[WORKAROUND] Unable to update and package install (ERROR: It was not possible to identify which pfSense kernel is installed)
-
@stephenw10 said in Unable to update and package install (ERROR: It was not possible to identify which pfSense kernel is installed):
What does the output of
pkg infoactually show?A lot of installed packages.
As You suggest:
Ok, you are missing the pfSense-repo and pfSense-upgrade packages.
So I would run:
pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade
As shown here: https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#forced-pkg-reinstallAs a result:
- 6 .pkg files from /root/var/cache/pkg/ was deleted
- 3 packages reinstalled
- after reboot I still cannot see installed before packages (achieved...)
But now for me MUCH IMPORTANT that after restoring on a fresh 2.7.0 install from backup, after all packages installed manually, SOME SETTINGS RESTORE, BUT SOME - NO (I not mean whole section not restored, I mean SOME SETTINGS VITHIN CATEGORY, as in my case, some Firewall rules for Interfaces Groups not restored, and this Interfaces Groups not restored...and may be something else, who knows?)
So now the main question are: how to manually ensure that settings from backup successfully restored ?, this mean step by step check each settings in backup config...
-
@nollipfsense said in Unable to update and package install (ERROR: It was not possible to identify which pfSense kernel is installed):
@sergei_shablovsky Should post in Development 2.7 section so developers are aware of issues.
After CE's developers make a public version with missing “;” at the end of string (see discussion, but conclusion are “there are no sufficient code control at all”), I am not sure that make big sense... :)
-
You should always restore the complete config if you restoring into a new install.
Restoring sections will only restore those parts and, more importantly, they do not get put through the config updater so you can only restore into the same config version.
Steve
-
@stephenw10 said in Unable to update and package install (ERROR: It was not possible to identify which pfSense kernel is installed):
You should always restore the complete config if you restoring into a new install.
Restoring sections will only restore those parts and, more importantly, they do not get put through the config updater so you can only restore into the same config version.
Thank You for explanation, mr. Steve!
Please confirm: the ability to restoring certain section of backup .xml valid and make sense only if I need restore on the SAME SUBVERSION, 2.6.4 -> 2.6.4, 2.6.0 - > 2.6.0, 2.6.0 -> 2.6.4, BUT NOT THE DIFFERENT VERSION (major or minor) 2.6.4 -> 2.7.0, 2.6.0 -> 2.7.0, 2.6.4 -> 2.7.2.
I understand You correctly?
If Your answer would be “yes”, so let’s to note that after I making already as You suggest (restoring all from .xml backup file and then restart):
- previously installed packages disappear in Package manager pages, and from all main menus;
- I find that some settings disappear (Interfaces Groups for example, but may be more, how to find that?);
So because of this, next try I decide making step-by-step: restoring from .xml backup file 1(one) category at a time , then hardware rebooting, to understanding on which step there are problem come in, to eliminate “damage” if possible to say that... ;)
-
The part that matters is the config version. So if you look in the config file you will see:
<?xml version="1.0"?> <pfsense> <version>22.6</version>When you import an older config into a newer pfSense version it runs it through a series of upgrade scripts for each version change so that the final imported config is compatible with the system. However the config version only appears once in the file so if you import only a section of it that won't contain the version and it will not be upgraded. You may end up with a config that cannot be loaded.
I personally never import sections of config, it's far safer to import only the complete config file.See: https://docs.netgate.com/pfsense/en/latest/backup/restore.html#restore-options
Steve
-
@stephenw10 said in Unable to update and package install (ERROR: It was not possible to identify which pfSense kernel is installed):
The part that matters is the config version. So if you look in the config file you will see:
<?xml version="1.0"?> <pfsense> <version>22.6</version>When you import an older config into a newer pfSense version it runs it through a series of upgrade scripts for each version change so that the final imported config is compatible with the system. However the config version only appears once in the file so if you import only a section of it that won't contain the version and it will not be upgraded. You may end up with a config that cannot be loaded.
I personally never import sections of config, it's far safer to import only the complete config file.See: https://docs.netgate.com/pfsense/en/latest/backup/restore.html#restore-options
Thank You for so detailed explanation. Of course, I re-read ALL Docs again carefully with a cup of tee.
Thank You again for patience and attention to my problem.
