Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Updating a 2 node CARP cluster?

    Installation and Upgrades
    3
    6
    1159
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tomstephens89 last edited by

      Hi guys,

      I run a pair of pfSense boxes in a CARP configuration. I am running version 2.2.2 and wish to update to the latest stable build.

      Is there a best practice guide for updating a CARP configuration? Do I enter maintenance mode on 1 and upgrade? Disable CARP on 1 and upgrade? or do I do nothing and just Upgrade?

      Tom

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Generally you do this:

        1. Upgrade secondary
        2. Check secondary, make sure it's OK
        3. Put primary into maintenance mode
        4. If everything is still OK, upgrade the primary
        5. Check primary, make sure it's OK
        6. Take primary out of maintenance mode
        7. Test everything one last time

        https://doc.pfsense.org/index.php/Upgrade_Guide#Upgrading_High_Availability_Deployments
        https://doc.pfsense.org/index.php/Redundant_Firewalls_Upgrade_Guide

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          I just went from 2.2.0 to 2.2.4 on a pair of APUs last weekend.

          The one thing I added was disabling config sync before upgrading the secondary.ย  I re-enabled it after the primary was back up and active.ย  Is that unnecessary?

          I guess if you don't make any changes it doesn't matter, huh.

          Based on this language:

          After choosing the system to upgrade, and disabling config sync if upgrading the secondary first, proceed with a normal upgrade as described in the Upgrade Guide.

          Chattanooga, Tennessee, USA
          The pfSense Book is free of charge!
          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            Before 2.2.4 the XMLRPC sync version check was incomplete so that is an OK idea coming from earlier versions. From 2.2.4 on that is not necessary.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • jimp
              jimp Rebel Alliance Developer Netgate last edited by

              A little note: The XMLRPC version check I mentioned was fixed after 2.2.4, so it will be OK from 2.2.5 on.

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                Thanks.ย  I did notice when I was testing on the bench that 2.2.1 would not sync to 2.0, citing the version mismatch.ย  Good to know whatever was broken is fixed.

                I'm fortunate that I'm usually the only one making changes so I can just leave it alone during an HA upgrade.

                Chattanooga, Tennessee, USA
                The pfSense Book is free of charge!
                DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post