Re-image SG-1100 for ZFS in 22.05 or GUI Upgrade?

lrossi

@jimp Thanks for the response. I contacted TAC to request the firmware and already got a link to download it.

Their response time was incredible.

I will give it a shot tomorrow morning when all my users are offline.

johnpoz

@lrossi said in Re-image SG-1100 for ZFS in 22.05 or GUI Upgrade?:

Their response time was incredible.

I have to say I agree, been using pfsense for quite some time.. And appliances from netgate for long time as well. And I think the longest time I have waited for a response with links to the install for any of my appliances was like 23 minutes.. Normally its under 5..

And that 23 minute one was when I am sure they were just swamped.. This last time asking for 22.05 response was 5 minutes. Now there is was something wrong with the NC, and it wasn't working - but they corrected that in a quite timely manner as well.

If anything TAC is johnny on the spot for sure ;)

Cabledude

@jimp said in Re-image SG-1100 for ZFS in 22.05 or GUI Upgrade?:

The 1100 is compatible with ZFS, there shouldn't be an issues running it there. You are correct it will have to be reinstalled, but TAC can provide you with the appropriate installation media.

Dear Jim,
Thank you for explaining. I thought I read somewhere that 4GB RAM is recommended for ZFS, so I assumed it was not meant to use on an SG-1100 (as it only has 1GB RAM), which I also have and use as my home firewall/router.
Has ZFS been tested fully on the 1100 and would you recommend it?
I am using pfBlocker (default settings), Avahi, Service watchdog and system patches for a 300/40 internet connection. Family usage, very light occasional VPN usage.

Thanks,
Pete

jimp

@cabledude said in Re-image SG-1100 for ZFS in 22.05 or GUI Upgrade?:

Thank you for explaining. I thought I read somewhere that 4GB RAM is recommended for ZFS, so I assumed it was not meant to use on an SG-1100 (as it only has 1GB RAM), which I also have and use as my home firewall/router.

For use on systems in more storage-oriented roles it can use more RAM but for a firewall it's fine.

Has ZFS been tested fully on the 1100 and would you recommend it?

Yes

I am using pfBlocker (default settings), Avahi, Service watchdog and system patches for a 300/40 internet connection. Family usage, very light occasional VPN usage.

None of that should really matter that much for ZFS.

Cabledude

@jimp Thank you. Your response time today is impressive as well :

lrossi

I just wanted to let you know that i successfully installed the new PFsense+ 22.05 image on my SG-1100 without a problem.

But i have to say that 2 things surprised me:

1- All my settings were lost after the upgrade. I don't know if I had unrealistic expectations but I thought that PFsense was going to retrieve my settings from the "Auto Configuration Backup" service. In any event, I took a manual backup before the upgrade "Just in case" and I was able the get my settings in no time.

So, please, do yourself a favor and make a manual backup before doing this.

2- The firmware installation only required about 10 minutes. However, the packages re-installation needed a solid 30 minutes and internet was down until that process ended. So in reality this took about 40 minutes.

Due to the installation time it is very easy to think that something went wrong. So, if you are doing this, i will echo the advisement provided by Netgate to monitor the process by connecting to the console of your appliance. That will give you a live feedback of what is going on. The "blinking LED" doesn't tell you much.

Now, for those curious about the performance, the system seems to be running fine with ZFS.

In case you are wondering, the following are the services that I'm running:

Now, ZFS does take a toll on the processor and available memory because the processes increased from 168 to about 568; and the wire memory increased from 27.88% to 36.12%

I hope this helps anyone in the verge of upgrading their SG-1100.

Cabledude

@lrossi Ciao Irossi, Thank you so much for taking the time to do something for someone else. I appreciate this very much!

I would be very interested to hear about your first week experience. Does everything run well? No hiccups? Do you monitor your system resources 24/7?

Also: when you created the backup, did you "include extra data" and after you restored the backup, did your static IP leases come back as well? I have about 50 static IP's so it would be a nuisance to have to rebuild them manually.

Kind regards,
Pete

lrossi

@cabledude I will do my best to address your questions.

So far the system is running at least as good as it was before. Nobody in my network have noticed that a change occurred which should tell you about how well is working.

I just started to play around with grafana last week. So, i guess i'm monitoring my system 24/7.

I did check the option "Include extra data" when i did my backup. I always do as this only increases the size of the file to about 5MB.

