HA 2.2.6 -> 2.3.2 Upgrading Problems

  • I have been attempting a number of times now to upgrade my HA's from 2.2.6 -> 2.3 without success.  Is there ANY part of the config on 2.2.6 that could be causing an issue?

    The upgrade stalls at the mounting the root and if I build a fresh install and restore the 2.2.6 config it gets stuck in an endless cycle of crash dumps and something about unable to access a database because another process has it locked.

    I have backed up and successfully restored each individual section of the config but with 12 firewalls (4 of which are remote) I really would rather find an answer to the root of the issue the spend hours 'manually' upgrading each one.

    If there are log files on the drive that would help diag. my issue, please let me know as I'm stuck.

    Thanks for the assistance ahead of time.

  • Seeing 17 views and no ideas is not very encouraging…

    I have been adding sections of the config into the 2.3 config and nothing has really jumped out at me as being that different.

    Right now the system is caught in a loop booting up to the point of trying to load the DNS Resolver...pauses for a half a min or so, a crash dump occurs, and then a reboot happens.


  • Ok  let me try and ask a simple question.

    When upgrading from 2.2.6, is there anything unique with a carp config that would cause the update to fail?  I've updated 4 solo pfSenses boxes and ALL have upgraded without an issue.

  • LAYER 8 Netgate

    Is your HA a normal setup with all the necessary public IP addresses on WAN or are you trying to make do with private IP addresses on the interfaces with one public CARP VIP. In the latter case the problem is generally DNS resolution when CARP backup.

    If the node you are upgrading can resolve names using Diagnostics > DNS Lookup
    What kinds of packages are you running?

    The general procedure is pretty straightforward:
    Upgrade the secondary
    Enter CARP maintenance mode on primary, triggering failover.
    Run that way until you're satisfied everything's working. If not, fail back.
    Upgrade primary.
    Fail back.

    As always, have install media for the current version handy and a good config backup just in case.

  • Thanks for posting!

    On a test bed, I was never able to get the private IP on a WAN connection to work properly.

    Past upgrades were not an issue that I recall.  This is the only time it seems to be stalling on me.

    Through time and persistence, I've come up with a config I believe works simply by adding each section from the old config to the new config after each reboot.  So far so good.  I haven't tested it in production yet through.  I still don't understand what in the config was causing it to stall.

    Question:  If I install pfSense with VGA kernel and later the Serial Communications section under advanced is selected, would that cause the console to appear to freeze?  OR  am I simply not giving it enough time to work through any possibly issues it has encountered?


  • LAYER 8 Netgate

    Yes. The VGA console will appear to freeze when it switches to serial. I have seen this right after FreeBSD starts loading and sometimes right after it says it's mounting root.

    Modern ADI BIOS is hard-set at 115200 by default. If a different serial speed is set in System > Advanced the serial console will appear to freeze in the same manner. Walking through the serial speeds on the terminal software can recover in that case. For pfSense anywhere you can set a serial speed 115200 is the best choice. It will match up with serial console BIOS most of the time.

  • Actually, the install was set to VGA because I have a KVM connected to it.  I'm wondering if it's enabled, even when using an KVM setup and not just serial, will the initial upgrade appear to freeze?

  • LAYER 8 Netgate

    It's either VGA switching to serial or it's not. KVM or direct-attached monitor doesn't matter.

Log in to reply