2100 upgrade to 25.07.1 hangs at install of ca_root_nss
-
- Hardware: Netgate 2100
- Current OS: 24.11-RELEASE
- Target OS: 25.07.1
- Packages:
- apcupsd
- Avahi
- aws-wizard
- iperf (disabled)
- ipsec-profile-wizard
- pfBlockerNG-devel (tried enabled and disabled)
- Service_Watchdog
- System_Patches
I am trying to upgrade to 25.07.1, would anyone have suggestions to get past the process hanging. ideally without having to re-flash the device for once to upgrade...
I am doing the upgrade via the web UI, and it processes along until it reaches the download / install of
ca_root_nss. When it hits this it appears to hang indefinitely.[50/79] Upgrading php83-readline from 8.3.12 to 8.3.19... [50/79] Extracting php83-readline-8.3.19: ......... done [51/79] Upgrading miniupnpd from 2.3.7,1 to 2.3.7_1,1... [51/79] Extracting miniupnpd-2.3.7_1,1: ....... done [52/79] Upgrading ca_root_nss from 3.104 to 3.104_1... [52/79] Extracting ca_root_nss-3.104_1: ....... doneI have noticed however if I decided the issue the reboot via the WebUI the upgrade processes ever so slightly before the device reboots.
[51/79] Extracting miniupnpd-2.3.7_1,1: ....... done [52/79] Upgrading ca_root_nss from 3.104 to 3.104_1... [52/79] Extracting ca_root_nss-3.104_1: ....... done <reboot issued after 5-10 min waiting> [52/79] Upgrading ca_root_nss from 3.104 to 3.104_1... [52/79] Extracting ca_root_nss-3.104_1: ....... done [53/79] Upgrading php83-sqlite3 from 8.3.12 to 8.3.19... <lose connection to webUI and device restarts>A secondary question :) how long can the boot environment name get before it may cause problems:
>>> Renaming current boot environment from default_20250831235405_20250901001722 to default_20250831235405_20250901001722_20250901003445...done. -
@jacksonp said in 2100 upgrade to 25.07.1 hangs at install of ca_root_nss:
When it hits this it appears to hang indefinitely.
This step need time...
Edit: I would recommend to update via SSH.
-
@slu define time? I've given this ~30 minutes sitting at
xtracting ca_root_nss -
@slu said in 2100 upgrade to 25.07.1 hangs at install of ca_root_nss:
Edit: I would recommend to update via SSH.
So I can understand better, ffor what reason?
-
You can still see the output from the upgrade process at the CLI even if the webgui process disconnects for some reason.
Even better is to upgrade from the serial console directly.
Yes extracting the ca_root_nss pkg can take a while on lower power CPUs. But not 30mins.
-
thanks @slu and @stephenw10 it looks that another benefit of the ssh is it actually gets the upgrade working.
no errors, no delays, quick simple upgrade via ssh
-
if I decided the issue the reboot via the WebUI
I canāt stress enough not to reboot mid upgrade. If you did Iād be surprised you didnāt need to manually reinstall. Perhaps the boot environment install/check/rollback will catch that now (which would be terrific).
My rule of thumb has been that a 2100 on eMMC storage takes 10-15 minutes at least, without packages.
If viewing the console or ssh you can run top and see whatās going on.
The BE name is because youāre not running on ādefaultā which it still assumes it needs to rename. Dunno about length. IIRC you can rename it?
If you have multiple BEs Iād suggest deleting old ones to free space.
-
@SteveITS said in 2100 upgrade to 25.07.1 hangs at install of ca_root_nss:
I canāt stress enough not to reboot mid upgrade.
I was prepared to flash the device again, I've had to do it for nearly every upgrade since I got the device. It's has not been the most reliable. A bit better for the 24.x after the intro of a/b but nearly always something
-
@jacksonp Well thatās unexpected also, havenāt had that sort of issue across our clients. I think the only reinstalls on 2100s were for the EFI issue.
