Making re-installing packages optional

  • From time to time I upgrade to a newer version on my pfsense, but each time I upgrade it removes all packages and then installs them again.
    This also happens after restoring a configuration file.

    Because some packages are crucial (siproxd,pfblocker) and some are necessary (zabbix) this significantly contributes to the downtime of this firewall.
    Especially ntop enhances this downtime. It takes more than 10 minutes to install.

    I also noticed that pfblocker turns off after each upgrade. This may be the fault of pfblocker.

    If this "repackaging" would be optional it would greatly help me and others.

    There's also a spare pfsense that I can turn on, but after turning this one on I need to load the latest configuration file and I will have another 15 minutes downtime which could have been 3….

  • Well you can create a local pkg repository to reduce downtime.

    There is no way to guarantee that the package will work after the upgrade in general scope.

  • Rebel Alliance Developer Netgate

    If downtime is that critical, you should be updating during a low-traffic or overnight maintenance window when it won't matter quite so much.

    A real hacky way to do this would be to install the shellcmd package and then add an earlyshellcmd to run

    /bin/rm /conf/needs_package_sync

    Which would remove the file that triggers the pkg reinstall.

    If something breaks in a package because of the upgrade though, you've only got yourself to blame. We reinstall them for a reason, as cmb mentioned.

Log in to reply