Messages

You can also try the latest test version as we already found the auto-vacuum doesn't always trigger:

# opnsense-revert -z hostwatch
# service hostwatch restart


Cheers,
Franco

Thank you. The test version worked fine. Same sizes as above.

I upgraded to 26.1 a couple of hours ago and suddenly got a warning that the disk is close to full.
It is caused by hostwatch db growing rapidly:

Code Select Expand

root@xxx:~ # ll -h /var/db/hostwatch/
total 6392960
-rw-r--r--  1 hostd hostd  4.0M Jan 30 10:25 hosts.db
-rw-r--r--  1 hostd hostd   12M Jan 30 10:25 hosts.db-shm
-rw-r--r--  1 hostd hostd  6.1G Jan 30 10:25 hosts.db-wal
I have rebooted but still same filesize

I repeated on instance #3 and exatly the same happened again.

Just to clarify. The update completes, but there is an error message about haproxy. See the relevant part of the log below:

Code Select Expand

[42/42] Upgrading haproxy from 3.0.7 to 3.0.8...
[42/42] Extracting haproxy-3.0.8: ........ done
pkg-static: Fail to rename /usr/local/etc/rc.d/.pkgtemp.haproxy.qaAZHiGtVWae -> /usr/local/etc/rc.d/haproxy:No such file or directory
Starting web GUI...done.
When I retry the update only haproxy is upgraded but not restarted. Everything OK after manual start of the service.

Extract from log from second upgrade:

Code Select Expand

***GOT REQUEST TO UPDATE***
Currently running OPNsense 25.1.1 (amd64) at Wed Feb 12 18:04:18 CET 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (1 candidates): . done
Processing candidates (1 candidates): . done
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
haproxy: 3.0.7 -> 3.0.8

Number of packages to be upgraded: 1
[1/1] Upgrading haproxy from 3.0.7 to 3.0.8...
[1/1] Extracting haproxy-3.0.8: ........ done
haproxy-3.0.7: missing file /usr/local/share/licenses/haproxy-3.0.7/GPLv2
haproxy-3.0.7: missing file /usr/local/share/licenses/haproxy-3.0.7/LGPL21
haproxy-3.0.7: missing file /usr/local/share/licenses/haproxy-3.0.7/LICENSE
haproxy-3.0.7: missing file /usr/local/share/licenses/haproxy-3.0.7/catalog.mk
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done


Update OPNsense from 25.1 => 25.1.1 fails when updating haproxy.
The update procedure tries to update haproxy from 3.0.7 to 3.0.8 but it fails with an error message in th elog window. The rest of the update is OK and the router reboots as expected. However, haproxy service does not start. When I click update again I am presented with an upgrade of haproxy 3.0.7=>3.0.8. Accepting that and the update succeeds but the service does not start. After starting manually everything seems to work.

I have tried this on two different installations with exactly the same behaviour.

Thank you. Worked like a charm!

I have an old picture widget file that is hanging around. It adds > 1 Mb to every backup file. How can I get rid of this file?

Sorry, I think I posted this in wrong forum.

I have an old picture widget file that is hanging around. It adds > 1 Mb to every backup file. How can I get rid of this file?

The forced update worked like a charm.
Thank you!

I have updated a couple of devices to 24.1 without issues. But when I resumed the work this morning the upgrade fails on two units.
After the step where I expected 24.1 to be in place the router restarted with these versions:

Code Select Expand


OPNsense 23.7.12_5-amd64
FreeBSD 13.2-RELEASE-p9
OpenSSL 3.0.12


When I try to upgrade again I get this:

