Restore corrupts system
-
I'm using a fresh install of pfsense 2.4.4-RELEASE-p3 (amd64).
I configured enough to get to the webui and restore my backup from a 2.3.2-RELEASE-p1 machine. After doing so the new install rebooted itself and wouldn't come up all the way. It got stuck somewhere around initializing network interfaces. Different hardware, so ok, try again.
So I wipe and start over with a fresh install again and hand create a lot of the configuration. I restore from the full backup again, but only selecting the Aliases. That works so I extract just the <cert></cert> and <ca></ca> sections from the old system backup and restore that using the restore "All" sections option. The machine reboots itself again. It boots all the way to the menu but my interface assignments and IP settings are all lost. Restoring an old config and rebooting brings it back. Now I'm scared that I'll not be able to use restore in the event of a failure.Anyone else had trouble with restore causing odd side effects?
-
Rarely. So what's the big deal about your interface assignments? Just redo them for the minute it will take.
-
I have no idea what else might be scrambled. Basically it shakes my confidence in the restore system.
-
Are you restoring on the same hardware?
-
No, I mentioned that. So I stopped restoring IP/interface stuff and only restored <cert>s and <ca>s by editing everything else out of the xml file. Didn't expect cert changes to cause a reboot much less scrambling of interfaces.
-
Sorry, I read a lot of questions and sometimes I forget some details as I'm bouncing between user's problems. And I doubt it was cert changes causing the issue. Probably a NIC mismatch issue.
-
My <cert> restore had no interface or ip information whatsoever in the xml file supplied.
-
Why would it? Certificates don't care about IP addresses or interfaces.
-
That's my point. We're full circle now.
I restored from an xml file that had only <cert>s and <ca>s. The system rebooted itself and came up with no interface assignments. I don't know what else the restore may have broken so I reverted.
-
OK, I must be WAY too high or too tired to have missed all that detail. Sorry for wasting your time.
I would have tried the initial restore more than once just to rule out a glitch. Usually with mismatched NICs after a restore ther eis a timeout but then you can reassign everything. It shouldn't just hang forever. Also, doing a full restore with a hand-edited config that's missing virtually everything required is, um, unsupported
You could have also figured out the driver type for your NIC and the just did a find & replace in your config. So, for example, if you have a Broadcom NIC before and now you're using Realtek, you could change your config and replace instances bge0 with re0, bge1 with re1 etc.
-
So I guess the long and short of it is that I can select subsets of stuff to restore using the webui, but can't safely remove sections from the xml file.
-
It's generally best not to hand-edit the config very much as it's really easy to make a mistake, and following unsupported methods can lead to unpredictable results.
-
I know, our software uses xml for backup and restore too. I'd probably say the same to our customers. I'm just a little surprised pfsense can't handle a well formed but partial xml for restore. Anyhow, thanks for the insights.
