Embedded upgrades



  • Hi, I´m a newbie, so don´t kill me immediately…

    I have seen lots of threads about issues when upgrading embedded to CF - but I also believe that there are people out there who have a working procedure... Hopefully?
    I´m using an ALIX in a tiny box, and re-flashing the CF is a menace (having to dis-assemble the box to remoe the CF every time)... I understand that upgrading through web is unreliable, but what about the console?
    Since I started out yesterday I´ve been fiddling around a bit with the box, and I tried a console upgrade once which failed completely with errors saying "full disk" or something. But I am using a 4 GB CF, however only using the std 128 MB...
    Could there be a simple path where one installs the image on a CF where the entire capacity is formatted and one can use the free space for images and other data... But still using the embedded image?
    Or, is it better to install the full image (if possible on Alix without VGA) and then, post-install change filesystem to "embedded mode"?
    Probably this is common knowledge for the experienced embedded users - but for a newbie it is difficult...

    BR

    /Uffe



  • I don't have any information to offer but I would like to second this request.  I run the ALIX platform and having working embedded upgrades would be VERY appreciated.



  • You could download one of the Hacom images from here: http://www.hacom.net//catalog/pub/pfsense/
    I think you want the ad0 one, but I haven't used them. I believe these are based on full and they instruct you to switch the platform, reboot, and then upgrade. You could install the full version and switch the platform yourself- this seems to be hit and miss and doesn't work with all cf cards/ card readers. There are some threads with notes on how to do this if you search about. You could also use the instructions and script here http://devwiki.pfsense.org/FlashHowtoScript to re-size your own image. The instructions are straightforward, but it does require you to have a FreeBSD machine. I have tested this with a 1.2.1 image on PC-BSD  7, and it seems to work fine, though the 1 GB image I made turned out to be larger than most of the 1 GB cards I tried.



  • So, is there not a good way to upgrade an Alix system with CF card other than swapping CF cards with pfsense installed via physdiskwrite and importing config again?

    Jim



  • Sorry, I just read the sticky about upgrades on embedded.



  • I'm pretty confused, and new to pfSense, although I really like it, and have it rocking my two internet connections on an ALIX box.  That said, its running 1.2 now, and I want to at least attempt an upgrade to 1.2.2, but I can't seem to find an embedded download link.  Yes, I read the sticky and the upgrade guide.  I found this: http://files.pfsense.org/embeddedupdate/ but based on the date, I think this is an update to 1.2 only.  And all the other downloads I found are the 'full' version, so I'm guessing that won't work?



  • @zcline:

    I'm pretty confused, and new to pfSense, although I really like it, and have it rocking my two internet connections on an ALIX box.  That said, its running 1.2 now, and I want to at least attempt an upgrade to 1.2.2, but I can't seem to find an embedded download link.  Yes, I read the sticky and the upgrade guide.  I found this: http://files.pfsense.org/embeddedupdate/ but based on the date, I think this is an update to 1.2 only.  And all the other downloads I found are the 'full' version, so I'm guessing that won't work?

    Oops, nevermind, I'm retarted.  I posted that when I was still confused about the upgrade/reflash install method.  I'd still be happy to test embedded updates though, I've got a null modem cable and CF writer, so I could easily reflash if necessary.



  • Is it possible for the people of PfSense to make the images ready for larger cf-cards so we don't have the upgrade problem on embedded systems anymore. I suggest you make an embedded image available that is used for a cf-card of at least 512 Mb. Then there is enough space left to use the upgrade function. Or maybe someone with freebsd experience could create the resized image and make it available. Thank you very much.



  • I have a 1GB version of 1.2.2 created with the mkflash_new script. I changed the config part size from 4 to 5 MB to reflect the change in the standard partition sizes since the script was written and adjusted the size down from 978 MB to 950 MB so it would fit on all the various 1 GB flash cards I had lying around. It's only 28 MB compressed, but I don't really have a good place to post it. Eventually, I want to modify the image with some Alix specific tweaks: default interfaces vr0 and vr1, add the glxsb module and a FreeBSD 7 compile of the Alix led/reset button code posted on the m0n0wall forum (http://forum.m0n0.ch/index.php/topic,2210.msg7085.html#msg7085). I've been playing with some simple script hacking so the middle LED lights when the system is fully booted and turns off when shut down.



  • @dotdash:

    I have a 1GB version of 1.2.2 created with the mkflash_new script. I changed the config part size from 4 to 5 MB to reflect the change in the standard partition sizes since the script was written and adjusted the size down from 978 MB to 950 MB so it would fit on all the various 1 GB flash cards I had lying around. It's only 28 MB compressed, but I don't really have a good place to post it. Eventually, I want to modify the image with some Alix specific tweaks: default interfaces vr0 and vr1, add the glxsb module and a FreeBSD 7 compile of the Alix led/reset button code posted on the m0n0wall forum (http://forum.m0n0.ch/index.php/topic,2210.msg7085.html#msg7085). I've been playing with some simple script hacking so the middle LED lights when the system is fully booted and turns off when shut down.

    I too have an ALIX based firewall and would be interested in your work.  In addition to the LEDs, I'd be curious on how to patch the kernel with some USB patches so I can get my LCD screen working, but as I said, I'm a complete noob when it comes to building FreeBSD, but I've got some time, so may as well learn.



  • Wouldn't a good solution for this be to use 2 different firmware partition/slices?
    That is:

    1 Partition for Config
    2 Partitions for Firmware (Primary & Backup)

    So when installing an update the firmware updater checks which of the two pfSense is currently running from.
    If running from, lets say ad0a it upgrades the firmware on ad0b and changes the bootloader to load from ad0b instead (thus ad0b now is the "primary" partition).
    At the next reboot it boots from that partition and if the user upgrades the firmware again it updates ad0a as that is now the "backup" partition.

    This should be easily accomplished by just extracting the firmware update to the correct partition, changing the bootloader to load from the correct partition and fix any occurences of the partition in the config files for the update (should be quite easy to fix).

    OR:

    1 partition for config
    1 partition for a special firmware update installation (bare installation with just firmware updating utilities)
    1 partition for firmware

    when updating firmware it downloads the firmware to the "Update" partition, reboots into the "Update" partition and updates the firmware on the Firmware partition. Then reboots back to the firmware-partition with new firmware…

    both should be viable options for a functioning safe Embedded upgrade method



  • The dual partition upgrade is how it appears to work on our Bluesocket wireless Controllers.  From the gui and command line you can change between the two boot loaders if a new upgrade fails you can revert back to your previous install.  This would be great for a pfsense box.

    Jim



  • +1

    I totally agree. From my non developeer point of view, it seems to be the best way to have secure upgrade on embedded.

    And if a flash goes wrong, simply plug your console cable and choose the other boot option!

    If we want to save our RRD graphs, we must have them on the config partition too.

    Devs, is there a problem with this solution? (except time :) )


Locked