2.4.4-p3 restore - libreadline crash (on every reboot)



  • I just did a "simulated" 2.4.4-p3 restore from scratch

    1: Backup Config
    2: Boot fwall from USB Memstick 2.4.4-p3
    3: Format disk , install pfSense
    4: Login on newly installed "default pfsense"
    5: Restore Config backup from 1:

    System boot went fine , fwall + interfaces looked fine.
    pfSense reported "Crash" + installing packages.

    Waited for a loong time , still installing packages.

    Clearing package lock , rebooting.

    Next boot same
    pfSense reported "Crash" + installing packages.

    Waiting a bit more , still installing packages.
    Clearing package lock.

    Checking installed packages , LADVD + openvpn export + service watchdog + zabbix agent (is zabbix agent the problem child ??) , wrt. package installer running for a looong time ?

    Well all seems installed , and system seems to be running.
    Only tested wo. user load , but it seems "happy".

    Back to the crash report
    I don't have access to the fwall from home , but have tomorrow.

    I see something like reported here:
    https://forum.netgate.com/topic/151715/crash-reporter

    And a reboot won't clear it, it ads lines to the crashreport.

    Idea:
    Can it bee that packages are from 2.4.5-p1 repos ?
    On one of my in-prod 2.4.4-p3's i can see that my zabbix agent is in a "funny" state - seems like an error. Ie. i cant reinstall oe upgrade or ...

    But i read that i should NOT upgrade any packages before upgrading to 2.4.5-p1.

    On the restored machine , i'm quite sure the zabbix-agent is the same version as on my upgraded 2.4.5-p1 machines :
    zabbix-agent44 net-mgmt 1.0.4_6

    Could zabbix-agent be a "problem child" ?

    That was the one package that didn't upgrade when i upgraded my two home pfSenses from 2.4.4-p3 to 2.4.5-p1 , in fact the zabbix-agent package was lost. But after manually adding zabbix-agent 1.0.4_6 , all was fine , the settings was retained.

    This was just a Restore test, on a non-prod machine.
    But I had hoped a "Restore" would run smoothly.

    I will get back tomorrow with some fresh info , when i have access to the fwall.

    /Bingo

    Ps:
    For solving the crash log error , i'll study these

    https://forum.netgate.com/topic/151675/2-4-5-update/7
    https://forum.netgate.com/topic/151888/2-4-5-upgrade-subsequent-crash-log
    https://forum.netgate.com/topic/151715/crash-reporter
    https://forum.netgate.com/topic/151675/2-4-5-update/9
    https://forum.netgate.com/topic/151780/pfblockerng-devel-install-php-startup-errors-failed-to-load-readline-so/8
    https://forum.netgate.com/topic/151780/pfblockerng-devel-install-php-startup-errors-failed-to-load-readline-so/8

    And after solving i'll do the 2.4.4-p3 to 2.4.5-p1 upgrade.


  • LAYER 8 Rebel Alliance

    A clean install should always be the latest and greatest pfSense version, you are running into problems with installing Packages on old versions.

    -Rico



  • I was simulating a 2.4.4-p3 restore.
    If i had a crash on one of those i still haven't upgraded.

    That would be sensible to support , at least for the previous version.

    If i had chosen a 2.4.5-p1 , could i use the 2.4.4-p3 config without running into trouble ?

    Else i can see a serious issue here.

    Could i reinstall the packages ?
    Or somehow restore the older config wo. packages ?

    /Bingo



  • Could i have edited the XML config to point at the previous 2.4.4 package repos ?

    System --> Update --> Branch

    Shouldn't it already be on that one when i'm running 2.4.4-p3 ?

    I'm open for suggestions , to be able to restore a system , when all i have is a 2.4.4-p3 config backup.

    Going directly to "Latest" is ok by me, if "latest" will take the "older" config

    Or even (cumbersome) after restore having to delete all packages , point it at the "previous branch" , and reinstall the packages.

    /Bingo



  • I need to be able to restore a 2.4.4-p3 system that i haven't upgraded to the "latest" yet.

    I'm waiting for spare disks, to ship out to my remote sites.
    Before i can upgrade those to "latest".

    I hope i can get a tech user to swap an existing 2.4.4-p3 ssd with a 2.4.5-p1 ssd on the remote site.

