Recovery from failed drive
-
One of our HA members died over the weekend. It's a XG-7100. HA worked beautifully and nobody even noticed that the primary firewall died.
I can access the console via serial and it's at a "boot:" prompt:
That's me trying whatever to get a meaningful response out of the prompt. Worst case, the whole drive is unrecoverable. I'm hopeful that the drive only ate the boot sectors. I'd like to try to get the /conf/config.xml file off the root partition if it's still readable. Is the best way to go about this by booting a pfsense install via USB and attempting recovery?
This is an old enough HA pair that it's still probably UFS which I intend to replace with ZFS. Once I have the config.xml I intend to install a new internal USB drive on one of the SATA headers since I don't trust the soldered storage any more.
-
@Troutpocket said in Recovery from failed drive:
Is the best way to go about this by booting a pfsense install via USB and attempting recovery?
Yes. It should automatically find the config if the partition is still accessible.
Did you have auto config-backup configured?
Steve
-
@stephenw10 The storage was totally dead. I couldn't even get an alternate superblock to work for recovery. Examining the raw data of the disk seemed futile.
I did have ACB configured, but couldn't find the key. Fortunately, the other HA member spilled it's config over when I got the replacement online.
-
If you need it we can probably recover the old key from the NDI which will be unchanged.
-
@stephenw10 That's good to know. This event has prompted me to review and record all the firewalls we manage and note down their keys.
TBH, the pfsense HA config is like magic when restoring. I always expect it to be more of a hassle to rebuild a firewall that has lots of interfaces, vlans, DMZs, and special rules but it always works out like magic!
