Suricata Uninstalled on Updates?
-
@Lurick In general, if packages are left installed during an upgrade, my understanding is that it's normal for the upgrade process to uninstall and reinstall the packages, to get them current (on the right PHP version, etc.). It sounds like your issue is more that the upgrade process does not reinstall the package. Is there a later log entry for that attempt?
-
@SteveITS That is correct, it does the uninstall but never the reinstall, I have to manually do that.
No later log entry until I went in to manually install via the GUI. -
@Lurick Do other pfSense packages reinstall OK?
-
@SteveITS Yes, all the rest I have installed come back just fine which is what I find most odd
-
@Lurick said in Suricata Uninstalled on Updates?:
@SteveITS Yes, all the rest I have installed come back just fine which is what I find most odd
@bmeeks may have some insight. We don't normally run dev versions.
Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
Upvote ๐ helpful posts! -
@SteveITS said in Suricata Uninstalled on Updates?:
@bmeeks may have some insight. We don't normally run dev versions.
I have no clue. The Suricata package itself is not in charge of the automated removal nor the reinstall. It's up to pfSense to make the calls to the
pkgutility to accomplish these tasks. I don't know what process is being used within pfSense to do this. -
-
Everything related to package removals and installs is logged in the pfSense system log so far as I am aware.
-
@bmeeks Werid, yah basically what I posted earlier is all I see in the logs =/
-
@bmeeks Is it possibly due to the fact that 7.0.0 Suricata isn't released and is still in preview or whatever it's called?
I know 6.0 was the latest available for 23.05 before I upgraded so just wondering. -
@Lurick said in Suricata Uninstalled on Updates?:
@bmeeks Is it possibly due to the fact that 7.0.0 Suricata isn't released and is still in preview or whatever it's called?
I know 6.0 was the latest available for 23.05 before I upgraded so just wondering.No, there would be no relation to Suricata 7.0.0 being available in the snapshots branch.
-
@bmeeks Dang, I was hoping that might have something to do with it, kind of at a loss then. Still happening even with the beta branch now.
-
@Lurick said in Suricata Uninstalled on Updates?:
@bmeeks Dang, I was hoping that might have something to do with it, kind of at a loss then. Still happening even with the beta branch now.
I will test this today in my RELEASE virtual environment. I do not currently have a functioning DEVEL snapshots virtual environment, so I can't test there.
But if this were a widespread problem, I would expect to be seeing a ton of posts here about it.
-
@Lurick said in Suricata Uninstalled on Updates?:
@bmeeks Dang, I was hoping that might have something to do with it, kind of at a loss then. Still happening even with the beta branch now.
I just tested this on a 2.7.0 CE virtual machine and was unable to reproduce your stated issue. I installed, removed, and then reinstalled the Suricata 6.0.13 package and did not lose any of the previous configuration data.
Are you sure your GLOBAL SETTINGS tab has this option checked as shown below?
I do not currently have a functional DEVEL snapshot testing environment, so I can't test the 23.09 beta snapshots.
-
@bmeeks Yah, keep settings is there so I can reinstall Suricata after updating between builds and it restores all the settings no issue there at least.
-
@Lurick said in Suricata Uninstalled on Updates?:
@bmeeks Yah, keep settings is there so I can reinstall Suricata after updating between builds and it restores all the settings no issue there at least.
Okay, maybe I'm confused or misunderstood your initial post. I thought you meant anytime you removed and reinstalled the package it lost the configuration. Your statement I quoted above contradicts that.So do you mean that only when doing an update to pfSense itself you lose the configuration? If so, describe exactly what you mean by "losing the configuration". Do all the Suricata interfaces disappear? Or do you really mean Suricata is not appearing under the SERVICES menu? If the latter, that simply means the reinstall is either not happening, is not finished, or started and bailed out. I would expect something to be logged in the pfSense system log in any of those events.Never mind -- went back and read the whole thread again and realized I confused this one with something else. I have no idea why pfSense is removing the package and then failing to reinstall.
The only possibility is it needs more time. How long have you waited to see if it would do anything on its own?
-
@bmeeks Good point, I've only waited a couple minutes after the GUI came back.
I'll give it about 10 minutes next time and see if anything happens :) -
Waited 30 minutes after upgrade today and still no install :(
-
@Lurick I don't know if this is helpful but if WAN wasn't connected, or IPv6, or DNS, or something, the package (re)install might try and fail. Though, I'd think that would affect all packages.
Usually I follow the upgrade guide and uninstall at least "big" packages like Suricata and pfBlocker, though I leave things like OpenVPN export or System Patches for the system to reinstall.
Have you upgraded to the 23.09 beta that was released this weekend?
-
@Lurick said in Suricata Uninstalled on Updates?:
Waited 30 minutes after upgrade today and still no install :(
Hmmm... I don't know. As I said, I do not currently have a Plus snapshot testing environment and thus cannot check that out.
I would assume there are some other Suricata users running the devel snapshots, though. If it is a generic pfSense Plus issue I would expect additional complaints from other users to be showing up.
I do now recall why pfSense automatically removes and reinstalls the packages. It was in response to an old issue where with certain operating system updates you needed to install the packages that were compiled under the new OS kernel version. It's a long story, but there were scenarios where the package itself needed no updates, so its version remained the same. But the OS did get an update and some of the shared libraries used by a package may have changed. In that instance, the package would need recompiling with the new shared library. A forced-remove and reinstall of packages was then needed in those cases to pull in the package compiled with the new OS kernel and shared libraries, otherwise the existing package installation would fail to start properly with the new shared library after the OS update.
This forced remove and reinstall is technically only really needed if the underlying OS version in pfSense is updated (that is, a new kernel version is included). Some pfSense update that only provides fixes in PHP code, for example, would not need the forced remove and reinstall. But maybe for simplicity the team decided to do the package forced update for all pfSense updates ???
