Upgrades always fail to completely finish
-
I've been running pfSense for I'm guess a decade or more. I have installed it on just about every kind of hardware (Check Points, Nokia IPSO, i386, amd64, toasters) at around 50 locations. I don't think I've ever had a successful upgrade except perhaps very early on - v1 days. I've had several installs go from amd64 to i386 architectures - I watch this very carefully now if I do a GUI upgrade. The other issue I have almost 100% of the time is, even with minor upgrades, the installed modules never finish installing. I've waited days in some cases before finally giving up. I've tried from both the GUI and the CLI.
Just wondering if others have had these issues or it's just me. If it's just me I'd say it's a configuration setting or a particular module that is unique across all my installs and I'll have figure it out. Is there an upgrade log I should be looking at?
Thanks!
-
I have been playing with pfsense for years.. Previous it was on old hardware, and past few on vm.. I don't think I have ever had a issue with any upgrade.. Even when I was playing with snapshots these almost always went fine.. There were a few here and there that crashed and burned, but if watched the forums before doing the upgrade you would see that something wrong with that specific snap, etc..
My install base has been small, some pc hardware before going to vm.. And has always been to actual disks not cf, etc. But I would would have nothing but glowing reports of the upgrade process.. Even when going from major changes, 2 to 2.1, 2.1 to 2.2, etc..
Going from 64 to 386 is for most likely for sure crash and burn.. Not sure how that would even be possible unless you manually uploaded the firmware and bypassed checks..
I normally don't run a lot of packages.. But as of late have setup snort and freeradius, vnstat use to be the problem child for changes in pfsense and it no longer working. Have been running lavd last few versions and no issues that I have seen with upgrades.
All that being said I do love it being on a VM, since when the snaps would fail – click click and back before did the upgrade, etc. So I always take a snap before I do anything major like installing a package like snort or freerad, etc..
Do you have a common specific package or config thing you do across your instances?
-
I usually notice hangs around IPSec configs or my ntop package. In some cases I have 5-15 IPSec tunnels.
Interestingly upgrading from 2.2.4 to 2.2.5 produced no issues on my test box this time, perhaps it was due to the underlying IPSec software changing a version or so back. Typically I go several versions without upgrading due to all my upgrade nightmares.
Yay if my upgrade issues have been solved!
-
Yeah more than likely ipsec was your problem, there have been issues with that for sure in different versions of pfsense.. So yeah upgrades with those setting might have had problems..
I don't really use ipsec on pfsense so have not experience with upgrades when that was involved. I have played with now and then and it always worked, but have had anything setup perm and then went through a upgrade..
-
You might try a process like this to put the system into a KISS state before applying the upgrade. Then restore config.
-
Backup Config (w/ Packages)
-
Remove Packages
-
Reboot
-
Backup Config (w/o Packages)
-
Upgrade
-
Restore Config (w/o Packages)
-
Reboot (should be automatic)
-
Restore Config (w/ Packages)
-
Reboot (should be automatic)
-
-
I've had several installs go from amd64 to i386 architectures
Don't hard code your auto-update URL to the wrong thing and it won't. System>Firmware, Updater Settings tab, uncheck the "Use an unofficial server for firmware upgrades" box and it'll stay on what you have it on.
That foot-shooting possibility will be gone in 2.3.
The other issue I have almost 100% of the time is, even with minor upgrades, the installed modules never finish installing. I've waited days in some cases before finally giving up. I've tried from both the GUI and the CLI.
No need to wait days, watch the progress in the system logs, if it stops progressing, clear the package lock and do a reinstall. The root issue is crappy code in one of the packages you have installed. In 2.3 it launches a separate instance of PHP to prevent those types of problems from hanging the entire package reinstall.
-
You might try a process like this to put the system into a KISS state before applying the upgrade.
I've yet to see a situation where that was necessary. Way too much effort. If your packages fail to reinstall, just clear the lock and hit reinstall packages after it's booted back up.