Solved problems with upgrade 2.1.5 to 2.2.6 on XenServer



  • After spending all day trying to figure this out. I thought I'll write this up to share with you the steps I took to sucessfully upgraded from pfSense version 2.1.5 to 2.2.6 running on XenServer.

    1. Before doing anything make sure you have a back up.
    Export the VM from XenServer as a backup, take a screenshot of the list of NICs for the VM in XenCenter so you know the order and create a snapshot before starting.

    2. Log into the pfSense web interface and take a screen shot or copy and paste the interface details from Status -> Interfaces.

    3. Go to Diagnostics -> Backup/Restore -> Select Backup area: ALL then click on Download configuration. This will back up all your settings.

    4. Following the upgrade guide https://doc.pfsense.org/index.php/Upgrade_Guide#pfSense_2.2_Upgrade_Notes , go to the console and run this script.

    /usr/local/sbin/ufslabels.sh
    

    Xen Users
    The FreeBSD 10.1 base used by pfSense 2.2 includes PVHVM drivers for Xen in the kernel. This can cause Xen to automatically change the disk and network device names during an upgrade to pfSense 2.2, which the Hypervisor should not do but does anyway. The disk change can be worked around by running /usr/local/sbin/ufslabels.sh before the upgrade to convert /etc/fstab to UFS labels rather than disk device names.
    The NIC device change issue has no workaround. Manual reassignment is required at this time.

    If you don't do this you'll get errors like this immediately after upgrading from 2.1.5 to 2.2.6:

    Trying to mount root from ufs:/dev/ad0s1a [rw]...
    	mountroot: waiting for device /dev/ad0s1a ...
    	Mount from ufs:/dev/ad0s1a failed with error 19.
    
    	Loader variables:
    	     vfs.root.mountfrom=ufs:/dev/ad0s1a
    	     vfs.root.mountfrom.options=rw
    
    	Manual root filesystem specification:
    	     <fstype>: <device>[options]
    	            Mount <device> using filesystem <fstype>
    	            and with the specified (optional) option list
    
    	            eg. ufs:/dev/da0s1a
    	                 zfs:tank
    	                 cd9660:/dev/acd0 ro
    	                       (which is equivalent to: mount -t cd9660 -o ro /dev/acd0 /)
    
    	?                           List valid disk boot devices
    	.                           Yield 1 second (for background tasts)
    	<empty lines="">      Abort manual input
    
    	mountroot></empty></fstype></device></device></fstype>
    

    5. Log into the pfSense web interface click on System -> Firmware -> Auto Update Tab to perform the upgrade.

    6. As the upgrade guide states, the NIC device changes will need to be manually reassigned. After pfSense reboots after the upgrade it will prompt you to reassign the interfaces. Make sure it is in the same order as  it was before. Once the web interface is available, log into Status -> Interfaces to make sure all the interfaces are configured correctly.

    7. You will fine that the firewall still does not work after manually reassigning the interfaces but pings will work. This is because there is a problem with tx checksum offloading with FreeBSD 10 as described here: https://forum.pfsense.org/index.php?topic=88467.0
    You will need to turn off tx checksum offloading for the VM.

    Find your PFsense VM network VIF UUID's:

    
    	[root@xen ~]# xe vif-list vm-name-label="RT-OPN-01"
    	uuid ( RO)            : 08fa59ac-14e5-f087-39bc-5cc2888cd5f8
    	         vm-uuid ( RO): 0128bdba-df81-d729-ddbc-c60575e02624
    	          device ( RO): 1
    	    network-uuid ( RO): 7af0dc44-dc05-44f2-3741-883acb937747
    
    	uuid ( RO)            : 799fa8f4-561d-1b66-4359-18000c1c179f
    	         vm-uuid ( RO): 0128bdba-df81-d729-ddbc-c60575e02624
    	          device ( RO): 0
    	    network-uuid ( RO): 106ad80e-9522-77fd-3cc6-4b2b6fc03ecc
    
    

    Then modify those VIF UUID's with this settings:

    
            xe vif-param-set uuid=08fa59ac-14e5-f087-39bc-5cc2888cd5f8 other-config:ethtool-tx="off"
    	xe vif-param-set uuid=799fa8f4-561d-1b66-4359-18000c1c179f other-config:ethtool-tx="off"
    

    And Shutdown VM and start again. Not restart PFSense from console.

    Credit goes to those quoted in the referenced threads.

    Hope this will save you time. Cheers!


Log in to reply