Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Updating a 2 node CARP cluster?

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    6 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tomstephens89
      last edited by

      Hi guys,

      I run a pair of pfSense boxes in a CARP configuration. I am running version 2.2.2 and wish to update to the latest stable build.

      Is there a best practice guide for updating a CARP configuration? Do I enter maintenance mode on 1 and upgrade? Disable CARP on 1 and upgrade? or do I do nothing and just Upgrade?

      Tom

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Generally you do this:

        1. Upgrade secondary
        2. Check secondary, make sure it's OK
        3. Put primary into maintenance mode
        4. If everything is still OK, upgrade the primary
        5. Check primary, make sure it's OK
        6. Take primary out of maintenance mode
        7. Test everything one last time

        https://doc.pfsense.org/index.php/Upgrade_Guide#Upgrading_High_Availability_Deployments
        https://doc.pfsense.org/index.php/Redundant_Firewalls_Upgrade_Guide

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          I just went from 2.2.0 to 2.2.4 on a pair of APUs last weekend.

          The one thing I added was disabling config sync before upgrading the secondary.ย  I re-enabled it after the primary was back up and active.ย  Is that unnecessary?

          I guess if you don't make any changes it doesn't matter, huh.

          Based on this language:

          After choosing the system to upgrade, and disabling config sync if upgrading the secondary first, proceed with a normal upgrade as described in the Upgrade Guide.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Before 2.2.4 the XMLRPC sync version check was incomplete so that is an OK idea coming from earlier versions. From 2.2.4 on that is not necessary.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              A little note: The XMLRPC version check I mentioned was fixed after 2.2.4, so it will be OK from 2.2.5 on.

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Thanks.ย  I did notice when I was testing on the bench that 2.2.1 would not sync to 2.0, citing the version mismatch.ย  Good to know whatever was broken is fixed.

                I'm fortunate that I'm usually the only one making changes so I can just leave it alone during an HA upgrade.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.