23.05.1

mcury

SG-4100 - Updated from 23.05 to 23.05.1, no problems to report.

Packages used: pfBlockerNG, Wireguard, Softflowd, NUT, Acme and the others installed by default.

As usual, uninstalled pfblockerNG, Softflowd and NUT before upgrading.

murph2481

While the documentation and best practices is to uninstall packages and then upgrade and then reinstall. I wonder how many people actually do that? I have never done that with my upgrades of my 6100 and never had any issues. ZFS makes it easy to jump back to the previous boot environment that was working I guess I am just a rebel now lol!

mcury

@murph2481 said in 23.05.1:

I guess I am just a rebel now lol!

ahahah, you are braver than me

johnpoz

@murph2481 said in 23.05.1:

I wonder how many people actually do that?

It is best practice - and have done it in the past, but last couple of upgrades I just pulled the trigger.. After having copy of install media from tac (pfsense+) on hand and making sure have a latest and greatest copy of the config.

I don't really see anything in 23.05.1 that I need - and don't wont to have to reboot twice - will just wait til it goes official.

edit:
Oh - it looks official.. Should I pull trigger or just wait til weekend where be less of bother if its down for a bit. Think I will just wait a couple of days.

mcury

@johnpoz said in 23.05.1:

Should I pull trigger or just wait til weekend where be less of bother if its down for a bit. Think I will just wait a couple of days.

It took 5 minutes to update, already reinstalled all packages (keep settings enabled really got things easier).

Now I want to reboot again, RAM usage is pretty high after the upgrade but now I'm stuck, a few Plex friends just connected, I'll have to wait to reboot.

johnpoz

@mcury said in 23.05.1:

a few Plex friends just connected

haha - I run into that myself... Could just be a dick and reboot anyway.. But I normally wait til its quiet, early morning is the best.. Nobody on in in the 5-6 am window ;)

mcury

@johnpoz said in 23.05.1:

haha - I run into that myself... Could just be a dick and reboot anyway..

I almost did that, but one of the users watching Plex is my mom.. eheh

michmoor

@mcury said in 23.05.1:

Packages used: pfBlockerNG, Wireguard, Softflowd, NUT, Acme and the others installed by default.

Curious. What are you using as a NetFlow collector?

Cabledude

@mcury said in 23.05.1:
Thanks for your report

As usual, uninstalled pfblockerNG, Softflowd and NUT before upgrading.

New to uninstalling before upgrade. So let's say I were to follow your lead. Would I:

• create config backup
• uninstall packages like pfBlocker (is there a list of which packages should be uninstalled?)
• perform upgrade
• load config backup, so that the necessary packages are downloaded and installed automatically + their config is restored

?

Thanks!

jimp

The "remove all packages" part is more important for CE users making the gigantic leap from 2.6.0 to 2.7.0 and all the PHP and base OS changes that go with it. All our internal tests have been OK but we've had a few users report that some of their packages failed to update on the way to 2.7.0 and caused other issues.

If you're going from 23.05 to 23.05.1 the risk is much, much lower.

23.01 to 23.05.1 is probably still worth taking out packages for (PHP moved to 8.2) but still less risk than going from the old PHP 7.x code in 22.x up to 23.xx.

And in terms of what to uninstall, uninstall them all unless a package is 100% necessary for your upstream connectivity somehow, and then leave only what is absolutely needed.

mcury

@michmoor said in 23.05.1:

Curious. What are you using as a NetFlow collector?

Graylog:

michmoor

@mcury I dont want to pollute this thread with my graylog question but I am also pushing netflow to graylog but having trouble creating usable charts.
You mind sharing the dashboard config? I assume you're doing an aggregation table and all that.
Appreciate you @mcury

mcury

@michmoor Sure, open a new thread and I'll share everything I have set it here..

It's a simple setup, no aggregation.. It's working as a Syslog server for Synology, Unifi and pfSense.
But I'm also exporting netflow from pfSense to Graylog.

keyser

Upgraded a 2100 and 6100 from 23.05 to 23.05.1 without issues (very quick update, no package reinstall).

Packages running: pfBlockerNG, Syslog-ng, tftp, lldpd, notes, NtopNG, Freeradius, Nut

johnpoz

So I just pulled the trigger.. Took a current config backup, consoled in so could watch the upgrade - all smooth.

Took total of about 6 minutes on my 4860... Logging in now, seems all good.

chudak

Upgraded to 23.05.1 with no issues

Did not uninstall any packages, including pfBlockerNG

Cabledude

@jimp thanks for clarifying. You say with pfSense Plus 23.05 to 23.05.1 the risk is much lower. So there still is a risk and some users here do uninstall.

I could make uninstalling packages a principle or standard workflow. Could you comment on the steps I listed above:

• create config backup
• uninstall packages like pfBlocker (is there a list of which packages should be uninstalled?)
• perform upgrade
• load config backup, so that the necessary packages are downloaded and installed automatically + their config is restored

Would you say this is it? Any alterations advised?

Thanks!

jimp

I wouldn't bother with the config restore, just install the packages again. The config restore is a fairly harsh way of saving a handful of clicks.

It will work, but it's like swatting a fly with a cannon.

johnpoz

@jimp said in 23.05.1:

It will work, but it's like swatting a fly with a cannon.

But what if its robotic fly with steel plating? ;)

Cylosoft

For our 2.6 to 2.7 boxes I uninstalled PfBlocker and left all other packages. 23.05.1 I left all packages installed. I'm about 20 boxes in now and zero issues.