24.03-BETA to 24.03-RC update hiccup

pfsjap

Updating Netgate 6100 via GUI went smooth (console not connected), but when it booted up, unbound would not restart:

Switched from DNS Resolver to Forwarder, which worked ok. Then rebooted 6100 and when booted up, it greeted me with verification prompt (Verify, Reboot), which I did. Switched back to Resolver, which now worked ok.

stephenw10

Hmm. I assume you had enabled 'Manual Boot Verification'?

pfsjap

@stephenw10 No, it had the default value (disabled).

stephenw10

Hmm, yet the webgui displayed the manual option with the countdown timer?

pfsjap

@stephenw10 I don't remember there being any indication of countdown being in progress, just two buttons Verify and Reboot.

Does automatic verification need DNS and network connection? DNS was a bit shaky during update.

stephenw10

Nope. Not unless something else in the boot process requires that and prevents it ever completing boot.

pfsjap

Happened again updating from previous RC to latest.

When 6100 rebooted after update, unbound would not start:

Apr 17 09:30:36	php-cgi	808	rc.bootup: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1713335436] unbound[97504:0] error: Error for server-cert-file: /var/unbound/unbound_server.pem [1713335436] unbound[97504:0] error: Error in SSL_CTX use_certificate_chain_file crypto error:80000002:system library::No such file or directory [1713335436] unbound[97504:0] error: and additionally crypto error:10080002:BIO routines::system lib [1713335436] unbound[97504:0] error: and additionally crypto error:0A080002:SSL routines::system lib [1713335436] unbound[97504:0] fatal error: could not set up remote-control'

After second (manual) reboot dashboard shows (Manual Boot Verification was not set):

Gertjan

@pfsjap

While decoding the log messages, I see "can't write a file"
Just to be sure :
Check avaible disk space, as 'no space left' might explain the write errors.
It also never hurts to do this : How to Run a pfSense Software File System Check.

pfsjap

@Gertjan said in 24.03-BETA to 24.03-RC update hiccup:

"can't write a file"

Do you by this refer to log entry in the first post containing "SSL_write() failed"? I don't think it is related to disk activity, but rather to HTTP/2 communication between client and pfSense.

There is plenty of disk space on this device:

As for running fsck in single user mode, I may be wrong, but these instructions may not be valid anymore, maybe because of changes in boot environments. I tried to run fsck in single user mode on my Netgate 1100 with initial RC installed. Couldn't do it, I didn't take note of the message, but think it was something like "PFSENSE default not found".

Gertjan

@pfsjap

Ok, your observations make sense.
"SSL_write() failed" could be a error to "write to pipe", to a connected user visiting the GUI.

105 G Free, look like a 4100, the one I have.

You don't use the pfSense Watchdog package, right ?

stephenw10

@pfsjap said in 24.03-BETA to 24.03-RC update hiccup:

After second (manual) reboot dashboard shows (Manual Boot Verification was not set):

If you see that with the -1 countdown value it's because you've managed to login to the gui before the bootup completed It this case it could be because something is holding up the boot perhaps.

Burt normally the bootup should complete and the automatic verification takes place. Reloading the dashboard would clear it.

pfsjap

@stephenw10 Ok, maybe I was just too quick when logging in. But that dashboard notification is not the issue here, it's that the unbound will not start. Or would that be resolved automatically too, some time later?