Code Select Expand


***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 23.7.12_5 at Wed Jan 31 13:06:23 CET 2024
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 863 packages processed.
All repositories are up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking for upgrades (77 candidates): .......... done
Processing candidates (77 candidates): ... done
Checking integrity... done (1 conflicting)
  - openssl111-1.1.1w conflicts with openssl-3.0.12_2,1 on /usr/local/bin/c_rehash
Checking integrity... done (0 conflicting)
The following 58 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
cpdup: 1.22_1
haproxy28: 2.8.5_4
hostapd: 2.10_9
openssl: 3.0.12_2,1
opnsense: 23.7.12_5
opnsense-installer: 24.1
opnsense-update: 24.1
os-haproxy: 4.2
php82: 8.2.15
php82-ctype: 8.2.15
php82-curl: 8.2.15
php82-dom: 8.2.15
php82-filter: 8.2.15
php82-gettext: 8.2.15
php82-google-api-php-client: 2.4.0
php82-ldap: 8.2.15
php82-mbstring: 8.2.15
php82-pcntl: 8.2.15
php82-pdo: 8.2.15
php82-pear: 1.10.13
php82-pear-Crypt_CHAP: 1.5.0_1
php82-pecl-mcrypt: 1.0.6
php82-pecl-radius: 1.4.0b1_2
php82-phalcon: 5.3.1
php82-phpseclib: 3.0.34
php82-session: 8.2.15
php82-simplexml: 8.2.15
php82-sockets: 8.2.15
php82-sqlite3: 8.2.15
php82-xml: 8.2.15
php82-zlib: 8.2.15
sudo: 1.9.15p5_3

New packages to be INSTALLED:
openssl111: 1.1.1w

Installed packages to be DOWNGRADED:
cyrus-sasl: 2.1.28_4 -> 2.1.28_1
pkcs11-helper: 1.29.0_2 -> 1.29.0_1
python39: 3.9.18_1 -> 3.9.18

Installed packages to be REINSTALLED:
bind-tools-9.18.20_1 (direct dependency changed: openssl111)
curl-8.5.0 (direct dependency changed: openssl111)
cyrus-sasl-gssapi-2.1.28 (direct dependency changed: openssl111)
isc-dhcp44-server-4.4.3P1 (direct dependency changed: openssl111)
krb5-1.21.2 (direct dependency changed: openssl111)
ldns-1.8.3 (direct dependency changed: openssl111)
libevent-2.1.12 (direct dependency changed: openssl111)
libfido2-1.14.0 (direct dependency changed: openssl111)
lighttpd-1.4.73 (direct dependency changed: openssl111)
monit-5.33.0 (direct dependency changed: openssl111)
ntp-4.2.8p17_1 (direct dependency changed: openssl111)
openldap26-client-2.6.6 (direct dependency changed: openssl111)
openssh-portable-9.6.p1_1,1 (direct dependency changed: openssl111)
openvpn-2.6.8_1 (direct dependency changed: openssl111)
py39-aioquic-0.9.24 (direct dependency changed: openssl111)
py39-cryptography-41.0.7_2,1 (direct dependency changed: openssl111)
socat-1.8.0.0_2 (direct dependency changed: openssl111)
squid-6.6 (direct dependency changed: openssl111)
strongswan-5.9.13 (direct dependency changed: openssl111)
syslog-ng-4.4.0 (direct dependency changed: openssl111)
unbound-1.19.0 (direct dependency changed: openssl111)
wpa_supplicant-2.10_10 (direct dependency changed: openssl111)

Number of packages to be removed: 32
Number of packages to be installed: 1
Number of packages to be reinstalled: 22
Number of packages to be downgraded: 3

The operation will free 107 MiB.
***DONE***

Pressing Update gives the same result.

Worked like a charm!
Thank you

Code Select Expand

root@reserv2:~ # /usr/local/opnsense/mvc/script/run_migrations.php
Migrated OPNsense\Unbound\Unbound from 1.0.4 to 1.0.6

I can upgrade one more of my routers from 23.1.11 to 23.7 to verify the patch. But what sequence of actions/commands do you recommend?

I have noted that the outgoing_interface setting disappears during migration. This causes domain override /query forwarding to stop working in my setup.

Same commands on a router that is still running 23.1.11:

Code Select Expand

root@husabyvagen:~ # grep active_interface /conf/config.xml
    <active_interface/>
root@husabyvagen:~ # pluginctl -g unbound.active_interface

root@husabyvagen:~ #

Code Select Expand

    <active_interface/>
        <active_interface/>