Restore corrupts system
-
I have no idea what else might be scrambled. Basically it shakes my confidence in the restore system.
-
Are you restoring on the same hardware?
-
No, I mentioned that. So I stopped restoring IP/interface stuff and only restored <cert>s and <ca>s by editing everything else out of the xml file. Didn't expect cert changes to cause a reboot much less scrambling of interfaces.
-
Sorry, I read a lot of questions and sometimes I forget some details as I'm bouncing between user's problems. And I doubt it was cert changes causing the issue. Probably a NIC mismatch issue.
-
My <cert> restore had no interface or ip information whatsoever in the xml file supplied.
-
Why would it? Certificates don't care about IP addresses or interfaces.
-
That's my point. We're full circle now.
I restored from an xml file that had only <cert>s and <ca>s. The system rebooted itself and came up with no interface assignments. I don't know what else the restore may have broken so I reverted.
-
OK, I must be WAY too high or too tired to have missed all that detail. Sorry for wasting your time.
I would have tried the initial restore more than once just to rule out a glitch. Usually with mismatched NICs after a restore ther eis a timeout but then you can reassign everything. It shouldn't just hang forever. Also, doing a full restore with a hand-edited config that's missing virtually everything required is, um, unsupported
You could have also figured out the driver type for your NIC and the just did a find & replace in your config. So, for example, if you have a Broadcom NIC before and now you're using Realtek, you could change your config and replace instances bge0 with re0, bge1 with re1 etc.
-
So I guess the long and short of it is that I can select subsets of stuff to restore using the webui, but can't safely remove sections from the xml file.
-
It's generally best not to hand-edit the config very much as it's really easy to make a mistake, and following unsupported methods can lead to unpredictable results.
-
I know, our software uses xml for backup and restore too. I'd probably say the same to our customers. I'm just a little surprised pfsense can't handle a well formed but partial xml for restore. Anyhow, thanks for the insights.
