Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Updating a 2 node CARP cluster?

    Installation and Upgrades
    3
    6
    992
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tomstephens89 last edited by

      Hi guys,

      I run a pair of pfSense boxes in a CARP configuration. I am running version 2.2.2 and wish to update to the latest stable build.

      Is there a best practice guide for updating a CARP configuration? Do I enter maintenance mode on 1 and upgrade? Disable CARP on 1 and upgrade? or do I do nothing and just Upgrade?

      Tom

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Generally you do this:

        1. Upgrade secondary
        2. Check secondary, make sure it's OK
        3. Put primary into maintenance mode
        4. If everything is still OK, upgrade the primary
        5. Check primary, make sure it's OK
        6. Take primary out of maintenance mode
        7. Test everything one last time

        https://doc.pfsense.org/index.php/Upgrade_Guide#Upgrading_High_Availability_Deployments
        https://doc.pfsense.org/index.php/Redundant_Firewalls_Upgrade_Guide

        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          I just went from 2.2.0 to 2.2.4 on a pair of APUs last weekend.

          The one thing I added was disabling config sync before upgrading the secondary.  I re-enabled it after the primary was back up and active.  Is that unnecessary?

          I guess if you don't make any changes it doesn't matter, huh.

          Based on this language:

          After choosing the system to upgrade, and disabling config sync if upgrading the secondary first, proceed with a normal upgrade as described in the Upgrade Guide.

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            Before 2.2.4 the XMLRPC sync version check was incomplete so that is an OK idea coming from earlier versions. From 2.2.4 on that is not necessary.

            1 Reply Last reply Reply Quote 0
            • jimp
              jimp Rebel Alliance Developer Netgate last edited by

              A little note: The XMLRPC version check I mentioned was fixed after 2.2.4, so it will be OK from 2.2.5 on.

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                Thanks.  I did notice when I was testing on the bench that 2.2.1 would not sync to 2.0, citing the version mismatch.  Good to know whatever was broken is fixed.

                I'm fortunate that I'm usually the only one making changes so I can just leave it alone during an HA upgrade.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy