23.01 -> 23.05 upgrade failed

SteveITS

@Innz You didn't provide many details. Error message? What does the console show? Logs? You might start a new thread.

If you didn't wait long enough (see my sig) more than one person has rebooted halfway through the update.

driise

@driise
more digging:

this file /usr/local/etc/pfSense/pkg/repos/pfSense-repo-stable.conf points to a hostname that doesn't exist. is this a bug?

lrwxr-xr-x  1 root  wheel  57 May 26 01:20 pfSense.conf -> /usr/local/etc/pfSense/pkg/repos/pfSense-repo-stable.conf

[23.01-RELEASE][admin@NONO]/usr/local/etc/pkg/repos: more pfSense.conf
FreeBSD: { enabled: no }

pfSense-core: {
    url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_amd64-core",
    mirror_type: "srv",
    signature_type: "fingerprints",
    fingerprints: "/usr/local/share/pfSense/keys/pkg",
    enabled: yes
}

pfSense: {
    url: "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_05_amd64-pfSense_plus_v23_05",
    mirror_type: "srv",
    signature_type: "fingerprints",
    fingerprints: "/usr/local/share/pfSense/keys/pkg",
    enabled: yes
}

[23.01-RELEASE][admin@NONO]/usr/local/etc/pkg/repos: ping firmware.netgate.com
PING firmware.netgate.com (208.123.73.209): 56 data bytes
64 bytes from 208.123.73.209: icmp_seq=0 ttl=43 time=12.406 ms
64 bytes from 208.123.73.209: icmp_seq=1 ttl=43 time=12.473 ms
^C
--- firmware.netgate.com ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 12.406/12.440/12.473/0.034 ms
[23.01-RELEASE][admin@NONO]/usr/local/etc/pkg/repos: ping pfsense-plus-pkg.netgate.com
ping: Unknown host

jimp

@driise said in 23.01 -> 23.05 upgrade failed:

@driise
more digging:

this file /usr/local/etc/pfSense/pkg/repos/pfSense-repo-stable.conf points to a hostname that doesn't exist. is this a bug?

No.

https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#packages-netgate-com-has-no-a-aaaa-record

Different variation on the hostname but same concept.

tman222

@driise - running into similar issues as you've described not being able to update packages:

https://forum.netgate.com/topic/180382/unable-to-upgrade-packages

Any ideas/thoughts on how to further troubleshoot this?

driise

@tman222 At this time, I'm stuck I guess, tried again this morning to get it to update, same issues. Hopefully Netgate will determine the issue and fix.

driise

@jimp

Any feedback on what we're seeing?
Any logs I can provide that might help? I can reproduce the issue easy if there's debug logs or something I can pull.

I reverted my VM instance back to the 23.01 boot image so that my physical and VM (secondary) could properly sync.

aaronssh

@pdavis said in 23.01 -> 23.05 upgrade failed:

After toggling the "Current Stable Version" and "Previous Stable Version" in System/Update/System Update, the GUI now showed 23.05 upgrade option.

So I had the same problem. First attempt at update failed with certificate issues, then my device got "stuck" thinking that 23.01 was the latest. Your steps quoted here fixed it for me too. Very strange!!

Dobby_

@demux said in 23.01 -> 23.05 upgrade failed:

Why? What can happen?

If you upgrade it can be in some cases that
the cert. lease will be gone, and so you only
have to wait a while until it is renewed and then
the entire upgrade process will work again for you without any problems.

Gertjan

@SteveITS said in 23.01 -> 23.05 upgrade failed:

Actually, that is not correct. It will show packages for the selected branch, which may not be the installed version ....

Exact.

That's why I was talking about Netgate being a fortune 500 company : the pfSense package list should correspond the system you are using, which isn't necessarily the list with packages available.
The latest versions of a package become available when you use the latest pfSense version.
Something like that.

This implies that there should be a unique repository for every supported pfSense version. This means a lot of labor to main all this.

pete

Backed up my PFSense 23.01 version fine. Updated and it failed. Rebooted box and it wouldn't boot in to PFSense.

Installed new PFSense CE on the box. Got a new token for PFSense + and see this

Thank you for choosing Netgate pfSense. Your device does not require registration, we recognize it already. You may have already registered, or it may be a pre-registered Netgate appliance.

when I try registration

I should have read the forum before upgrading.

I am using PFSense now with CE release 2.6.0-RELEASE (amd64) and restored backup from PFSense 23.01. (which is wrong and seeing this on boot up)

So this morning installing PFSense CE on backup router and hopefully updating it with PFSense + and then restoring configuration.

Never had an issue like this.

SteveITS

@pete I don’t have a solution but I’ve seen other posts like that. I believe that means Netgate recognizes the calculated NDI and therefore you don’t need a new token. Maybe you can find a thread with the solution…

pete

@SteveITS

Thank you @SteveITS.

Plugged Backup PFSense CE to currently working LAN (on kitchen table - very low on the WAF).

