SG2100 stuck on update or package install
-
@michael_samer said in SG2100 stuck on update or package install:
I'm aware of how pfsense upgrade works and its limits. So far this second box ist still 22.05.1 as all my (about 10 pieces) boxes are.
Ah, apologies, I misunderstood then. Threads tend to mix together after a while. :)
-
@michael_samer said in SG2100 stuck on update or package install:
As mentioned I need 22.x as 23. is not allowed in my (military) site so far. But I got an old Image of V21.02p1.gz at hand.
You will have issues with this newer hardware revision and any releases prior to 22.05.1 -- but we can definitely re-send 22.05.1 to you for your system to see if reinstallation will resolve the repo access issue you're experiencing.
-
@rcoleman-netgate Hi Ryan
that Might help, but as mentioned: I've ten of this boxes with the same OS version (according to the box label), so plenty to tryout. I'd help anyway as I cannot unwrap all boxes just to find a way through the "minefiled".
As I've already defected two boxes by switching them on (and allowed the box to look into the repo) it'd help to minimize the impact. Usually I'd send them back to our dealer (Voleatech or esbyte in germany) and have them solve the problem, but the problem still stays the same no matter if I solve it or the dealer after some haggling around who's to blame.
The first box must be reinstalled as the repo and OS detection isn't working anymore. I'd prove my value by doing this :-) -
@michael_samer as we have no TAC contract our usual way would be to call the distributor and have them issue a TAC call and they transfer the image to me/us. That usually took a few days. Not critical so far, but not fast either.
Have you other ways? -
A TAC subscription is not needed to get images.
-
@rcoleman-netgate I created a call (1746519090) for 22.05.1; I'll see
-
Here's the log of the updater install:
[22.05.1-RELEASE][root@pfSense.home.arpa]/root: pkg-static info -x pfSense-upgrade
pfSense-upgrade-1.0_31
[22.05.1-RELEASE][root@pfSense.home.arpa]/root:[22.05.1-RELEASE][root@pfSense.home.arpa]/root: pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade
The following package files will be deleted:
/var/cache/pkg/pkg-1.19.1_1.pkg
/var/cache/pkg/pkg-1.19.1_1~0ecbdcaaa6.pkg
The cleanup will free 8 MiB
Deleting files: 100%
All done
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
The following 7 package(s) will be affected (of 0 checked):New packages to be INSTALLED:
pfSense-repoc: 20230605 [pfSense]Installed packages to be UPGRADED:
libucl: 0.8.1 -> 0.8.2 [pfSense]
pfSense-repo: 22.05_13 -> 23.05 [pfSense]
pfSense-upgrade: 1.0_31 -> 1.0_68 [pfSense]Installed packages to be REINSTALLED:
netgate-ping-auth-20221121 [pfSense] (ABI changed: 'freebsd:12:aarch64:64' -> 'freebsd:14:aarch64:64')
pkg-1.19.1_1 [pfSense]
uclcmd-0.1_3 [pfSense] (ABI changed: 'freebsd:12:aarch64:64' -> 'freebsd:14:aarch64:64')Number of packages to be installed: 1
Number of packages to be upgraded: 3
Number of packages to be reinstalled: 3The process will require 17 MiB more space.
13 MiB to be downloaded.
[1/7] Fetching uclcmd-0.1_3.pkg: 100% 17 KiB 16.9kB/s 00:01
[2/7] Fetching netgate-ping-auth-20221121.pkg: 100% 10 KiB 10.1kB/s 00:01
[3/7] Fetching pfSense-repo-23.05.pkg: 100% 6 KiB 6.0kB/s 00:01
[4/7] Fetching pkg-1.19.1_1.pkg: 100% 8 MiB 1.7MB/s 00:05
[5/7] Fetching pfSense-upgrade-1.0_68.pkg: 100% 20 KiB 20.3kB/s 00:01
[6/7] Fetching pfSense-repoc-20230605.pkg: 100% 5 MiB 1.2MB/s 00:04
[7/7] Fetching libucl-0.8.2.pkg: 100% 110 KiB 112.7kB/s 00:01
Checking integrity... done (0 conflicting)
[1/7] Upgrading libucl from 0.8.1 to 0.8.2...
[1/7] Extracting libucl-0.8.2: 100%
[2/7] Reinstalling netgate-ping-auth-20221121...
