Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Can I send a perfect firmware update cmd from Proxmox in to a virtual OPNsense?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Can I send a perfect firmware update cmd from Proxmox in to a virtual OPNsense? (Read 1289 times)
pelle
Newbie
Posts: 10
Karma: 0
Can I send a perfect firmware update cmd from Proxmox in to a virtual OPNsense?
«
on:
January 29, 2021, 11:06:37 pm »
Hello
I manage some OPNsense running as virtual machines on a couple of small Proxmox hardware at different remote locations. Whenever I need to update the OPNsense firmware remotely, I'm scared to lose the connectivity permanently because the update somehow might fail (even if it has worked fine every time so far, thanks).
Can I update the firmware on my virtual OPNsense from Proxmox? My thought is to run a Proxmox bash script to first shut down and back up the OPNsense, start it and send a firmware update command to the virtual OPNsense. After the update finish, maybe by letting the script wait for 15 minutes or more, the bash script checks connectivity 'through' the OPNsense to verify update success. If that connectivity check fails, the script restores the last backup of OPNsense (= revert all update) and restart it. I know all of this is possible except for the Proxmox command stuff, to send a (correct) update command into the virtual OPNsense machine.
The idea is to have the OPNsense updated, checked and if for some reason the update did fail, restore it to the previous version. Am I on the wrong track, can this maybe be done somehow within the OPNsense itself?
Sorry if I ask this question to the OPNsense forum, maybe it should go into the Proxmox forum instead. But I think I'm not the only one using Proxmox as the engine for OPNsense and also, I ask this forum to know what kind of command I need to send to have the update job done in every case. Like going from 20.7_4 to 21.1 without any prompts popping up. I need a command which will make the firmware update go through without asking interactive questions, is that even possible?
The goal is to have an automated update script running in the middle of the night that either will update the OPNsense or if there is any problem, revert to the original version. It should be a *stable* process which 'never' end up in a broken state. Either the update has succeeded, or it has not, but it should *always* be up in the morning. That's my goal.
Thanks for any help and any good though on this topic.
Best Regards
- Per Håkansson
Logged
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: Can I send a perfect firmware update cmd from Proxmox in to a virtual OPNsense?
«
Reply #1 on:
January 29, 2021, 11:21:04 pm »
There is an API call to start the update as far as I kniw. So a sinple curl command should be able to trigger this.
Logged
„The S in IoT stands for Security!“
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Can I send a perfect firmware update cmd from Proxmox in to a virtual OPNsense?
«
Reply #2 on:
January 30, 2021, 09:45:15 am »
# configctl firmware auto-update
or
# configctl firmware auto-update ALLOW_RISKY_MAJOR_UPGRADE
(no output here as it is supposed to be a cron job, reboots if necessary, major update capability if available with second one)
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Can I send a perfect firmware update cmd from Proxmox in to a virtual OPNsense?
