Not all the packages have "preserve settings" abiliy

Gertjan

@kpucko

It's possible that, when you remove packages before hitting the pfSense 'upgrade' button, some packages have also their settings removed.

But, who cares as just before you start removing the pfsense packages, you have made you 'in case of' copy of the config.xml file.

When you finished upgrading pfSEnse, and did your last "reboot test", you import your saved config.xml.
This will re install all missing packages and their settings will be there also.

For good manners, just another reboot when this is done, and everything is back.

provels

FWIW, I've never removed packages before upgrade and haven't had issues, but maybe just lucky. I'm going to as @Gertjan suggests and backup, remove, upgrade, and restore going forward.

Gertjan

@provels
Another FWIW : I've never removed what so ever during, ... well ... since upgrading pfSense 1-beta, way back.
That's not what the doc told me to do.

KpuCko

@gertjan

But, who cares as just before you start removing the pfsense packages, you have made you 'in case of' copy of the config.xml file.

When you finished upgrading pfSEnse, and did your last "reboot test", you import your saved config.xml.
This will re install all missing packages and their settings will be there also.

For good manners, just another reboot when this is done, and everything is back.

Sorry, just to ensure I have got it right, prior the upgrade follow the steps mentioned below in this order:

1. Perform sanity reboot (in case of issues fix, and continue with step 2)
2. Download backup (Diagnostics > Backup & Restore), save extra data checkbox
3. Make a list of all installed packages
4. Remove the packages
5. Perform the upgrade
6. Fix issues if there are any
7. Install packages
8. Restore config you have saved on step 2
9. Perform sanity reboot
10. Done

Gertjan

@kpucko
10 / 10 !

marcosm

Part of the reason it's recommended to remove packages before upgrading is to avoid potential upgrade issues caused by packages. For example, there was a recently fixed issue with pfBlockerNG and Unbound that would result in Unbound not running which required manual intervention. You can imagine that with DNS not working, other things are likely to fail. If I remember correctly, there's a similar issue with Squid that still exists.

johnpoz

@kpucko I think your missing a step to be honest.. Have a copy of clean install media, be it CE or + version you get from tac for your netgate appliance..

First step I always do is contact tac when a new + version comes out and get a copy. I also have my old version install media ready. But I have a netgate appliance - if your working with your own hardware, make sure you have a install copy of whatever new version your going to of CE.

Also if possible connect to console so you can watch in more detail the process, in case of any serious errors that just crash the process, etc. And always good idea to make sure you have console access before hand as well.

Well sure its not bad to uninstall all packages - I normally just uninstall the ones I don't use a day to day basis.. This go around I left haproxy, freerad, pfblocker, for example - just removed stuff I had installed at some point but don't consider critical.

KpuCko

@johnpoz

@kpucko I think your missing a step to be honest.. Have a copy of clean install media, be it CE or + version you get from tac for your netgate appliance..

First step I always do is contact tac when a new + version comes out and get a copy. I also have my old version install media ready. But I have a netgate appliance - if your working with your own hardware, make sure you have a install copy of whatever new version your going to of CE.

Valid point, which leads to another question, I'm home user (not have pfSense hardware) and use CE version of pfSense yet. Probably will get Plus version with LAB/Home license for free.

The question is how to get fresh installation media of Plus, please check this link.

provels

@kpucko Yes, home user here, too, but Intel. After going from CE to +22.01, 22.05, 23.01, it would be great to have current Plus install media to which I could apply my license. But I won't complain too hard...

KpuCko

@provels But I won't complain too hard...

So I see without TAC support, there is no installation media for Plus.
In this case the restore process is as follow:

1. Do fresh installation of latest CE version
2. Submit new license request for Plus
3. Upgrade to plus, reboot
4. Restore the config, reboot

This morning I tried to restore config from CE to Plus - no issues.
Probably the other way around will work as well. So in my opinion configs are the same.

johnpoz

@kpucko said in Not all the packages have "preserve settings" abiliy:

So I see without TAC support, there is no installation media for Plus.

There is only + install media for netgate appliance.. If you have an appliance, you can always get the install media you don't need any sort of tac subscription that you pay for etc.

I am not aware of any + install for 3rd party hardware, even if you had a tac enterprise level subscription.

KpuCko

@johnpoz

There is only + install media for netgate appliance.. If you have an appliance, you can always get the install media you don't need any sort of tac subscription that you pay for etc.

I am not aware of any + install for 3rd party hardware, even if you had a tac enterprise level subscription.

Aha, now the things are much clear. Understood. It sounds quite logical to have certified ISO version only for NetGate hardware products.

Thanks for the clarification @johnpoz