Update to 21.05 failed w/pfBLockerNG-devel installed
-
I had to manually removed the package via the shell after the image upgrade on my SG-3100 as it was crashing the kernel on boot.
Removing the package allowed normal startup.
I've reported the kernel crash issue in the pfBLockerNG-devel section already running 21.02.2.
SG-3100 24.03-RELEASE (ARM) | Avahi (2.2_5) | ntopng (5.6.0) | openvpn-client-export (1.9.3) | pfBlockerNG-devel (3.2.0_20) | System_Patches (2.2.11_15)
-
I updated both of my SG-3100 devices yesterday from 2.4.5-p1 to 21.05.
The first obstacle was, that in "update settings" only a "latest stable 21.02" is displayed, but when choosing this, the 21.05 is displayed after some seconds, so do not hesitate and choose 21.02 when updating
.The first is just a "standby" device, ready configured, to be prepared for an outage of the "productive" device (may be a little bit oversized, but when you are doing home-office you will not miss the internet access).
At the standby device the update runs without any issue, the process as monitored all the time via serial console. After about 30 minutes all was done.
Next the update for the productive device was started, but connecting to the serial console takes some 2 or 3 minutes.
When the serial connection was established the device was in a loop
, a package failed (something with pfsense total traffic).
I did not hesitate and after a minute (or two) I rebooted the device, ctrl+c was possible, but the pfsense menu did some strange things, but I as able to run the shell and did a reboot command at command line.
After that, this SG-3100 was rebooting and continues with the update process.
Then I noticed that at this device some fewer packages are required (standby 231, prod. 198).
During update at both devices some messages "could not find..." or "remove manually..." appeared, but update process continues.
And to be honest: I did not check the Putty log afterwards for exact messages
.But anyhow, after rebooting the update runs for about 20 more minutes and SG-3100 was updated. After update was finished I did a second reboot to ensure device is running without issues.
I did not remove any package before updating and noticed that the packages (i.e. pfBlockerNG, snort, nut, apcusv, ...) are automatically reinstalled during the update process
.After the productive device was up and running with 21.05 (was checked briefly), I did a backup and restored this configuration to the standby device.
Sorry for long post, but may be someone will find it useful when updating his SG-3100.
Regards
-
@lohphat You need to install the System Patch package https://docs.netgate.com/pfsense/en/latest/development/system-patches.html
and apply patch from https://redmine.pfsense.org/issues/11466#note-32 for fix this issue -
@viktor_g Duplicating my response from the other section, this patch works for me.
Knowing there have been problems with PHP and pfBLockerNG-devel I should have disabled the package before the 21.02.2 upgrade to 21.05 but I felt I could recover if it didn't go well.
It didn't go well. :-))
So I had to remove pfBLockerNG-devel via the command line to allow boot to proceed.
Then I applied the patch, rebooted, re-installed PFB with the config intact and it is all working properly.
I didn't set the patch to auto-apply as I figure this may be fixed in a later image release.
-
Just checked, the packages which are automatically reinstalled are the same revision as at 2.4.5-p1, so pfBlockerNG is still in version 2.1.4_25.
The package was already installed, but not configured yet.
Also the other packages (nut, apcups, mailreport, and some others) do not appear in the "Available packages" list, but they seem to be running in 21.05 too.
All packages are listed as latest version in "installed packages" section.Regards
-
@fsc830 Packages can't fully reinstall if the boot after the main image upgrade fails.
This was my problem after the 21.02 to 21.02.2 upgrade.
The firmware update applied BUT then the firewall core dumped and it never got to the point that packed would auto update. I had to disable PFB and reboot for the packages to update.
The root cause of all this instability is the PHP bug apparently and the patch provided is not a long-term solution but a temp workaround.