I cannot answer your question about the Static IP reservation because i don't use them. The reason is that I use PFBlockerNG with "Unbond python mode" which, as far as i know, is incompatible with DHCP reservation. (see below)

Cabledude

@lrossi Thank you again! As soon as I have some time off from work I will ask netgate for the image and do the fresh install, followed by restoring my backup. As per your suggestion I will monitor the progress by using the USB cable and Terminal (Im a Mac user).

As for your DHCP comments: I don't use the option you mentioned (DHCP reservation in DNS resolver). Sometimes I mess up explaining what I mean. All I am doing is go to Menu -> Status -> DHCP leases and hit the "+" to the right of a device to "Add static mapping". this way these devices always get the same IP address. This makes it much easier to discover if there are unknown devices on my network.

Cheers,
Pete

rcoleman-netgate

@cabledude said in Re-image SG-1100 for ZFS in 22.05 or GUI Upgrade?:

As soon as I have some time off from work I will ask netgate for the image and do the fresh install

Use this page: https://www.netgate.com/tac-support-request

Cabledude

@cabledude said in Re-image SG-1100 for ZFS in 22.05 or GUI Upgrade?:

@lrossi Thank you again! As soon as I have some time off from work I will ask netgate for the image and do the fresh install, followed by restoring my backup.

@lrossi It has taken longer than I planned, but I did some work on pfSense tonight. So far I upgraded a second SG-1100, which I had prepared to deploy in our parents home, from 22.01/UFS to 22.05/ZFS. I created the backup first, connected USB cable to console, balena'd the image I received from Netgate and the upgrade went smooth, I'd say 5 mins. Then restoring the backup took another 5 mins. Much quicker than your 40 mins, but my config is as basic as can be.
So thanks for your advice. Soon I will update my home SG-1100 following the same procedure and report back. This is where I can see if the static DHCP leases will come over okay.

Until soon!

Gertjan

@cabledude said in Re-image SG-1100 for ZFS in 22.05 or GUI Upgrade?:

did your static IP leases come back as well? I have about 50 static IP's so it would be a nuisance to have to rebuild them manually.

These will be in the backup of the config.
The "extra bits" offer you to also backup the dhpd server database file.
This file list the relation between MAC addresses and handout out IP at that moment, and, if the leases are not renewed by the client, also the relation between MAC and IP (from the pool) in the past.
So this file is some what the opposite of what are the Static MAC DHCP leases.

@lrossi said in Re-image SG-1100 for ZFS in 22.05 or GUI Upgrade?:

1- All my settings were lost after the upgrade. I don't know if I had unrealistic expectations but I thought that PFsense was going to retrieve my settings from the "Auto Configuration Backup" service. In any event, I took a manual backup before the upgrade "Just in case" and I was able the get my settings in no time.

I'm using pfSense many years, and never actually tried to re use or recover a previous config like this. I actually never re installed pfSense since 2014 ? - only updated until 2.6.0, and then I got my "4100" and used the existing exported config from my 2.6.0 to create my 4100 based setup.

When you switch from UFS to ZFS, you've started the 22.05 installer and it will find a drive with UFS partitions. You could accept these, and then the installer will 'test' if a pfSense was installed previously, and try to locate the existing config.xml, load its, keeps it in memory (RAM) ( as no other storage is available at that moment ), then it reformats the drive (which is not partitioning) and rewrites all the files from the install archive the correct places. It terminates with putting the kept config.xml back in place.

When you switch from UFS to ZFS, a sub program is activated that :
Wipes all partitions .... like wiping the MBR. Drive content isn't actually lost, but there is no way to access it any more. Then, I guess, the USB installer restarts, so it detects a clean drive. It's this restart that makes it impossible to keep something also in memory. Again, there is probably no other drive or temporary disk available at that moment.

Retrieving the existing config.xml is a nice feature to have when you want to re install fast on the same system. Just to make sure all files are ok and non-system files are gone. It's like rebuilding the house from the original plans. Going to ZFS is like redoing your house, and while your at it, move it 2 feet further up north : you'll be wiping the foundation also.

You could accept that drive

@lrossi said in Re-image SG-1100 for ZFS in 22.05 or GUI Upgrade?:

Static IP reservation because i don't use them.

You should ^^
You don't care what IP is sued by device like phones etc as these devices do not propose services you need to access from other devices.
Printers, NAS, TV, cameras- or DVRs, air-conditioning etc : you want them to have a known IP, and a known short host name that you choose (not the device).

For every device on your network, you'll never have to change any network settings : leave it at DHCP, the network setting activated when you bought the device.
With Static DHCP MAC Leases on pfSense you decide what IP and 'easy name' is used for your most important devices, as you need to connect to them ones in a while.

