[SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX

Started by mircsicz, August 10, 2015, 01:32:07 PM

Previous topic - Next topic
Print
Go Down Pages1 2 3
User actions
August 10, 2015, 01:32:07 PM Last Edit: August 28, 2015, 01:15:50 PM by franco
Hi all,

this is more or less my first post on the forum. I've just installed a first ALIX with the latest "i386-nano.img".

Have done some changes to the setup, all working as expected. Then I tried upgrading: The first update "pkgng" ran smooth but the second upgrade following with all the other packages only restart's the webconfigurator:

Code Select
***GOT REQUEST TO UPGRADE: all***
***STARTING UPGRADE***
Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.
All repositories are up-to-date.
Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.
All repositories are up-to-date.
Checking for upgrades (99 candidates): .......... done
Processing candidates (99 candidates): ...... done
The following 55 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
libedit: 3.1.20150325_1

Installed packages to be UPGRADED:
sudo: 1.8.13 -> 1.8.14p3
squid: 3.5.3_1 -> 3.5.6
py27-pytz: 2014.10,1 -> 2015.4,1
py27-Babel: 1.3_2 -> 2.0
png: 1.6.17 -> 1.6.17_1
php56-zlib: 5.6.10 -> 5.6.11
php56-xml: 5.6.10 -> 5.6.11
php56-tokenizer: 5.6.10 -> 5.6.11
php56-sqlite3: 5.6.10 -> 5.6.11
php56-sockets: 5.6.10 -> 5.6.11
php56-simplexml: 5.6.10 -> 5.6.11
php56-session: 5.6.10 -> 5.6.11
php56-pdo_sqlite: 5.6.10 -> 5.6.11
php56-pdo: 5.6.10 -> 5.6.11
php56-openssl: 5.6.10 -> 5.6.11
php56-mysql: 5.6.10 -> 5.6.11
php56-mcrypt: 5.6.10 -> 5.6.11
php56-mbstring: 5.6.10 -> 5.6.11
php56-ldap: 5.6.10 -> 5.6.11
php56-json: 5.6.10 -> 5.6.11
php56-hash: 5.6.10 -> 5.6.11
php56-gettext: 5.6.10 -> 5.6.11
php56-filter: 5.6.10 -> 5.6.11
php56-dom: 5.6.10 -> 5.6.11
php56-curl: 5.6.10 -> 5.6.11
php56-ctype: 5.6.10 -> 5.6.11
php56-bz2: 5.6.10 -> 5.6.11
php56-bcmath: 5.6.10 -> 5.6.11
php56: 5.6.10 -> 5.6.11
phalcon: 2.0.3 -> 2.0.6
pcre: 8.37_1 -> 8.37_2
os-update: 15.7 -> 15.7.6
opnsense: 15.7 -> 15.7.7_3
openssh-portable: 6.8.p1_8,1 -> 6.9.p1_2,1
libressl: 2.2.0 -> 2.2.1
isc-dhcp42-server: 4.2.8 -> 4.2.8_1
freetype2: 2.5.5 -> 2.6_1
filterdns: 0.1 -> 0.2
dnsmasq: 2.73,1 -> 2.74,1
ca_root_nss: 3.19.1_1 -> 3.19.2
bind910: 9.10.2_5 -> 9.10.2P3_1

Installed packages to be REINSTALLED:
voucher-0.1_4 (needed shared library changed)
syslogd-10.1_1 (direct dependency changed: clog)
strongswan-5.3.2 (needed shared library changed)
relayd-5.5.20140810_1 (needed shared library changed)
python27-2.7.10 (needed shared library changed)
openvpn-2.3.7 (needed shared library changed)
openldap-client-2.4.41 (needed shared library changed)
ntp-4.2.8p3 (needed shared library changed)
miniupnpd-1.9_1,1 (needed shared library changed)
lighttpd-1.4.35_5 (needed shared library changed)
libxml2-2.9.2_3 (options changed)
libevent2-2.0.22_1 (needed shared library changed)
curl-7.43.0_2 (needed shared library changed)

The process will require 1 MiB more space.
46 MiB to be downloaded.
Restarting webConfigurator...done.
***DONE***

Or am I with the wrong expectations?

Edit: another [thread]https://forum.opnsense.org/index.php?topic=1228.0[/thread] gave me a hint in the right direction: Tried to upgrade from console and got the same output plus one extra line:
Quotepkg: Not enough space in /var/cache/pkg, needed 46 MiB available 37 MiB

So I'll increase the RAM-Disk for var and see how it goes...

Just increased the size from default "no entry" which should be 60 to 75. Then rebooted but look what I got:


Seems it's best to wait till the Image-Size got increased to 4GB...
August 10, 2015, 02:08:15 PM #1
The smaller images are fragile like that: we've ran into all sorts of issues with low RAM + install and upgrades just because the base system grew by a large amount in an effort to get back to FreeBSDish freedom of how to use and deploy ones appliance.

I'll provide bigger 15.7.8 nano images shortly after 15.7.8 is released later this week. We have a kernel patch coming up with 15.7.8 so that's got to be in there.
August 10, 2015, 02:14:20 PM #2
THX, so I'll wait till next week and will test again with bigger images after the release 15.7.8...

