To 23.01 or not ? that is the question :)
-
I have no issues so far , besides to have to set speed shift , > instead of using PowerD.
You are a lucky guy! Many reported much more ram usage, as me before but no on 23.01 release and three packets updated yesterday all is fine again.
I think I will never get an uptime like you with pfSense
or if I get another box I use one for private usage and
one for playing around with it. -
@dobby_ said in To 23.01 or not ? that is the question :):
much more ram usage
There's a patch for that. :)
-
This one :
@chudak said in To 23.01 or not ? that is the question :):
I did get a crash error and again this:
An error occurred while uploading the encrypted Netgate pfSense Plus configuration to https://acb.netgate.com/save (Could not resolve host: acb.netgate.com) @ 2023-02-22 09:46:19is special.
You - or the pfSense itself added/changed something to the config.
Like a monitoring stats file update.
And it decided to save a copy at "acb.netgate.com".
But, for reasons you can figure out, the resolver was just restarting at that moment.
The backup script won't "wait a bit" and times out right away with a "can't resolve acb.netgate.com". It it would have cached the IP of "acb.netgate.com" (as it is a Netgate server with a very fixed IP 208.123.73.212 that probably 'never' changes) the transfer would have sucseeded).The 'crash' :
@chudak said in To 23.01 or not ? that is the question :):
Module compiled with module API=20210902
PHP compiled with module API=2019090is another famous one.
PHP was running smoothly, doing upgrade/update stuff as always.
And then the system (PHP) decided to upgrade PHP itself.
7.4.x ( API base 20190902 ) to PHP 8.x ( API base 20210902 ).
And for some reason, PHP restarted while doing so.
It got confused : The - not yet - main php.ini file says : use API "20190902" but it found "20210902".
Something like that.The next time the PHP process restart, everything will be fine.
It looks scary, but isn't a big deal.
I guess some day, Netgate will decide to clean up this part by shelling out to a not-PHP script to upgrade PHP. Or something like that. -
@steveits said in To 23.01 or not ? that is the question :):
@dobby_ said in To 23.01 or not ? that is the question :):
much more ram usage
There's a patch for that. :)
Done! Thanks for that info, I will see how it works.
-
Upgrade 22.05 to 23.01, on 7100 1u (slave).... impossible to connect on after.
I try to go back to the default config... same way.
I try to install by pfSense-plus-memstick-serial-23.01-RELEASE-amd64.img furnished by netgate... same way.
I go back to 22.05 with installation file furnished by netgate... many troubles, at the end not possible to reinstall the packages.....
-
@globo said in To 23.01 or not ? that is the question :):
I go back to 22.05 with installation file furnished by netgate... many troubles, at the end not possible to reinstall the packages.....
Youโll need to set the update branch to Previous Stable (22.05) to successfully install packages for 22.05.
-
@steveits A great thanks.....
-
@stephenw10 said in To 23.01 or not ? that is the question :):
You only need ichsmb0 disabled.
Disabling EHCI also stops the error flood but it also disables the eMMC because that is USB connected in RCC-VE, including the 4860.
It seems like there may be a bit more to it according to this post and the larger thread it's in, which was a follow-up to what I thought was a fully answered question I posed, but apparently was not the complete story.
It's possible that while ichsmb0 takes care of the bulk of the issue, ehci0 may still be a lesser contribution to some errant interrupt. Of course disabling ehci0 might be a bigger pill to swallow for multiple reasons. It seems this could have been much better documented in the hardware errata and there really should have been a public Redmine bug with all the gory details. The "Netgate internal Redmine" bug reference didn't do us any favors.
-
@johnpoz said in To 23.01 or not ? that is the question :):
Upgrade took approx 15 minutes before I was logging into the gui again
Thank you for noting this! Without your comment on how long things took, I would've thought something was very wrong. I just upgraded my SG-5100 from 22.05 and it was sitting on "Rebooting... do not turn off" and retrying for quite some time. I was just about to plug in a debug console on the 5100 when the GUI came back (edit: after looking at the SMTP messages the 5100 sent to my Notifications e-mail address, the reboot took 10 minutes).
All services are up and running; the only other surprise is that there were no package updates. I'm running:
- list itembandwidth 0.7.5
- Cron 0.3.8_3
- openvpn-client-export 1.8
- pfBlockerNG-devel [edit:
3.2.0_33.1.0_11] - Service_Watchdog 1.8.7_1
- System_Patches 2.1
I'm really looking forward to faster Unbound restarts in python mode (thanks Christian!)...
-
@draco Updating can take quite a while depending on CPU and moreso disk speed. Hence my sig. :) I actually made a redmine feature request to remove the timer this time around.
re: package updates, an upgrade will install the newer packages. So there should never be package updates after a pfSense upgrade. I think it technically does an uninstall/reinstall? pfB 3.2 and patches 2.1 are both new in 23.01 I am pretty sure. Usually I follow Netgate's upgrade guide and uninstall at least pfBlocker and Suricata before upgrading.
