Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Recover config file from ISO during (re)install?

    Problems Installing or Upgrading pfSense Software
    4
    39
    3.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rgijsen
      last edited by

      Hi, we ran into the same issue as others upgrading to 2.7.2. The EFI partition was too small. So in our test-environment I started reinstalling pfSense. This test environment has all virtualised (Hyper-V) pfSense instances. I wanted to start with a fresh harddisk file. So I figured I'd connect the existing one as second disk, create a new disk as first disk, and run the ISO, and use config recovery to fetch the config from the old disk. Seemed to work, the installer actually sees the second disk and I think it recovers the config from that. However, after installing and finally removing the second disk, config is gone again, so somethings not right. So then I just reinstalled from scratch.

      Two suggestions / ideas:

      • Would it be possible to allow recovery of the config file from an ISO? We can't mount USB to VM's on most bare-metal hypervisors. ISO of course can be mounted. I tried, but it didn't work.
      • Could the installation be more verbose about whether it actually found a config file to recover? It now just returns to the main installer screen, giving no (obvious) feedback.

      The question about ISO recovery is, that, at least in our situation, it's easier and much, much faster to create an ISO file with the last config on, than to just install pfSense, let it boot and configure IP's and VLAN's before we can restore config. Especially the first boots takes long (minutes) before we can actually log into it to recover config. Now, on a physical system with USB it is super fast to have the config on an USB stick and reinstall everything and be up and running in about a single minute. Now nothing is deal-breaking here, but it could be just a bit more convenient.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        After running the config recovery you can drop to the rescue shell and check what was recovered in /tmp/recovered_config. From there you can SCP it to something local if needed.

        Steve

        R 1 Reply Last reply Reply Quote 0
        • R
          rgijsen @stephenw10
          last edited by

          @stephenw10 ok, I'll try that just to having done that once, but that's harly user-friendly at all, is it? There could be a popup saying 'config from 12-12-2023 restored from sda1' or something, or just line of text on screen.
          About actually restoring the config, I found it won't work from an ISO (again, using a VM without USB support). Would it work using a FAT32 vhdx / harddisk file with a config file on there?

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Yes the external config locator will look on any fat32 formatted attached disk.

            I opened a feature request for config recovery: https://redmine.pfsense.org/issues/15090
            Add comments there if you want.

            Steve

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              There was a recent PR to read a recovery config off ISO, it should be possible in Plus 24.03 / CE 2.8.0:

              https://redmine.pfsense.org/issues/14728

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Oh I see. Yeah that would be helpful for VMs. Fun!

                R 1 Reply Last reply Reply Quote 0
                • R
                  rgijsen @stephenw10
                  last edited by

                  @stephenw10 I want to add to this; I just tried with a FAT32 formatted harddisk file (VHDX) connected to a new VM, but the pfSense installer found nothing. When I manually mount the disk from the recovery shell, and copy the config.xml to /tmp/recovered_config it works. It seems the harddisk isn't mounted automatically.
                  Anyway, until recovery from ISO works, this would still be faster for us than first install CE, configure VLAN and networking and then recover config using ssh /scp or webgui. Let's hope 2.8 will indeed include this! When disaster hit, being able to quicly recover spares some sweat for other things.

                  Thanks all!

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by stephenw10

                    How did that additional disk appear in pfSense? Like adaX?

                    I expect it to check anything that appears under sysctl kern.disks:
                    https://github.com/pfsense/pfsense/blob/master/src/etc/rc.ecl#L57

                    R 1 Reply Last reply Reply Quote 0
                    • R
                      rgijsen @stephenw10
                      last edited by

                      @stephenw10 It appears as da1. (da0 being the disk I'd want to install to). It seems to have two partitions, da1p1 and da1p2, even though I just made a single FAT32 partition on it. Obviously when I run dmesg, the 4GB disk I created with the config file on shows up, but I'm too limited in terms of regular linux commands that are missing is this minimal recovery shell, so I can't see too much. If you need any specific output, just tell me.

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        You should see the list of devices it checks during boot as the external config locator runs. That should be the same list it tries to recover from at install.

                        Be careful because if/when this does work it will pull in that config at every boot until you detach the disk!

                        Otherwise I would try to mount the drive from the recovery prompt and check it:

                        mount_msdosfs /dev/da1p1 /mnt
                        ls -ls /mnt
                        
                        R 1 Reply Last reply Reply Quote 0
                        • R
                          rgijsen @stephenw10
                          last edited by

                          @stephenw10 Yeah that's what I already did manually. However, even after mounting I manually have to copy the config file to /tmp/recovered_config/config.xml for it to work, and then everything works fine. But if after mounting, I exit to the install-menu, and choose recovery config, it still doesn't find it. Doesn't matter if it's in / or /conf of that disk.

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            So what does ls -ls /mnt actually show?

                            What does the ECL show it's checking at first boot if the drive is still attached?

                            R 1 Reply Last reply Reply Quote 0
                            • R
                              rgijsen @stephenw10
                              last edited by

                              If I don't manually mount anything, ie. after a reboot with an empty disk attached as SCSI:0:0, a 4GB disk attached to SCSI:0:1 formatted as FAT32 with the config in it, and a DVD drive with the ISO, /mnt is completely empty. Output of ls -ls /mnt: total 0

                              Not sure what you mean by your other question?

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                I meant how does that appear after you mount it? And which partition did you mount?

                                During a normal boot the External Config Locator attempts to pull in a config from an attached drive and it shows the drives it's looking at:

                                External config loader 1.0 is now starting... da0s1 da0s2 da0s2a da0s3 nda0p1 nda0p2 nda0p4
                                

                                Does it show the attached drive in your VM?

                                R 1 Reply Last reply Reply Quote 0
                                • R
                                  rgijsen @stephenw10
                                  last edited by rgijsen

                                  I can't properly copy / paste as booting from ISO doesn't give me network, and I don't have serial on Hyper-V. So I'll try like this:

                                  a42ac1ec-9417-4ac8-b406-d2ced6c1cd3a-image.png

                                  During boot I don't see the ECL logging anything at all, even with verbose enabled. Or it's too quick for me to see. What log file would that be in? I attached /var/log/messages, but after recognizing the disks, I don't see it referenced again. Note that I actually ran the config-recovery option before taking the log file. My apologies if I'm misunderstanding.

                                  messages.txt

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Ok great. And in the conf directory you have config.xml?

                                    The ECL runs during a normal boot of the installed pfSense not booting the installer. But it looks in the same places as the config recovery that runs in the installer so if it appears there I'd expect it to also recover from there.

                                    R 1 Reply Last reply Reply Quote 0
                                    • R
                                      rgijsen @stephenw10
                                      last edited by

                                      @stephenw10 said in Recover config file from ISO during (re)install?:

                                      Ok great. And in the conf directory you have config.xml?

                                      The ECL runs during a normal boot of the installed pfSense not booting the installer. But it looks in the same places as the config recovery that runs in the installer so if it appears there I'd expect it to also recover from there.

                                      yes, config.xml is in /conf.

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        Ok alternative approach!

                                        Drop to the rescue shell from the installer then run the config recovery manually from there like:
                                        /root/recover_configxml.sh

                                        That will then show exactly what it's doing and you'll be able to see it.

                                        R 1 Reply Last reply Reply Quote 0
                                        • R
                                          rgijsen @stephenw10
                                          last edited by

                                          That simply shows:

                                          No suitable disk partitions found

                                          whether I mounted the partition or not.

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            Hmm, Ok I guess that only looks for existing installs. Let me see....

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.