Faster pfSense 2.1 NanoBSD image upgrade explained!



  • [DISCLAIMER: I am posting this in the hope that it could be valuable for others to avoid wasting many hours to upgrade and get the checksum error problems as discussed in http://forum.pfsense.org/index.php/topic,64479.msg349789.html#msg349789 and in http://forum.pfsense.org/index.php/topic,64333.msg348598.html#msg348598. This was accomplished in minutes, some 10 minutes compared to 2.5 hours using GUI. I do not guarantee that it works for all.

    @moderator: If this is something unuseful, please remove this thread]

    1. Connect an HDD or SDD either usiing SATA/eSATA cable or USB to pfSense box (I connected directly to SATA).

    2. Run

    egrep 'ad[0-9]|cd[0-9]' /var/log/dmesg.boot
    

    You shall see something like:

    acd0: DVDROM <lite-on dvd="" sohd-16p9s="" fqsc="">at ata0-master UDMA40
    ad4: 152627MB <seagate st3160812as="" 3.ahh="">at ata2-master UDMA100 SATA</seagate></lite-on>

    Else run:

    atacontrol list
    

    The output shall look like:

    ATA channel 0:
       Master: acd0 <lite-on dvd="" sohd-16p9s="" fqsc="">ATA/ATAPI revision 6
       Slave:       no device present
    ATA channel 2:
       Master:  ad4 <st3160812as 3.ahh="">SATA revision 2.x
       Slave:       no device present
    ATA channel 3:
       Master:      no device present
       Slave:       no device present</st3160812as></lite-on>

    My preferred method is:

    ls /dev/ad*
    

    which will give output like:

    ad4%    ad4s1%  ad4s1a% ad4s1b%

    3. If the drive is not sliced to UFS, I suggest to create a temporary zpool/create a slice and create a mountpoint.. To learn more about the latter, visit http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-adding.html

    4. Then ssh to the pfSense machine and select option (8) for shell. To mount /mnt/ad4s1a to /hdd

    mkdir /hdd
    mount /dev/ad4s1a /hdd
    df -h
    

    You shall see something like (note the last line):

    Filesystem           Size    Used   Avail Capacity  Mounted on
    /dev/ufs/pfsense1    442M    204M    203M    50%    /
    devfs                1.0k    1.0k      0B   100%    /dev
    /dev/ufs/cf           49M    1.5M     44M     3%    /cf
    /dev/md0              38M    424k     35M     1%    /tmp
    /dev/md1              57M     18M     35M    34%    /var
    devfs                1.0k    1.0k      0B   100%    /var/dhcpd/dev
    /dev/ad4s1a          140G    1.7G    127G     1%    /hdd

    If you want to automount the slice, just add to the /etc/fstab (but I do it manually).

    5. Change to /hdd and download the latest firmware matching your configurations. Mine was amd64 1g images, so:

    cd /hdd
    fetch http://snapshots.pfsense.org/FreeBSD_RELENG_8_3/amd64/pfSense_RELENG_2_1/updates/pfSense-2.1-RC0-1g-amd64-nanobsd_vga-upgrade-20130717-2242.img.gz http://snapshots.pfsense.org/FreeBSD_RELENG_8_3/amd64/pfSense_RELENG_2_1/updates/pfSense-2.1-RC0-1g-amd64-nanobsd_vga-upgrade-20130717-2242.img.gz.md5
    

    Then verify the md5sum manually using cat and md5 commands.

    6. Note the location of the img.gz file and then exit from the shell.

    7. Then choose option (13) Upgrade from console.

    Enter an option: 13

    Starting the pfSense console firmware update system..

    1. Update from a URL
    2. Update from a local file
      Q) Quit

    Please select an option to continue:

    Enter 2, you will be asked to enter the location of the img and you shall see the following 'Warning' message.

    Enter the complete path to the .tgz or .img.gz update file: /hdd/pfSense-2.1-RC0-1g-amd64-nanobsd_vga-upgrade-20130717-2242.img.gz

    WARNING! ACHTUNG! DANGER!

    This image is not digitally signed.

    This means that the image you uploaded is not an official/supported image and
    may lead to unexpected behavior or security compromises.

    Only install images that come from sources that you trust, and make sure
    that the image has not been tampered with.

    Do you want to install this image anyway at your own risk [n]?

    Enter y. You shall further get the following. It takes a few mintues to upgrade, so wait.

    Continuing upgrade…

    One moment please...
                                                                                 
    Broadcast Message from root@pfSense0.domain.tld                              
           (no tty) at 11:57 CEST...                                              
                                                                                 
    NanoBSD Firmware upgrade in progress...                                        
                                                                                 
                                                                                 
    Broadcast Message from root@pfSense0.domain.tld                              
           (no tty) at 11:57 CEST...                                              
                                                                                 
    Installing /hdd/pfSense-2.1-RC0-1g-amd64-nanobsd_vga-upgrade-20130717-2242
    .img.gz.                                                                      
                                                                                 
    ...                                                                              
    Broadcast Message from root@gw0.freeregistrar.net                              
           (no tty) at 12:04 CEST...                                              
                                                                                 
    NanoBSD Firmware upgrade is complete.  Rebooting in 10 seconds.                
                                                                                 
    ...........Done.  Rebooting...

    Once the box reboots, the HDD is automatically disconnected. Connect again to pfSense box using either GUI or ssh!