-
@stephenw10
So now the main question now are: how to manually ensure that settings from backup successfully restored ?, this mean step by step check each settings in backup config...Because a lot of settings in each package, I do not remember exactly settings, of course. (May be needed to make PDF copy of each page of settings next time ;)
-
All the package settings are stored in the main config file. If you restore the complete config file all the package settings will come with it.
The settings shown in the GUI are only what is loaded from the config at boot.Steve
-
@stephenw10 said in Unable to update and package install (ERROR: It was not possible to identify which pfSense kernel is installed):
The part that matters is the config version. So if you look in the config file you will see:
<?xml version="1.0"?> <pfsense> <version>22.6</version>When you import an older config into a newer pfSense version it runs it through a series of upgrade scripts for each version change so that the final imported config is compatible with the system. However the config version only appears once in the file so if you import only a section of it that won't contain the version and it will not be upgraded. You may end up with a config that cannot be loaded.
I personally never import sections of config, it's far safer to import only the complete config file.See: https://docs.netgate.com/pfsense/en/latest/backup/restore.html#restore-options
Thank You for suggestions, Steve!
So, I check double twice: install pfSense on a bare metal, reboot, then install all needed packages (reboot after each package), then backup from .xml backup file, wait 2h, then reboot, the result are the same: packages disappear from installed, not possible to update/upgrade from menu or manually, ping from pfSense CLI on monitoring 1.1.1.1 / 8.8.8.8 are ok, but ping / traceroute on other sites - no, LAN are working (surfing web as test), but sometimes some images not loaded...
Your suggestion?
P.S.
$ host -t srv _https._tcp.packages.netgate.com ;;connection timed out; no servers could be reached; $ host files01.netgate.com. ;;connection timed out; no servers could be reached; $ host files00.netgate.com. ;;connection timed out; no servers could be reached; # pkg-static update -f Updating pfSense-core repository catalogue... pkg-static: https://packages-beta.netgate.com/packages/pfSense_master_amd64-core/meta.txz: No address record repository pfSense-core has no meta file, using default settings pkg-static: https://packages-beta.netgate.com/packages/pfSense_master_amd64-core/packagesite.pkg: No address record pkg-static: https://packages-beta.netgate.com/packages/pfSense_master_amd64-core/packagesite.txz: No address record Unable to update repository pfSense-core Updating pfSense repository catalogue... pkg-static: https://packages-beta.netgate.com/packages/pfSense_master_amd64-pfSense_devel/meta.txz: No address record repository pfSense has no meta file, using default settings pkg-static: https://packages-beta.netgate.com/packages/pfSense_master_amd64-pfSense_devel/packagesite.pkg: No address record pkg-static: https://packages-beta.netgate.com/packages/pfSense_master_amd64-pfSense_devel/packagesite.txz: No address record Unable to update repository pfSense Error updating repositories! -
Are you installing 2.7?
The config you are restoring is setting the repo to next-dev-version so if you are installing 2.6 and then restoring that it will cause it to try to use the wrong repo and fail.
You don't need to install packages before restoring is will pull them in at the first boot after the install.
But it looks like you have some more general connectivity issue happening there. Those SRV records should resolve:
steve@steve-MMLP7AP-00 ~ $ host -t srv _https._tcp.packages.netgate.com _https._tcp.packages.netgate.com has SRV record 10 10 443 pkg00-atx.netgate.com. _https._tcp.packages.netgate.com has SRV record 10 10 443 pkg01-atx.netgate.com. steve@steve-MMLP7AP-00 ~ $ host -t srv _https._tcp.packages-beta.netgate.com _https._tcp.packages-beta.netgate.com has SRV record 10 10 443 pkg01-atx.netgate.com. _https._tcp.packages-beta.netgate.com has SRV record 10 10 443 pkg00-atx.netgate.com.Steve
-
Please see Jim's note here below and why it's important to post in development section.
https://forum.netgate.com/topic/171891/update-failure-2-7-0-development-amd64-built-on-tue-apr-26-06-13-40-utc-2022-freebsd-12-3-stable
pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud. -
@stephenw10 said in Unable to update and package install (ERROR: It was not possible to identify which pfSense kernel is installed):
Are you installing 2.7?
Yes, pfSense 2.7 CE
The config you are restoring is setting the repo to next-dev-version so if you are installing 2.6 and then restoring that it will cause it to try to use the wrong repo and fail.
