Question about upgrade pfsense HA
-
Hello,
I have two pfSense instances installed in VM, configured with HA (High Availability). I want to upgrade from version 2.6.0 to 2.7.0.
I'll be backing up the configuration, taking a snapshot of the machine and remove all package.
I plan to start the upgrade on the pfSense instance that is currently the slave, but I have a question.
Will upgrading the slave cause any issues when it tries to synchronize with the master, which is still running the old version?Thank you!
-
@sudo_su per the docs, yes since 2.7.x is FreeBSD 14:
https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide-ha.html#pfsync-considerationsThat said I don't recall running into drop issues on the clusters we manage, going to 23.01, but I may not have been looking for it and I tend to do those at night anyway, and one router right after the other.
-
The config only syncs primary to secondary. And it won't sync if the installed pfSense versions don't match.
The states sync both ways but the states are valid between versions.
-
@stephenw10 said in Question about upgrade pfsense HA:
the states are valid between versions.
Is that new? The doc URL I linked states, "Versions of pfSense software with a different base OS version of FreeBSD cannot sync their states between each other."
(But yes I perhaps misread the question as state sync not config sync.)
-
Hmm, interesting. I'll have to check that.
-
Ah, between different base versions that would be an issue, yes. And that does apply here.
Either way some time ago it used to be an issue and you needed to disable sync before upgrading. In any recent version though sync is disabled between incompatible versions so there is no need to do it.
-
@stephenw10 said in Question about upgrade pfsense HA:
Ah, between different base versions that would be an issue, yes. And that does apply here.
Either way some time ago it used to be an issue and you needed to disable sync before upgrading. In any recent version though sync is disabled between incompatible versions so there is no need to do it.
hi,
Is it possible to see the status of this option, or is it in the pfSense code?