-
@steveits said in To 23.01 or not ? that is the question :):
uninstall at least pfBlocker and Suricata before upgrading
I've been successful with just disabling pfBlocker vs. uninstalling it. I didn't read my own checklist and didn't disable pfBlocker this time [edit:
because I was already on 3.0.2_3though I was on 3.1.0_11] ... just glad it didn't hiccup.On your Redmine submission, it would sure be nice if pfSense had an option to capture some of the Debug stream during the update/reboot process as a way to show things are not hung. I nearly plugged in a debug console because the lights on my 5100 looked like all was good, but it wasn't "running" (e.g. gateway ping from inside the network failed).
If you don't mind, I'll update your request with this...
-
@draco The issue there is if the OS isn't booted then the web server isn't running, so there's nothing for the browser to connect to...
-
@steveits Of course ... hence the need for a debug port, which I guess I will have to rely on in the future.
Your explanation for why it took so long makes sense. I seem to recall past upgrades waiting until the GUI was up to update packages (and putting up a banner to that effect). While I think this is better (not booting until all the packages are updated), it does make for a bit of anxiety for those doing the upgrade.
-
Yup, that.
The safest way to upgrade is from the console where you can see exactly what's happening.
For this upgrade you will see a lot of errors there though because of the PHP version upgrade. That's expected but can be alarming if you're not expecting it.Steve
-
@draco said in To 23.01 or not ? that is the question :):
I would've thought something was very wrong. I just upgraded my SG-5100 from 22.05 and it was sitting on "Rebooting... do not turn off" and retrying for quite some time. I
Something was wrong.
You have a 5100, so yo can't see the updating process on a 'screen' hooked up to the HDMI or VGA port. As it hasn't.
But they gave you the most important tool in the box when you got your 5100, and I'm not talking about the power brick. The console cable ! Use it !
It permits you to see what going on.
It permits you to post here if you see that somethings went during upgrading, so you can post here with a detailed message / question, instead of "doesn't work".
Also, you would have noticed that, for example, if you upgrade with all packages installed, it takes just moments to "upgrade reboot et done" for pfSense, but re installing all the packages will take minutes as every time the Netgate upgrade systems get hit, and everybody is hitting them all the time lately ;)The idea to have the GUI use some code magic (JS polling, like the dashboard) to follow the boot process is not bad ...
But the system reboots right after the unpacking. This is normally a fast process.
That means that there is no web server anymore. So no JS will get answered.
No "NIC" anymore.
Your not logged in anymore.
And when it comes back, the kernel has to be loaded.
Started, and do it's hardware scan.
Find a boot drive.
Load all the drivers.
Init all the process, like the web server.
The web server will tell the browser : f*ck you, you are not logged in : I take no JS requests from you.
And then, when you logged in, your update screen updates suddenly ... but now the system is fully operational already.
You see even now : Please wait while the system upgrades now all the packages.So ..... what about this one (as the serial support is activated way before the device even know it has to boot a FreeBSD kernel) : use the console cable ? ;)
I've chosen to upgrade on from the console anyway.
As nobody cares when I upgrade a light-bulb in the toilet.
Neither when Windows upgrades his anti virus.
But when I 'touch' the major live line, as our Internet connection is these days, I want to stay on as close as possible. As I can't go home before it works again.@draco said in To 23.01 or not ? that is the question :):
I'm really looking forward to faster Unbound restarts in python mode
@draco said in To 23.01 or not ? that is the question :):
pfBlockerNG-devel [edit: 3.2.0_3 3.1.0_11]
Then why not using 3.2.0_3 ?
Or, you should have taken the 4100 : it was 3 minutes, final reboot included.
-
@draco
I did an update to an SG5100 yesterday/day before. I usually plug the console in so I can monitor progress even if I kick update off by the GUI and there was lots of stuff going on. I think around 277 packages to update.Only issues I saw was warnings related to PHP files, looked like a version change, but did not seem to matter.
-
As I can't go home before it works again.
But when all department leaders came to an conference
with the boss, all will say only "Why the IT guy should get money for equipment" the network is running fine for years!
-
@mer Well sadly, I am going back to 22.05. I am having too many DNS issues with Unbound (I've been posting in the pfSense and pfBlockerNG forums about this).
Any DNS queries for entries not (or no longer in) the cache are really slow. It causes my browsers to lag, app updates to fail, and worst of all: overnight backups are failing.
I'm just glad I ensure I have the previous good release + config file on a USB stick. I'll be repaving (and perhaps upgrading to ZFS in the process) in a few days. Can't take the network down without some notice...