 99162 [wait] 56.46r 0.00u 0.06s 0% 2408k load: 1.08 cmd: sh 99162 [wait] 59.37r 0.00u 0.06s 0% 2408k load: 1.08 cmd: sh 99162 [wait] 62.32r 0.00u 0.06s 0% 2408k load: 1.08 cmd: sleep 91323 [runnable] 0.00r 0.00u 0.00s 0% 1852k load: 1.07 cmd: sh 99162 [wait] 68.90r 0.00u 0.13s 0% 2404k load: 1.07 cmd: sleep 91323 [nanslp] 6.62r 0.00u 0.00s 0% 1912k load: 1.07 cmd: sh 99162 [wait] 75.85r 0.00u 0.13s 0% 2404k load: 1.06 cmd: sh 99162 [wait] 79.77r 0.00u 0.13s 0% 2404k load: 1.06 cmd: sh 99162 [wait] 83.12r 0.00u 0.13s 0% 2404k load: 1.06 cmd: sh 99162 [wait] 86.71r 0.00u 0.13s 0% 2404k load: 1.05 cmd: sh 99162 [wait] 90.06r 0.00u 0.13s 0% 2404k load: 1.05 cmd: sh 99162 [wait] 93.93r 0.00u 0.13s 0% 2404k load: 1.04 cmd: sh 99162 [wait] 97.54r 0.00u 0.13s 0% 2404k load: 1.04 cmd: sh 99162 [wait] 101.57r 0.00u 0.13s 0% 2404k load: 1.04 cmd: sh 99162 [wait] 105.56r 0.00u 0.13s 0% 2404k load: 1.04 cmd: sh 99162 [wait] 109.68r 0.00u 0.13s 0% 2404k Starting package pfBlockerNG-devel...done. Starting /usr/local/etc/rc.d/pfb_dnsbl.sh...done. Starting /usr/local/etc/rc.d/pfb_filter.sh...done. Netgate pfSense Plus 22.01-RELEASE arm Mon Feb 07 16:39:01 UTC 2022 Bootup complete -
Does it do the same if you restart the service? Or running forced update or reload in pfBlocker?
-
@stephenw10 The boot would delay even if the package was disabled.
I've run the reload and is completes in 10-15 seconds.
-
If the aliases are present it may still be populating them even when disabled. Do you have a load of things selected in pfBlocker? It could be having to time-out on some if they are not responding.
Steve
-
@stephenw10 I can reload sources in 10-15 seconds when it's up and running.
Also, why wouldn't "Starting package pfBlockerNG-devel..." display while it is processing and then print "done.\n" when finished after the long delay? It's hanging for several minutes at boot then prints the entire line "Starting package pfBlockerNG-devel...done." all at once -- even if the package is disabled.
-
Well it depends how that script is run. What I suspect is that the actual service the pfBlocker installs starts pretty much instantly. The aliases are not a service though. It's probably trying to populate those before it tries to start 'pfBlockerNG DNSBL Web Server'.
Steve
-
FOUND IT!
It's related to "pfBlockerNG-devel: Version 3.1.0_2 - Fix for #12706" topic.
If /tmp and /var are set to use a ramdisk then the long boot delay appears. Disabling it results in no delay.
-
This post is deleted! -
The 3.1.0_2 update did not fix the long boot delay.
The Ctrl-T process output at the hang point is similar.
-
Note: there seems to be a v3.1.0_3 on its way...
-
Just updated to 3.1.0_4 and the delay at boot is still happening if the ramdisk for /etc and /var are enabled.
-
For me 3.1.0_4 works. With ramdisk enabled rebooting of the system (22.01) takes about. 80 s.
-
To be clear, the WebConfigurator UI comes up fine but the boot isn't complete.
Here's more interesting data (BTW, using unbound in python mode and pfBlocker python extensions enabled):
-
Long boot even if 3.1.0_4 is installed but disabled.
-
Short boot when I remove the package entirely.
-
I noticed that when I reinstalled 3.1.0_4 (retaining old configs) that during the reinstall the message:
"Executing custom_php_resync_config_command()..."
was taking about the SAME TIME time as the boot delay.
So this time I removed the package and DID NOT save my prior config and reinstalled so I'd have a blank config.
The boot time was short.
AHA!
So it seems my old config was the culprit.
I am now rebuilding my config (I have a dual WAN and multiple internal network segments, e.g. IoT corralled on own SSID) so it will take some time.
I will report back if the long delay returns again.
-
-
The issue of long boot seems to be related to Maxmind. Once I enter my license key and reload then any subsequent reboot is long.