Updated it to PFSense +. It is updating now to 23.01 and leaving it there and restoring backup from other machine.

On reboot it gets all sorts of PHP errors and stays at the login prompt. Rebooted a couple of times and it is the same on reboot. I am screwed right now.

It seemed to stall at the squid prompts. Removed squid package and it booted. Reset the box via command prompt. Restored old build. On reboot dbended on kernel load.

Will start again from scratch on back up box.

Once I get this one going then taking primary off line and redoing it hopefully to work fine.

I am retired and this is a hobby and while I have backup boxes here many folks do not.

Need to step away now and readdress issues this afternoon.

Dobby_

@pete

You could try out installing 2.6 (zfs) and then upgrading to 23.01 and once more to 23.05
and if you will be install also back the config
then it would be the best option in my eyes.
You will need perhaps 30 minutes and all is
fine again. For the spare box I would try out
the 2.7 Development, if it is only a spare box
and for home usage and on top a hobby you
will be fine with it.

pete

Thank-you @dobby.

I did that and it worked and I did not update but when I restored my PFSense + old configuration it debended.

The second time I did it it said it was registered and wouldn't update to PFSense +.

So now booting in Ubuntu and reformatting drive and trying installation again.

This is on a Qotom. I also have two Jetways which I like much better than Qotom which I may try on.

In my retirement now hoarding firewalls ;).

I am still running on the redone Qotom PFSense + box to PFSense CE with the PFSense + backup restored to it. My VPN servers are running fine.

Just that I am occupying the kitchen table with a monitor and another server which is very low on the WAF.

mark_lab_user

@Dobby_ I just finished that exact procedure. All the way back to fresh 2.6 and then the 2 steps to upgrade.

I had to do it because "Available packages" was showing as empty and I was getting an error is syslog relating to the package manager.

And then I also had to update the RTL Ethernet driver to get my 2.5 Gbit card working.

But...

php-fpm[396]: /pkg_mgr_installed.php: The command '/usr/local/sbin/pfSense-repo-setup' returned exit code '1', the output was 'pfSense-repoc-static: invalid signature failed to read the repo data. failed to update the repository settings!!!'

Has returned as of a few minutes ago.

Hmmm.

mark_lab_user

@mark_lab_user Oh, silly me, I forget to Register using my existing Token.

Now things are looking up.

Guess that explains the 'invalid signature'?

Dobby_

@pete said in 23.01 -> 23.05 upgrade failed:

In my retirement now hoarding firewalls ;).

1 pfSense+
1 pfSense Devel
1 OpenWRT (comes later)
1 RouterOS (On the way)

tman222

@mark_lab_user said in 23.01 -> 23.05 upgrade failed:

@mark_lab_user Oh, silly me, I forget to Register using my existing Token.

Now things are looking up.

Guess that explains the 'invalid signature'?

@mark_lab_user - I have been seeing the same error but was already registered for pfSense Plus when I saw it.

https://forum.netgate.com/topic/180382/unable-to-install-or-upgrade-packages

Are you saying that the invalid signature error went away as soon as you registered your pfSense Plus activation token?

mark_lab_user

@tman222 YES.

pete

Formatting the drive did not fix the registration error.

I see this on the registration page where I put the token in for PFSense+

Thank you for choosing Netgate pfSense

Your device does not require registration, we recognize it already. You may have already registered, or it may be a pre-registered Netgate appliance.

Well then I read this:

*@jarhead ***There was a discussion a month or two ago that touched on it... I seem to recall pfSense generates a hardware ID and if the hardware changes it is seen as different/new. So without changing something, you probably would need to contact Netgate as mentioned.

Yeah, there's no automated process to do that currently. So open a ticket if for any reason you need to.****

That is why I could not re-install PFSense + on original machine and now second test machine. So now trying new Jetway computer. So will open up a TAC request for machines that were registered with PFSense.

Yes here have been using a micro travel router (2" X 1"" running OpenWRT and a MQTT broker inside my alarm panel (OmniPro 2). Another one is running MeteoHub with a MeteoStick for my Davis Weather station. Well and another one is a wireless TOR box.
Well also running Kodi in my automobiles and using Openwrt to LTE modems. Really like KODI CoreElec which talks to the bus on the car. It shows up as a menu item.

So installed PFSense then PFSense + on the new Jetway (6 Gb ports / com port / vga). Next steps are to recover my backup. This is where when I tried last time to do this the computer failed to boot.

Netgate pfSense Plus - Netgate Device ID: 3

*** Welcome to Netgate pfSense Plus 23.01-RELEASE (amd64) on pfSense ***

 WAN (wan)       -> igb0       -> v4/DHCP4: 192.168.244.251/25
                                  v6/DHCP6: xxx/64
 LAN (lan)       -> igb1       -> v4: 192.168.1.1/24

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) PHP shell + Netgate pfSense Plus tools
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Disable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

Enter an option: