Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
15.7 Legacy Series
»
[SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX
« previous
next »
Print
Pages:
1
[
2
]
3
Author
Topic: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX (Read 32639 times)
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX
«
Reply #15 on:
September 12, 2015, 09:53:30 pm »
256 MB and IDS are really not meant to go together. The fact that it works is miracle. It also explains your low tmpfs capacity when suricata is running in the background. My advice: don't use Intrusion Detection or Proxy Server on the hardware, or replace it, or switch off those services when you upgrade (might be a tad quicker). We cannot afford to strip down OPNsense like other distributions, because it is one of ours strengths. If anything, others should step in and do a lightweight version of OPNsense if there is much demand.
Moving the pkg fetch location only shifts the problem, it doesn't solve it. Especially for nano images, space is always scarce and only RAM in newer devices offers enough space for future upgrades. The main issue is that FreeBSD and in turn OPNsense have outgrown certain older hardware.
The keys changed since OpenSSH 7.1 doesn't have support for SSHv1 anymore, so the keys were rotated by our scripts. This won't happen again any time soon though.
Logged
gpac
Newbie
Posts: 21
Karma: 1
Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX
«
Reply #16 on:
September 13, 2015, 08:18:32 am »
Thanks a lot for your feedback.
Based on your advice I just switched off suricata (who any way never achieved to start completely and was failing while loading). After rebooting, df -h brings :
Filesystem Size Used Avail Capacity Mounted on
/dev/ufs/OPNsense0 1.8G 783M 919M 46% /
devfs 1.0K 1.0K 0B 100% /dev
tmpfs 97M 48K 97M 0% /tmp
tmpfs 110M 13M 97M 12% /var
devfs 1.0K 1.0K 0B 100% /var/dhcpd/dev
From you point of view what kind of minimum hardware would be required for a "nano" type of system able to run IDS ?
Thanks for your advice.
Best regards.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX
«
Reply #17 on:
September 13, 2015, 08:24:05 am »
That's a little better, I see, but might still give you trouble on larger updates (normally the updates are applied except the base/kernel).
Our recommendations for the nano image are here:
https://opnsense.org/users/get-started/#hardware-requirements
Logged
gpac
Newbie
Posts: 21
Karma: 1
Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX
«
Reply #18 on:
November 07, 2015, 08:45:52 am »
Hello,
I'm back with my poor 256 Mb Alix...
To have automatic updates working, I'v plugged a 2 Gb USB key on the alix and mounted that USB key on /var/cache/pkg.
Now the point is when a kernel update is required opnsense-update uses /tmp to fetch its .txz and .obsolete files.
+ Why aren't they going in /var/cache/pkg like other .txz files ?
+ Is there a way to pass a parameter to opnsense-update to use another directory as working directory ?
Thanks for your kind advice.
Best regards.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX
«
Reply #19 on:
November 07, 2015, 09:38:53 am »
You can manually edit the working path of /usr/local/sbin/opnsense-update, it's a shell script. Note that the update of the utility currently overwrites these changes.
The reason was that opnsense-update is written by us and we did not want to write to a supposed disk for CF and SD cards while FreeBSD has more of a server focus and persistency of downloaded files on proper hard disks. There's some more things on my TODO list like a config file for opnsense-update, I will try to weave that in for 16.1.
Logged
gpac
Newbie
Posts: 21
Karma: 1
Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX
«
Reply #20 on:
November 07, 2015, 12:19:37 pm »
OK Thanks a lot for the reply.
Basically changing the lines
rm -rf /tmp/opnsense-update.* (somewhere at the beginning of the file)
and
WORKDIR=/tmp/opnsense-update.${$} (somewhere in the middle of the file after the KERNEL UPDATE warning)
by
rm -rf /var/cache/pkg/opnsense-update.*
WORKDIR=/var/cache/pkg/opnsense-update.${$}
would be great help for me while staying consistent with what the updater is doing for other packages (fetching them in /var/cache/pkg).
Regards.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX
«
Reply #21 on:
November 08, 2015, 09:24:44 pm »
/var/cache/pkg is not a directory we should reuse, the utilities serve different purposes and I don't know the side effects, you should use:
rm -rf /var/cache/opnsense-update.*
WORKDIR=/var/cache/opnsense-update.${$}
This behaviour has unintended side effects on non-Nano images as the updates will become non-volatile and will also make issues with the /var MFS and reversal of the setting, as we had very very early in 15.7 with pkg.
opnsense-update is pretty cool, but was designed because freebsd-update was too complex a tool for the system upgrades. But truth is opnsense-upgrade will become useless with FreeBSD 11 when we an have pkg take care of kernel and base system too.
So all in all I'm not sure how much work should be put in here in the long run, potentially adding regressions and seeing old problems reappear. Not very good style.
I'll have to rethink this some more.
Logged
gpac
Newbie
Posts: 21
Karma: 1
Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX
«
Reply #22 on:
November 11, 2015, 08:20:23 am »
OK I understand.
Then another idea could be to have a different directory name while staying in /tmp :
If you would use /tmp/opnsense-update
/
${$} instead of /tmp/opnsense-update
.
${$}, then one could create a mount to a permanent slice of a USB stick for /tmp/opnsense-update
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX
«
Reply #23 on:
November 12, 2015, 08:58:17 pm »
Hmm, we can do that actually and just push the files in there flat. Just have to make sure two processes don't race on the same files there (more hypothetical madness, but better safe than sorry when it comes to upgrades).
See:
https://github.com/opnsense/update/issues/2
Thanks!
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX
«
Reply #24 on:
November 16, 2015, 08:30:45 pm »
I've added your suggestion to opnsense-update. It will be updated as soon as the next base/kernel update is needed. I don't think there's any need before this, right?
Logged
gpac
Newbie
Posts: 21
Karma: 1
Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX
«
Reply #25 on:
November 28, 2015, 08:42:40 pm »
Now it works, thanks a lot (kernel updates are going to /tmp/opnsense-update/...)
So I re-formated by USB key with 2 partitions (one for /var/cache/pkg et the other one for /tmp/opnsense-update), and my alix is now updating the kernel very slooooooowly.
Finally it took 21 minutes for the kernel upgrade stage followed by a 6 minutes reboot !
Logged
8191
Jr. Member
Posts: 83
Karma: 4
Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX
«
Reply #26 on:
November 29, 2015, 07:42:08 pm »
@gpac: which filesystem do you use on your USB pen drive? FAT32 or UFS?
Do you mount the drives manually before each upgrade or did you configure them in the
fstab
? Is the
/etc/fstab
persistent between updates?
I've just tried an update from 15.7.18 to 15.7.20 (the fifth time in a row) and failed again. I always end up with a corrupted file system. That time I had two external UFS partitions mounted to
/var/cache
and
/tmp/opnsense-update
and previously changed the
opnsense-update
script to adopt a predictable
WORKDIR
.
Is there any other way in upgrading to 15.7.20? I guess I'll build my own image and flash it directly to the CF...
«
Last Edit: November 29, 2015, 10:01:49 pm by mf
»
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX
«
Reply #27 on:
November 30, 2015, 07:08:32 am »
Mf, how much RAM does the board have? This sounds like an Out-Of-Memory kill mid-upgrade.
/etc/fstab entries are never touched. I guess FAT32 works, if you need the stick for other things. We'll improve the procedure further, but the CF card upgrades are tricky because the base system has grown considerably for OPNsense to allow easy access to build tools and a multitude of programming languages (PHP, Python, Perl) along with full manual pages.
Logged
gpac
Newbie
Posts: 21
Karma: 1
Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX
«
Reply #28 on:
January 09, 2016, 12:52:21 pm »
Sorry for late feedback.
With recent upgrades I had to create 2 partitions on my USB key
/dev/da0p1 on /var/cache/pkg (ufs, local)
/dev/da0p2 on /tmp/opnsense-update (ufs, local)
Nota an unclean shutdown of my Alix recently corrupted the file system on /var/da0p1 => adding an fsck in the small batch who mounts those seems usefull.
I mounting them manuall through a simple batch file I'm launching via ssh. For sure it would be better to be able to add something in a rc file to have it launched at startup. But I don't know exactly where / how to do that (in regular linux adding a Sxx and a Kxx file in the init.d would to the trick but on freebsd I don't how to do that), nor how to do that in a location / file not touched by future upgrades.
Best regards.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX
«
Reply #29 on:
January 10, 2016, 01:09:02 pm »
Gpac, the best way to launch a script is to use our rc.syshook facility.
Rename the (executable) shell script to /usr/local/etc/rc.syshook.d/mymount.early (mymount is a name you can freely choose)
The boot will then pick it up automatically.
«
Last Edit: January 10, 2016, 05:48:40 pm by franco
»
Logged
Print
Pages:
1
[
2
]
3
« previous
next »
OPNsense Forum
»
Archive
»
15.7 Legacy Series
»
[SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX