To schedule a reboot
-
@kpa:
Since pfSense is based on FreeBSD there is the at(1) command that is designed just for one time execution of a specific task at a specific time.
I haven't tried on 2.3 but on 2.2 the at command did not work because we didn't include all of its requisite pieces.
-
Sometimes you just should give the customers what they are asking for and print a disclaimer on the product…
-
Does direct XML editing not work anymore? I've used it for years without any cron package installed.
<minute>1</minute> <hour>1</hour> <mday>*</mday> <month>*</month> <wday>*</wday> <who>root</who> <command></command>/usr/bin/nice -n20 /etc/rc.dyndns.update -
"Sometimes you just should give the customers what they are asking for and print a disclaimer on the product…"
Sometimes ok when the customers are paying ;) If they want this feature put up a bounty! What I just can not understand is why is somebody still running 2.0.3?? And they are trying to debug something?? How about just move to current and its quite possible whatever your trying to debug has already been fixed or is no longer a problem, etc.
Quite often the "customer" in these cases are just not understanding the product, and asking for shit that has no use case for the 99% of the other customers that do.
I'm also with jimp on the scheduled reboot - that in general is a horrific idea that should be avoided at all cost.. Why would you want to reboot your firewall?? I can see it as necessary evil on some updates, like moving to current freaking version ;) Patches at the kernel level, etc. But in general the only time your firewall or really any system used in production should have to reboot is on some form of update to the system at a very low level. Security patch, os update, etc.
-
Yeah - I don't reboot mine either except in the cases that you mentioned. Still, alot of people do ask for it and alot of people get it, but not the easy way.
-
A lot of people ask for it, but very nearly zero actually need it. It's a solution without a real problem. It would confuse people who think they need it when they don't.
If someone really needs it, it's a few clicks to add a cron job on a current version with the cron package. End of story.
If they're on an old version they could hand edit config.xml but they should also not be on an older version.
-
I would love to hear an actual use case that made sense for a scheduled reboot.. I can understand a scheduled standing maintenance window where you were allowed to take the system offline for a bit. This is when you would do your upgrade that requires reboot, hardware upgrade/maint, new/change wiring, etc.
I am curious to what sort of debugging needs a scheduled reboot as well??
-
Sometimes you just should give the customers what they are asking for and print a disclaimer on the product…
The customer is not always right. That's called selling out. I've never had issue calling out bad ideas in my line of work. Most people appreciate my frankness. Of course if someone twists my arm, I'll give, but only have explicit warning that I take no responsibility for any issues that arise and if someone calls complaining their world is on fire Friday at 4pm, they're waiting until Monday morning. A few times I had to work weekends. But if I'm working 2 hours on Saturday, I'm taking all of Monday off and that will not count against my vacation time.
A professional has a duty to make sure they don't enable customers to harm themselves.
-
OK - So situation where the the evil scheduled reboot would have been useful. I have a pfsense running in Florida.
It is the router for a friend but its also backup personal use VPN for me. Went to use it because of a rare major outage caused by a storm recently took my main pfsense offline for 2 days.
There was no one at the place in Florida to reset or reboot the machine but it was not able to be contacted by me from here.
When someone was able to get to my machine, 2 days later (2 days too late), the internet was fine and it was routing fine.
Apparently no problems right? What happened is the WAN IP changed and DNS was not dynamically updated as it should have been.
A simple reboot fixed it.
Now, it would be no inconvenience at all for anyone for this machine to reboot nightly at 4am.
I know the real problem here was with the DNS not updating and if I geeked around enough I might be able to figure out some hack to make it more reliable.However - A reboot is so much more simple in this case.
Its not best practice most of the time, but sure would have saved me some headaches this time.
Also, I didn't invent the concept of having GUI options for scheduled reboots. It was on other routers.Had the same issue with DD-WRT in the past and having it reboot kept it from being offline and uncontactable for days on end also.
It was a mild aggravation at times for the few seconds it would go down and come back up but at least it wasn't gone for days on end. -
I just found a reason why I have to schedule reboot the firewall.
We having a problem today as pfSense corrupted, after reinstall and restore from backup config, people from outside access (for example VPN) seems very slow. But I can't simply restart it in day time, I need a reboot at 12am, and I want go to bed early :'(
-
A reboot only masks the issue, It would be better to solve it
-
I've done it, several times. I've set up a crontab from an ssh shell:
30 06 * * * /sbin/shutdown -r now
to reboot the firewall at 6:30 each morning. It seems to stick just fine until it's physically removed, and I've used it on several v2 versions, though I can't say specifically that I've done it on 2.0.x -
I have to have pfSense reboot every 15 days to return performance back to normal. From what I have deduced this unsolved issue is the cause:
https://redmine.pfsense.org/issues/4821
This is a great use of Cron job for rebooting.
-
Use case for reboot:
When making higher risk changes (usually on Cisco), one schedules a reboot for 15 minutes time. If you screw your changes and loose access, the reboot returns it to known good state. If they're successful, cancel the reboot.
pfSense (over many versions) gets a bit wobbly after assigning or de-assigning interfaces, especially WAN or interface carrying default gateway. I don't know why, I don't have enough foo to figure it out. A reboot always clears it. pfSense can also be a bit naughty adding or deleting routes. If a route to the same place may have come from two different sources, it doesn't track which source, so deletes the route anyway, even if the route belonged to the other source (eg vpn vs static route)
Tonight I added a new interface for an open vpn endpoint to a remote instance, to use as a gateway, and after apply, boom, vpn went down and didn't come back. Scheduled reboot would have been useful, not that I remembered to set one anyway.
ps pfSense is awesome, use it on all my sites.
-
@johnpoz -- how about a memory leak in 23.01 on my SG-1100. Is that a good enough reason to schedule a nightly reboot until they release a fix?
Roy...
-
@rpsmith said in To schedule a reboot:
how about a memory leak in 23.01 on my SG-1100.
And what redmine is that exactly?
-
@johnpoz -- Memory leak might not be the correct terminology.
https://forum.netgate.com/topic/178023/1100-upgrade-22-05-23-01-high-mem-usage/13?_=1676880006434&loggedin=true
Roy...
-
@rpsmith said in To schedule a reboot:
https://forum.netgate.com/topic/178023/1100-upgrade-22-05-23-01-high-mem-usage/13?_=1676880006434&loggedin=true
I have no idea what is going on with that thread to be honest.. I have only been on 23.01 for a day.. But I looked at mine and do see a bump in memory at 3am ish
A quick look at cron jobs do show a few things that kick off at 3am it seems.. But like I said only been running 23.01 for a day, so this is the first 24 hour period.. I will look to see what happens at 3am coming up.
But from what I am seeing I sure wouldn't schedule any sort of reboot schedule - that is insane.. And what does it solve - sure doesn't tell you what is causing it, etc.
-
@johnpoz I posted in https://forum.netgate.com/topic/177886/23-1-using-more-ram/41. Based on my second day it should not increase tonight.
-
@steveits yeah thanks - I saw tiny little change this morning
Just something to keep an eye for a few days.. Still not seeing anything that would justify any sort of reboot schedule that is for sure.