Thank's Franco
August 28, 2015, 01:15:11 PM #3
Took a bit longer, but official images are up now!! :)

https://pkg.opnsense.org/releases/15.7.11/
August 28, 2015, 02:06:35 PM #4
I already have an Alix running OPNsense.  Do I have to re-flash with this new image to get enhancements provided by it?
August 28, 2015, 03:08:45 PM #5
If you don't have any issues you don't have to reflash. We've only pulled the old images because it had a few annoying problems that people would run into when the firmware wasn't upgraded. :)
August 28, 2015, 04:30:33 PM #6
I have always problems while upgrading the kernel (not enough space).  I need to reboot and then try the upgrade again.

Will re-flashing fix that?
August 28, 2015, 05:05:35 PM #7 Last Edit: August 28, 2015, 05:07:25 PM by franco
Can you provide me with your output of

# df -h

please?

If upgrades fail at some point or another because they are all fetched at once, try this serialised sequence instead:

# opnsense-update -k
# opnsense-update -b
# /usr/local/etc/rc.reboot
August 28, 2015, 05:35:33 PM #8
Once rebooted, the whole kernel upgrade always works.  So I think that there is not enough space in the ram partition because of packages that were upgraded before.  Maybe more stuff needs to be cleaned up?

Here is the requested output.  Note that the device is currently not in a state where kernel cannot be upgraded.

root@router:~ # df -h
Filesystem            Size    Used   Avail Capacity  Mounted on
/dev/ufs/OPNsense0    936M    734M    127M    85%    /
devfs                 1.0K    1.0K      0B   100%    /dev
tmpfs                  13M    372K     13M     3%    /tmp
tmpfs                  39M     26M     13M    68%    /var
devfs                 1.0K    1.0K      0B   100%    /var/dhcpd/dev
August 28, 2015, 07:14:06 PM #9 Last Edit: August 28, 2015, 07:15:57 PM by franco
Is this a 128 MB ALIX? This barely works. We've just updated the hardware specs and think that 512 MB the barrier where things just run all of the time (except for the installer on USB, but that is another story), everything below may fail due to OOM. If push comes to shove, 256 should also work, but 128 is too little to completely avoid it.

Base and kernel update are 20MB and 40MB each. Packages vary from a few kilobytes but sum up up to 150MB, too. All this needs to be in RAM for SD/CF systems, so that's why it's just not "humanly" possible.

I can also see that you're running the older 2GB nano image, we've since upgraded to 4GB (2GB slice internally), which gives enough room to grow and fetch updates onto the card, too (e.g. disabling the /var and /tmp MFS completely).

I'm also going to split /var and /tmp toggle into individual options, because /tmp definitely makes sense, but /var is a challenge in itself. I recommend /tmp MFS, but not /var MFS. But anyway, sorry for the tangent there.

I'd suggest re-flashing if you have a 4GB SD/CF card, disabling /tmp and /var MFS can help you with upgrades when it keeps failing then at least.
August 31, 2015, 12:12:44 PM #10
It's a 256MB Alix.  So from what I understand, I should consider an hardware upgrade ;).

In the meantime, I will re-flash with the new image.
September 10, 2015, 05:26:56 PM #11
Hmmm, any news on this? :)
September 12, 2015, 02:24:39 PM #12
Hello,

I have a recently reflashed 4 GB CF (reflashed with 15.7.11 nano 386 image). When trying to upgrade to 15.7.12 it fails with :

"pkg: Not enough space in /var/cache/pkg, needed 25 MiB available 5300 KiB"

df -h brings :
Filesystem            Size    Used   Avail Capacity  Mounted on
/dev/ufs/OPNsense0    1.8G    645M    1.0G    38%    /
devfs                 1.0K    1.0K      0B   100%    /dev
tmpfs                  11M    3.5M    7.7M    31%    /tmp
tmpfs                  25M     17M    7.7M    69%    /var
devfs                 1.0K    1.0K      0B   100%    /var/dhcpd/dev

What should i do ??

Thanks for your help.

Regards
September 12, 2015, 03:23:10 PM #13
How much RAM do you have in total? Are you using IDS? Your disk seems rather full as well.

I'd recommend switching off /var /tmp MFS option in System: Settings: Misc and rebooting, try to upgrade again. After successful update you can switch the option back on and reboot.
September 12, 2015, 07:00:22 PM #14
RAM : based on dmesg.today : "real memory  = 268435456 (256 MB)" / "avail memory = 226619392 (216 MB)"

IDS : I tried but it always fail with "kernel: pid 62902 (suricata), uid 0, was killed: out of swap space"

As far as disk space, root filesystem has 38% free / 645 Mb available which is quite large for what I'm exepcting to do (no squid cache or things like that, just firewall / dchp / dns / ntp and possibly IDS.


=> To upgrade sucessfully I had to
1) disable the "/var /mem in memory" parameter
2) reboot
3) upgrade
4) re-enable the "/var /mem in memory" parameter
5) reboot

Nota : at step 2 I had to play with my .ssh/known_host since the RSA fingerprint of the OPNsens had changed...

Suggestion : why not putting the /var/cache/pkg on disk rather than memory to ensure upgrade will work ? (this should not be written frequently ?).
Print
Go Up Pages1 2 3
User actions