System Firmware Status page and update check takes forever

Started by alh, October 09, 2023, 10:56:09 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 09, 2023, 10:56:09 PM
I installed OPNsense in a Proxmox VM to the best of my knowledge with nothing out of the ordinary (firewall, haproxy and ipsec). However, in this instance I face the issue that the `System: Firmware: Status` page takes forever to load. Well, that is not exactly true since after a reboot it actually loads very quickly and what I would describe as normally. Shortly after a reboot it takes minutes to load the page with this error showing in the logs:

Code Select

configd.py Timeout (120) executing : firmware tiers


If I then proceed to clicking `Check for updates` it again takes very very very long to complete the check or just fail.

Code Select

Fetching changelog information, please wait... fetch: transfer timed out (in the window itself)

Backend log:

Retrieve upgrade progress status (for minutes)

configd.py unable to sendback response [opnsense|||product_tier|||1 opnsense-devel|||product_tier|||1 os-acme-client|||product_tier|||3 os-acme-client-devel|||product_tier|||3 os-apcupsd|||product_tier|||3 os-apcupsd-devel...

view plugin tiers (last entry in the log)


For the rest the system feels fast and snappy and there are no other issues  I can think of/experience.

Does someone have an idea what might make configd.py time out?

I did reinstall the system as well but same issue.
October 09, 2023, 11:35:52 PM #1
Looks like DNS issues, no upstreams defined in Unbound and/or System-General
October 10, 2023, 12:28:19 PM #2
I checked that a hundred times but cannot find any mistake. I put DNS-Servers in General and Unbound uses them as forwarders. I also tried not to use unbound for the system.
October 10, 2023, 02:45:45 PM #3
also tried dnsmasq instead of unbound, makes no difference.
October 10, 2023, 08:46:14 PM #4
did a package capture but there is no indication of any dns problems, all queries seem to get resolved and there are no lost/wrong packages
October 10, 2023, 09:07:51 PM #5
There's probably lots of pkg processes?

# pgrep pkg
# pgrep pkg-static

If so try

# killall pkg
# killall pkg-static

Otherwise the package database may be damaged.


Cheers,
Franco
October 11, 2023, 12:42:24 AM #6
In idle mode there are zero pkg-processes.

If I go to System > Firmware > Status two processes are fired up.

I ran "pkg update -f" but that seems to be fine as well (see attachment).

October 11, 2023, 07:54:54 AM #7 Last Edit: October 11, 2023, 11:22:56 AM by franco
Hmm, what I can say is that

# configctl firmware tiers

command seems to be slow for you. You can try it from a console and see if that is still the case.

The backend action just calls this:

# /usr/local/opnsense/scripts/firmware/query.sh tiers

If that is slow as well try to profile where it hangs...

# sh -x /usr/local/opnsense/scripts/firmware/query.sh tiers

It's not a very complex script and ends up calling pkg-update and pkg-query only. My bet still is that pkg-update hangs. And if not from the shell then from the GUI.


Cheers,
Franco

October 11, 2023, 10:28:16 AM #8
you are right, "pkg update -q" takes forever and "pkg rquery ..." takes quite long as well. Any idea on how to fix this?
October 11, 2023, 11:23:22 AM #9
I'm not sure... can you do

# pkg update

-q just mutes the output.
January 03, 2024, 11:58:10 PM #10
I know this is an old post but I was having a similar issue and I had DHCP and DHCPv6 enabled on my WAN interface. I think it was using IPv6 and was failing, once I disabled DHCPv6 everything started working.
January 19, 2024, 12:13:03 AM #11
Hey, apologies for resurrecting this old post, but I've encountered a sudden issue with my OPNsense. I previously faced a similar problem when setting up my DNS. Initially, I configured Adguardhome as the main DNS, pointing it to unbound. Although I resolved the DNS setup for OPNsense months ago, everything worked fine, and I could update packages without any issues.

I regularly perform updates, almost daily, due to having ntopng installed, which frequently receives small updates. However, now that I'm attempting to update to OPNsense 23.7.12, the firmware screen keeps loading indefinitely, as if the DNS isn't configured correctly.

Upon running pgrep pkg, I observed 18 items, and when I ran pgrep pkg-static, there were 0 items. Executing killall pkg did not resolve the issue.

Running configctl firmware tiers hangs on pkg update -q.

When I execute pkg update, it displays the following and hangs on the last line:

Code Select
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
Updating ntop repository catalogue...
Waiting for another process to update repository ntop

Does this imply that there's an issue retrieving the ntop repository information, causing the firmware status and update pages not to load?

Apologies for the bump and the somewhat rambling comment. Thanks in advance.
January 19, 2024, 10:57:13 PM #12
Okay I do not know what happened (I did nothing), but the problem seems to have fixed itself.
February 05, 2024, 10:14:01 PM #13
Hi community,

I had the same trouble that the System->Firmware->Status (and Update) freezes very long or forever as described in this thread.

An earlier post by franco ,,Looks like DNS issues, no upstreams defined in Unbound and/or System-General" brings me to the following idea:

,,I'm using AdGuardHome" for DNS filtering and use Unbound as Uplink DNS. This DNS config works very well (and fast) in my Network (LAN). So, perhaps the problem is in the DNS ,,routing" of the OPNsense itself???
I investigasted a little bit and found a switch at: System->Settings->General named ,,Do not use local DNS-Service as Nameservice" with an explanation, that when not switched on (negative logik!) a DNS service on the loopback device is used.

AdGuard listens on Port 53 but not on the Loopback interface (127.0.01). Unbound listen (i guess) on all interfaces (and so including loopback) by default, but I changed the port to 5353 to avoid conflict with AdGuardHome.
At the end, there is no DNS listenting on port 53 for the loopback device.

These asumptions would explain the behaviour.

I switched off the switch ,,Do not use local DNS-Service as Nameservice". Following the description of the switch this will force OPNsense not to use a DNS on the Loopback interface.
So, the ,,normal" configured way (as in my LAN) is used.

And - This works!!!

Firmware status and Firmware Update is running fast! I do not see any drawbacks of that solution.

I'm using the german frontend of OPNsense and translated back to english for this post. So, probably the switch is named a little bit different, but I hope you can find the setting and please correct me with the wording.

I hope you can follow my explanation and potentially helps others to fix their problems.

best regards
October 04, 2024, 10:30:37 AM #14
So just to add, after checking all the things here i found that my mirror in the updates settings was set to a mirror that was removed at some point.
It took ages to do the update, and then always said there was no updates.
after i changed the mirror it seemed to rebuild and work as expected.
Print
Go Up Pages1
User actions