    And that i'm not BITTEN by UEFI/Secure boot, if doing that.

    Next i'm going to ship "Cold standby" machines to my two most critical sites.

    /Bingo



  • Can i use (restore) a 2.4.4-p3 config , if installing a 2.4.5-p1 image ?

    That would solve the above issue

    /Bingo


  • LAYER 8 Rebel Alliance

    Sure, you can always restore an old config to the latest version.

    -Rico



  • @Rico
    Thank you for that usefull info.

    I tried the "force 2.4.4 repos" trick by editing the config file directly (still using 2.4.4-p3 image)

    -		<pkg_repo_conf_path>/usr/local/share/pfSense/pkg/repos/pfSense-repo.conf</pkg_repo_conf_path>
    +		<pkg_repo_conf_path>/usr/local/share/pfSense/pkg/repos/pfSense-repo-244.conf</pkg_repo_conf_path>
    

    Works partially, as in no crashes , but all packages are gone.
    And i cant locate any pachages in the repos , besides it can't see the new 2.4.5-p1 update.

    My def-gw + dns was FSCK'ed up (Not Pfsense issue)

    Now i see packages

    Will toy a bit more ...

    But in the end i'll prob. just install the 2.4.5-p1 , and restore my 2.4.4-p3 config , as you told me would work 👍

    /Bingo



  • Well the pfSsense Restore util , strips away the -244 repos modificaton above , so still crash if doing that.

    Ugly workaround on restore:
    Disconnect WAN , and wait a looooong time for the package installer to timeout & give up.

    Switch to 2.4.4 (Deprecated) under System --> Update

    Reboot , Insert Wan, and install the missing packages manually.
    When wan becomes available, the package manager should have updated packages from the 2.4.4 repos.
    Seems like the config for uhe missing packages (for the few i have) is retained.

    I did that during a test , and the installed 2.4.4-p3 w. manually installed packages , updated to 2.4.5-p1 flawlessly.

    Suggested :
    Do as Rico says , and install 2.4.5-p1 , and restore the 2.4.3-p3 config.

    Todo (test):
    Do as Rico says , and install 2.4.5-p1 , and restore the 2.4.3-p3 config.

    Might be on monday.



  • @bingo600 said in 2.4.4-p3 restore - libreadline crash (on every reboot):

    5: Restore Config backup from 1:

    Check this : Netgate > Blog > pfSense 2.4.5-RELEASE-p1 Now Available :

    See under "Upgrade Notes".

    Do not update packages before upgrading pfSense! Either remove all packages or do not update packages before running the upgrade.

    The words "do not" are not optional. They are mandatory.

    This means that, even if you have a 2.4.4-old somewhere on USB on as your "go back if the new version doesn't meet your needs" plan B, you can not use the backed up config file, as it will install the latest packages.

    Re installing 2.4.4-old and importing the (any !) config file will auto install packages : chances are good that you will break things.

    To be more precise : package written by the Netgate authors will probably work just fine.
    But packages written by me, you and everybody else : they works with the latest pfSense version, this the latest Perl version, C lib versions, etc .

    To keep a workable 2.4.4-old vesrion, you should :
    First : backup your config.
    Then :
    Image the disk.
    Or,
    Swap the drive for another disk.

    This way you can go back without issues.

    Another option would be :
    Before importing the backed up config file, remove the list with installed packages. it's a simple XML file after all.

    I guess one could say that, if you want to use packages you have to use the latest pfSense version.
    If a new pfSense version comes out, you freeze all package updates (they still work - that is, if that was not the reasons for some update.
    First, upgrade pfSense,
    Then you continue to update packages as they are released.

    Btw : I'm writing this as 'just another pfSense user'. I might be wrong / not explaining things 100 % correct.



  • @Gertjan

    This was a purely academic excercise (for now).

    What i would like to see is a "Tick box" on the "Restore" page , that says : Strip (exclude install of) packages, from the restored config.

    Not the package config , just the physical package entry in the xml.

    That would IMHO solve a lot of trouble, and especially now. Since Netgate already have given the possibility to to use the previous repos (2.4.4 Deprecated).

    But you are right , as I'm getting the hang of the xml file , i could just strip the physical package section my self.

    But a tickbox would be much more elegant.

    /Bingo


Log in to reply