Updating a 2 node CARP cluster?
-
Hi guys,
I run a pair of pfSense boxes in a CARP configuration. I am running version 2.2.2 and wish to update to the latest stable build.
Is there a best practice guide for updating a CARP configuration? Do I enter maintenance mode on 1 and upgrade? Disable CARP on 1 and upgrade? or do I do nothing and just Upgrade?
Tom
-
Generally you do this:
1. Upgrade secondary
2. Check secondary, make sure it's OK
3. Put primary into maintenance mode
4. If everything is still OK, upgrade the primary
5. Check primary, make sure it's OK
6. Take primary out of maintenance mode
7. Test everything one last timehttps://doc.pfsense.org/index.php/Upgrade_Guide#Upgrading_High_Availability_Deployments
https://doc.pfsense.org/index.php/Redundant_Firewalls_Upgrade_Guide -
I just went from 2.2.0 to 2.2.4 on a pair of APUs last weekend.
The one thing I added was disabling config sync before upgrading the secondary. I re-enabled it after the primary was back up and active. Is that unnecessary?
I guess if you don't make any changes it doesn't matter, huh.
Based on this language:
After choosing the system to upgrade, and disabling config sync if upgrading the secondary first, proceed with a normal upgrade as described in the Upgrade Guide.
-
Before 2.2.4 the XMLRPC sync version check was incomplete so that is an OK idea coming from earlier versions. From 2.2.4 on that is not necessary.
-
A little note: The XMLRPC version check I mentioned was fixed after 2.2.4, so it will be OK from 2.2.5 on.
-
Thanks. I did notice when I was testing on the bench that 2.2.1 would not sync to 2.0, citing the version mismatch. Good to know whatever was broken is fixed.
I'm fortunate that I'm usually the only one making changes so I can just leave it alone during an HA upgrade.
