PfSense upgrade



  • I plan to upgrade to 2.1 (whenever it is available, any ETA on that?) and when I do I will also make a switch to nanoBSD to alleviate some issues I have with frequent disk writes and concerns I have over SSD wear. I'm doing research about the various things I might need to do, and just wanted to confirm some of those details.

    First, I've currently provisioned an approx 800MB partition on the host machine as the pfSense disk. Obviously, the 1G image would not be suitable, but more importantly, should I anticipate any problems in using the 512M image (apart from wasting 300M) on this partition?
    Second, I don't think I have a particularly high requirements, apart from installing iperf, cron and the TAP fix for openVPN I've no installed packages. Should I anticipate any issues with disk space with a 512M image?
    Third, does the memory requirement of the nanoBSD version differ significantly from the standard install? I've provisioned 256MB for the standard install, should I think about increasing this for the nanoBSD version?
    Fourth, will moving configuration just be as simple as backup and restore?



  • @yaxattax:

    I plan to upgrade to 2.1 (whenever it is available, any ETA on that?)

    Standard answer from the developers is "When it is ready"

    Your questions suggest you will be running this pfSense in a virtualised environment. Correct?

    @yaxattax:

    and when I do I will also make a switch to nanoBSD to alleviate some issues I have with frequent disk writes and concerns I have over SSD wear. I'm doing research about the various things I might need to do, and just wanted to confirm some of those details.

    I suspect you might be overly worried about SSD wear. I have a Transcend 1GB SS disk module in my main full install pfSense that is still going fine after more than 3.5 years.

    @yaxattax:

    First, I've currently provisioned an approx 800MB partition on the host machine as the pfSense disk. Obviously, the 1G image would not be suitable, but more importantly, should I anticipate any problems in using the 512M image (apart from wasting 300M) on this partition?

    Unless pfSense resists the common trend in computing, in a while the 512MB image will be dropped because it won't be big enough. Give it a 1GB or 2GB partition to start with.

    @yaxattax:

    Second, I don't think I have a particularly high requirements, apart from installing iperf, cron and the TAP fix for openVPN I've no installed packages. Should I anticipate any issues with disk space with a 512M image?

    See previous reply.

    @yaxattax:

    Third, does the memory requirement of the nanoBSD version differ significantly from the standard install? I've provisioned 256MB for the standard install, should I think about increasing this for the nanoBSD version?

    Not that I know of. My home full install pfSense runs very happily in 256MB RAM with no swap space used.

    @yaxattax:

    Fourth, will moving configuration just be as simple as backup and restore?

    Many people have reported it to be so.

    I presume you will use a nanobsd-vga image. If not, have you worked out how to provide the serial console for the "standard" nanobsd build?

    Have you thought about how you will get this setup initially? It seems like you won't be able to use the standard technique of image copying to a flash memory card then running off that.



  • Yes, I am running it in a virtualised environment, and yes, I am overly worried about SSD wear. I'd rather have been overly cautious and wasted an afternoon than not cautious enough and waste many more afternoons righting a buggered up system that it turns out I didn't back up properly, etc. I'm mostly worried because pfSense is by far the biggest disk writer among all my VMs. pfSense appears to currently be writing at a rate of 1GB/6 days, which isn't super high, and is apprx 610GB in 10 years (which is nothing to a properly wear levelled 240 drive), but I do feel a little concerned.

    I thank you for noting that it won't be easy to get the nanoBSD image onto the partiton - I can't DD from the host because that will probably be unreadable to the guest. I think I have a couple of options here

    1. Assign a second partition to current pfSense VM, and dd the image to this new partition, detach the old hard disk and boot from the new one
    2. This line in xen config:

    disk = [ 'phy:/dev/sdnx,hda,w', 'file:/path/to/pfsense.img,hdc,r']

    I'm not 100% sure that 2) will work, but based on http://doc.opensuse.org/products/draft/SLES/SLES-xen_sd_draft/cha.xen.vbd.html and the fact that the .img file is a "raw" disk image, I believe it should. I can then boot from the image, install to "hda", and then detach the second disk.

    Yes, I will be using the VGA edition, as far as I know xen can't attach to the serial console of HVM guests (and even if I can figure out how to do it, I'm sure its more hassle than just using the VGA image..)

    Thanks for your response


  • Netgate Administrator

    @yaxattax:

    I can then boot from the image, install to "hda", and then detach the second disk.

    There is no 'install' option in the nanobsd image.

    Steve



  • @stephenw10:

    @yaxattax:

    I can then boot from the image, install to "hda", and then detach the second disk.

    There is no 'install' option in the nanobsd image.

    Steve

    Ah, I see. It makes sense, and I guess that would make option 1 the best option.

    Thanks


  • Netgate Administrator

    I've never tried it but maybe you can import the raw nanobsd image into a VM image?

    Steve



  • Well I think with option 2 I can do that

    disk = [ 'file:/path/to/pfsense.img,hda,w']

    I imagine that if that works then if I dd that image to a partition (sdax)  then it would be accessible from a guest ..

    disk = [ 'phy:/dev/sdax,hda,w']

    but I really have no idea until I try it. I can give it a go and see if it works, but I know that option 1 will definitely work, so the main thing is that I have a way even if it isn't super convenient.



  • @stephenw10:

    I've never tried it but maybe you can import the raw nanobsd image into a VM image?

    Steve

    I'm not familiar with XEN but with KVM it's as simple as defining the pfSense image as harddisk.
    No need to convert anything, it's directly usable.


Log in to reply