    Enjoy faster upgrade of NanoBSD image of pfSense!


  • Rebel Alliance Developer Netgate

    If a NanoBSD upgrade takes that long, you must have one really, really, crappy CF or CF adapter/socket/controller.

    It only takes a few minutes on my ALIX including the download time with a normal GUI-initiated upgrade.

    Now reinstalling packages post-upgrade, that does take some time if you have a lot installed.

    Do you notice the same slowness if you download straight to the CF? (/etc/rc.conf_mount_rw; fetch -o /root/ …) and then run the upgrade from that file?



  • No such problem on my Alix box. The upgrade process doesn't take more than 5 minutes.



  • @jimp:

    If a NanoBSD upgrade takes that long, you must have one really, really, crappy CF or CF adapter/socket/controller.

    It only takes a few minutes on my ALIX including the download time with a normal GUI-initiated upgrade.

    Now reinstalling packages post-upgrade, that does take some time if you have a lot installed.

    Do you notice the same slowness if you download straight to the CF? (/etc/rc.conf_mount_rw; fetch -o /root/ …) and then run the upgrade from that file?

    yes, the same slowness even when I directly download the image to the CF card or USB stick (Kingston which supports upto 237mb/s in normal situations).



  • @MaxPF:

    No such problem on my Alix box. The upgrade process doesn't take more than 5 minutes.

    You are lucky then! ;-)


  • Rebel Alliance Developer Netgate

    What kind of system are you running NanoBSD on?

    If it's not an ALIX but something else with some more power to it, keep this in mind:
    http://doc.pfsense.org/index.php/Boot_Troubleshooting#NanoBSD_on_Newer_Hardware



  • @jimp:

    What kind of system are you running NanoBSD on?

    If it's not an ALIX but something else with some more power to it, keep this in mind:
    http://doc.pfsense.org/index.php/Boot_Troubleshooting#NanoBSD_on_Newer_Hardware

    I am running on a 64-bit dual-core P4 3.2Mhz machine with 4GB RAM, fyi.



  • Just for the record, my Alix systems typically download at the (terribly slow) line speeds we have in remote places (some 192kbps = about 20KB/second = 50 sec/MB = roughly 1 hour for the download) then it takes about 5 minutes to do the writing of the ~80MB to the CF card partition, <2 minutes offline during reboot, then however much time to dribble down the package reinstall (it pays to not use big packages in the remote places!) In places with faster internet links, it happily downloads at 1-4 Mbps without apparent delays waiting for CF card writes.
    My slowness is all due to the available internet speed - there is only 5 minutes in the process when it is writing as fast as possible to the CF card partition.


  • Rebel Alliance Developer Netgate

    @zenny:

    @jimp:

    What kind of system are you running NanoBSD on?

    If it's not an ALIX but something else with some more power to it, keep this in mind:
    http://doc.pfsense.org/index.php/Boot_Troubleshooting#NanoBSD_on_Newer_Hardware

    I am running on a 64-bit dual-core P4 3.2Mhz machine with 4GB RAM, fyi.

    Then most likely you're seeing side effects of running without ACPI, DMA, and write caching on that hardware.



  • @phil.davis:

    Just for the record, my Alix systems typically download at the (terribly slow) line speeds we have in remote places (some 192kbps = about 20KB/second = 50 sec/MB = roughly 1 hour for the download) then it takes about 5 minutes to do the writing of the ~80MB to the CF card partition, <2 minutes offline during reboot, then however much time to dribble down the package reinstall (it pays to not use big packages in the remote places!) In places with faster internet links, it happily downloads at 1-4 Mbps without apparent delays waiting for CF card writes.
    My slowness is all due to the available internet speed - there is only 5 minutes in the process when it is writing as fast as possible to the CF card partition.

    Yes, I have 26Mbps connection. So connection is not the bottleneck.

    Usually it takes some 1 to 2 hours to download, and obviously it takes only a few mintues to upgrade pfSense base in one slice, but it takes another hour to upgrade the addon packages.

    Then most likely you're seeing side effects of running without ACPI, DMA, and write caching on that hardware.

    However, like jimp stated that it may be related with ACPI (but I have ACPI enabled), DMA or most importantly writecache, I assume.

    Thanks for your inputs.


  • Rebel Alliance Developer Netgate

    Unless you manually enabled ACPI and friends in loader.conf.local, then you don't have them (regardless of the BIOS settings), because on NanoBSD we disable them by default. (as mentioned on my link)



  • Is this different for NanoBSD vs. NanoBSD+VGA?

    [2.1-RC0][root@router....]/root(1): uname -a
    FreeBSD router.... 8.3-RELEASE-p8 FreeBSD 8.3-RELEASE-p8 #0: Mon Jul 15 16:58:10 EDT 2013     root@snapshots-8_3-amd64.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_wrap_vga.8.amd64  amd64
    [2.1-RC0][root@router....]/root(2): cat /boot/loader.conf.local
    hw.ata.ata_dma_check_80pin="0"
    [2.1-RC0][root@router....]/root(3): sysctl hw.ata
    hw.ata.setmax: 0
    hw.ata.wc: 1
    hw.ata.atapi_dma: 1
    hw.ata.ata_dma_check_80pin: 0
    hw.ata.ata_dma: 1
    
    

  • Rebel Alliance Developer Netgate

    Yes, NanoBSD+VGA has those enabled already.