Now you can decide to de activate :

and not only pfBlockerNG-devel becomes more 'usable', there is also another big advantage, believe me ;)

lrossi

@Cabledude I'm glad that your upgrade went smoothly and that everything just worked.

@Gertjan awesome post but i think you misunderstood my point. I was not expecting the installer to find my local config.XML and re-use it.

Instead, I thought that the installer was going to retrieve my settings from Netgate’s own servers as my current installation has the “Auto config Backup” enabled. See below

That service allows you to restore your system based on the settings that were automatically saved there. I personally have never used it but i figured that the installer was going to be smart enough to restore the settings based on this information if a local config.XML is not found in the system (such as when you change from UFS to ZFS as you described).

About the IP reservation, I think is a discussion worth having on a different post but I used to use it years ago on previous routers and then got tired of recreating the IP reservation tables every time I changed routers. To avoid this i decided to set static IPs and simple hostnames on every device that I could. That way if i ever had to upgrade the router then all devices will just work.

I de-activated the DHCP Registration because of pfBlocker-NG. I like the idea of having it but i like pfBlocker-NG better.

Gertjan

@lrossi said in Re-image SG-1100 for ZFS in 22.05 or GUI Upgrade?:

installer was going to retrieve

The onstaller doesn't know about hardware, like NIC, or further along in the OS boot process : a working Internet connection.

The "Auto Configuration Backup" also nedt the encryption key, and the big

so it's a chicken and egg problem.

The needed information is in the config.xml - the file you want to retrieve from Netgate - and you need this file to make a connection first

@lrossi said in Re-image SG-1100 for ZFS in 22.05 or GUI Upgrade?:

and then got tired of recreating the IP reservation tables every time I changed routers.

True.
I did the very same thing.
Then I came across pfSense, while using M0n0wall. That was more then a decade ago.
Since then, ones in a while, when a I upgrade my NAS, or buy a new network printer, I edit the related lease.
DHCP maintenance, for me, is ..... 10 minutes per year ?

This solves also the issue having devices with host names like
WIN-MO2CKKCAEP6
or devices that all use the same host name, or no host name.

For IPv6 this becomes even more important.

All this is my way of working of course. I am fine with other methods ^^

@lrossi said in Re-image SG-1100 for ZFS in 22.05 or GUI Upgrade?:

I de-activated the DHCP Registration because of pfBlocker-NG. I like the idea of having it but i like pfBlocker-NG better.

100 % agree.
But then I have these silly host names back in my DNS ...
I tend to force myself using host names, not IPs.
My printer : 2001:470:1e13:5c0:2::87 - I gave up .....

SteveITS

@lrossi said in Re-image SG-1100 for ZFS in 22.05 or GUI Upgrade?:

figured that the installer was going to be smart enough to restore the settings based on this information if a local config.XML is not found in the system (such as when you change from UFS to ZFS

The installer has a few ways to use/recover a config file during install but the auto backup is not one of them.

However I have personally used the "Recover config.xml From Existing Installation" optoin during a reinstall of 2.6 to format that disk for ZFS.

Cabledude

Okay I just upgraded my production SG-1100 using the image file sent by Netgate. I am now running 22.05 with ZFS.
As expected, the UI notifies me that "packages are currently being reinstalled in the background, Do not make changes etc...". So I am waiting patiently. However, I am also still connected to the console but there's nothing happening there. The last echo was my successful login. Shouldn't I be seeing ample activity there, busy to update all those packages?

SteveITS

@cabledude I don’t think I’ve tried to watch the console but I’d guess not since it’s running in the background . Try running “top” to look for activity.

Cabledude

@steveits Hi Steve, thanks. Are you referring to pfTop, option 9?

SteveITS

@cabledude No I was thinking just the top command since I'm used to shell commands. :)

https://www.unix.com/man-page/FreeBSD/1/top/
"q" quits it.

Cabledude

@steveits said in Re-image SG-1100 for ZFS in 22.05 or GUI Upgrade?:

https://www.unix.com/man-page/FreeBSD/1/top/

Okay so I am new to this but from the console menu I pressed an audacious "8" for "Shell" first, then typed "top" and got a terminal 1 second refreshing list of processes that nearly matches the GUI's System Activity. Thanks for the tip. Now what would be even more great is an echo of the package reinstall process events, like what you see during boot.

Anyway when I came back 3 hours later, turned out it took well over two hours before the reinstall finished:

General
Package reinstall process finished successfully @ 2022-09-10 03:45:05
(started around 01:30:00)