25.07 upgrade on Netgate 4100 gets rolled back

JeGr

Hi,

after stumbling into disk space issues on a few devices of our customer (too many BEs from past updates) and removing them, many boxes updated to 25.07 just fine but one.

The one in question does the upgrade, reboots, takes around 15min and then reports back with 24.11 reloaded again and a message of the failed 25.07 boot environment:

Boot verification failed for default. Netgate pfSense Plus was automatically rebooted back into default_20250814033051.

So somehow the boot verification failed. But as the device booted back to the 24.11 boot env, I don't get to see anything in the logs.

Is there a quick way to check/mount the 2507 boot env and have a look inside at the log files as to guess WHAT exactly did go wrong and how to fix? As the box is a remote one, we don't have anyone on site currently so console or remote IPMI are a no go. That's why I'd liked to have a way to check inside the other boot env for logs about why that env didn't finish boot.

Cheers
Jens

EDIT: BTW we already did it 2 more time with the exact same result. So it's not a one-trick pony but something that seems to go wrong on especially that box while booting up or finishing boot that stops it from making the new 2507 BE the new default and forces a fail back. I'm happy about the fail back though - so that's a definite plus ;)

stephenw10

Unless you have RAM disks enabled I expect to see the logs still present after rebooting into the old BE. /var is a shared mount point. Do you not see that?

You wouldn't see the upgrade log but that is only written out to /conf after the upgrade script completes.

JeGr

@stephenw10 said in 25.07 upgrade on Netgate 4100 gets rolled back:

/var is a shared mount point. Do you not see that?

You wouldn't see the upgrade log but that is only written out to /conf after the upgrade script completes.

No, I only had logs of the old system coming back up. Will have hands on there in about 15h and hopefully see more then.

But the system log I got had nothing of the other snapshot booting up or throwing errors. That's why I was curious if there are any commands or something I can use to get into the other BE to check on that.

NOCling

I run into it with my 2100 on a normal reboot with 24.11.
With pfBlockerNG and RAM Disk, the default Time for Boot verification is too short.

I increased it massively, 1800 for my 6100 and 3000 for my 2100.

stephenw10

You can mount the BE by simply running: bectl mount <be_name>. It will show you a mount point in /tmp.

Just be sure to bectl unmount it.