[2/7] Extracting netgate-ping-auth-20221121: 100%
[3/7] Installing pfSense-repoc-20230605...
[3/7] Extracting pfSense-repoc-20230605: 100%
[4/7] Reinstalling uclcmd-0.1_3...
[4/7] Extracting uclcmd-0.1_3: 100%
[5/7] Upgrading pfSense-repo from 22.05_13 to 23.05...
[5/7] Extracting pfSense-repo-23.05: 100%
[6/7] Reinstalling pkg-1.19.1_1...
[6/7] Extracting pkg-1.19.1_1: 100%
[7/7] Upgrading pfSense-upgrade from 1.0_31 to 1.0_68...
[7/7] Extracting pfSense-upgrade-1.0_68: 100%
You may need to manually remove /usr/local/etc/pkg.conf if it is no longer needed. -
And here the fixed repo in the webgui
-
I received an 22.05 Image and this does not install on my device and ends up in an endless loop with main error of "Thoth not found and aborting" whatever this is.
I already triggered to get hands on the 22.05.1 Image to try this one. -
@SteveITS said in SG2100 stuck on update or package install:
22 should only allow you to get to 23.01: https://docs.netgate.com/pfsense/en/latest/releases/23-05.html#upgrade-paths
Not sure how it’s offering 23.05.
22.05.1 is a special case because it already has the dynamic repo components. It should be able to upgrade to 23.05/1 directly.
The logs you have there show it pulling in the correct versions of pfSense-upgrade and pfSense-repoc. Does it still show the same errors if you attempt to upgrade to 23.05 after that?
Steve
-
@stephenw10: Hi Steve; the logs were taken after your advise to update the updater (so quite early in this thread, but as new user I was blocked from publishing here).
The upgrade error stayed the same, but basic circumfence: I need to stay in V22.x due to allowance rules.
As the 22.05 did not work at all, maybe the 22.05.1 (so basic factory version) was the only one working of the old series. I'm waiting now for Alexey or Ryan to come back to me.
When I don't connect the WAN I'd be able to lock the repo to the deprecated version (previous=23.01, latest = 23.05) and maybe then the package works as expected. Else I'm out of options.
Cheers -
@michael_samer We are working on the method to get you 22.05.1 (and anyone else that has the newer hardware in the future). We opened an internal ticket to get the firmware in the same repository we sent you 22.05 from earlier -- hopefully that is resolved in the next hour or so.
-
@rcoleman-netgate @stephenw10 https://docs.netgate.com/pfsense/en/latest/releases/22-05.html#version-22-05-1 only mentions the 8200...
-
@SteveITS I know... I don't write the docs -- I just fix the user problems...
-
@rcoleman-netgate Those are important too. :) I submitted feedback.
The .1 version number didn't click for me mentally, I was on my phone all weekend.
-
I'm digging into this now. The 22.05.1 release was a special version to support a few hardware changes It's possible it needs specific handling at the backend.
-
This is now resolved internally and we sent @michael_samer the link to 22.05.1 along with the validation (hash) data for the image.
-
Hi Ryan,
this 22.05.1 version pulls thru all the installation, so this point is fixed.
Now I've to get the package repo running as it should as this one really has an autodestruct function build into. But I'll discuss this with Steve as soon as I've set everything up without WAN connection and check if a locking to the deprecated version helps me to get the packages installed. -
Admittedly this is pretty much an edge case, but given that Plus now has 3 releases per year, this scenario of being unable to upgrade is a bit of a problem for packages. Having the update branch page offer the installed version, and later versions, in the dropdown would be a workaround so the person could pick the correct version. Otherwise there is a maybe 8 month window where even "Previous Stable" will work to install or update packages.
-
@SteveITS Hi, that's working so far as we still have V21.x Boxes running; locked at this version. Having or even maintaining e.g. 20 version repos with such a small package content (~500 as I've seen it) is no comparance to Debian or FBSD or such OSes. And it's small in size as well.
Anyway my way did not work:
there's no way to lock the version to anything without Inet access (WAN link is up, but no Internet is allowed). See the picture. Is there a commandline version to lock the repo?
If it helps I can allow INet access, but I'd expect as last time to shot itself into the foot as it autoupdates its repo list..