You don't need to install packages before restoring is will pull them in at the first boot after the install.
I trying several times with and without installing packages before restoring from .xml backup file.
Result are the same.But it looks like you have some more general connectivity issue happening there. Those SRV records should resolve:
steve@steve-MMLP7AP-00 ~ $ host -t srv _https._tcp.packages.netgate.com _https._tcp.packages.netgate.com has SRV record 10 10 443 pkg00-atx.netgate.com. _https._tcp.packages.netgate.com has SRV record 10 10 443 pkg01-atx.netgate.com. steve@steve-MMLP7AP-00 ~ $ host -t srv _https._tcp.packages-beta.netgate.com _https._tcp.packages-beta.netgate.com has SRV record 10 10 443 pkg01-atx.netgate.com. _https._tcp.packages-beta.netgate.com has SRV record 10 10 443 pkg00-atx.netgate.com.Because ping/traceroute not working for anything excluding LANs, and ping are ok only for 1.1.1.1/8.8.8.8 I come with the same conclusion.
But where is the source of problem and how to find them?
-
@nollipfsense said in Unable to update and package install (ERROR: It was not possible to identify which pfSense kernel is installed):
Please Jim's note here below and why it's important to post in development section.
https://forum.netgate.com/topic/171891/update-failure-2-7-0-development-amd64-built-on-tue-apr-26-06-13-40-utc-2022-freebsd-12-3-stable
Thank You that point me.
Hm, I never imagine that Netgate was making so unstable upgrade...
-
@sergei_shablovsky said in Unable to update and package install (ERROR: It was not possible to identify which pfSense kernel is installed):
I never imagine that Netgate was making so unstable upgrade...
What?!
We specifically stopped updating the snapshot servers in order to shield end users from any instability these significant changes might introduce. The snapshot servers are still there and you can still pull pkgs from them. They are just not being updated currently. It will not prevent you accessing the servers.
You might be seeing an IPv6 issue. Try:
host -4t srv _https._tcp.packages-beta.netgate.comSteve
-
@stephenw10 said in Unable to update and package install (ERROR: It was not possible to identify which pfSense kernel is installed):
@sergei_shablovsky said in Unable to update and package install (ERROR: It was not possible to identify which pfSense kernel is installed):
I never imagine that Netgate was making so unstable upgrade...
What?!
We specifically stopped updating the snapshot servers in order to shield end users from any instability these significant changes might introduce. The snapshot servers are still there and you can still pull pkgs from them. They are just not being updated currently. It will not prevent you accessing the servers.
According stopping to updating snapshots to end users - totally agree with you.
You might be seeing an IPv6 issue. Try:
host -4t srv _https._tcp.packages-beta.netgate.comThank You, Steve.
The result are:
;;connection timed out; no servers could be reached -
Can it resolve anything?
Didn't you have an issue very similar to this previously?
-
@stephenw10 said in Unable to update and package install (ERROR: It was not possible to identify which pfSense kernel is installed):
Can it resolve anything?
Unfortunately, NO
Also I check ipv6 settings everywhere,- nothing used.
Didn't you have an issue very similar to this previously?
No any similar...
-
The problem come right after update from .xml backup file. Because of this I try to determine which section of .xml backup file impact on this: as I describe before, installing one-by-one. Trying installing packages before, and after restoring... But results are the same: all looks like ok, but after System section restoring - going to wrong state, and connection to outside partially loss..
I more than sure that with .xml backup file are all ok, because I make 3 copy of them on 3 different media.
-
Today I found that:
- if disable DNS Resolver
- reboot
- when enabling DNS Resolver
After pressing Save button on DNS Resolver webGUI page, the follow error appear on top of the page (not on separate pop-up or info/alert part of page, just on upper background):
Warning: file_put_contents(/var/unbound/sslcert.crt): failed to open stream: No such file or directory in /etc/inc/unbound.inc on line 314 Warning: chmod(): No such file or directory in /etc/inc/unbound.inc on line 315 Warning: file_put_contents(/var/unbound/sslcert.key): failed to open stream: No such file or directory in /etc/inc/unbound.inc on line 316 Warning: chmod(): No such file or directory in /etc/inc/unbound.inc on line 317 -
You have pfBlocker in the config but not installed perhaps?
