Обновление OPNsense до версии 21.7

Print Friendly, PDF & Email

Задача:

Обновиться OPNsense до версии 21.7

---------------------------------------------------------------

я ранее уже рассказывал в статье “Обновление OPNSense в режиме высокой доступности“, как обновлять OPNsense. Теперь пришло время обновить на следующую версию. Ну раз появилась статья, значит что-то пошло не по плану 😉

Из краткой инструкции обновления:

  1. Обновляем резервный файрвол
  2. Переводим в режим обслуживания главный файрвол
  3. Обновляем главный файрвол
  4. отключаем режим обслуживания на главном файрволе

я застрял на третьем пункте и обновление могло скачиваться бесконечно. Не выдержав, спустя сутки, я перезагрузил.

***GOT REQUEST TO UPGRADE***
Fetching packages-21.7-OpenSSL-amd64.tar: ..........................................................................................................................................................................................................................................................................................................................................................................................................................

Проверив из консоли обновления, стало понятно что, попросту он не может их найти

root@GWM:~ # pkg update
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:12:amd64/21.1/latest/meta.txz: No address record
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:12:amd64/21.1/latest/packagesite.txz: No address record
Unable to update repository OPNsense
Error updating repositories!
root@GWM:~ #

Проверяем, действительно нет.

root@GWM:~ # ping google.com
ping: cannot resolve google.com: Host name lookup failure
root@GWM:~ #

Для решения я просто пересохранил настройки WAN интерфейса. Оказалось, что DNS сервера были левые и по сути не рабочими.

Исправим и проверив наличие интернета пробуем, обновиться из консоли

----------------------------------------------
|      Hello, this is OPNsense 21.1          |         @@@@@@@@@@@@@@@
|                                            |        @@@@         @@@@
| Website:      https://opnsense.org/        |         @@@\\\   ///@@@
| Handbook:     https://docs.opnsense.org/   |       ))))))))   ((((((((
| Forums:       https://forum.opnsense.org/  |         @@@///   \\\@@@
| Code:         https://github.com/opnsense  |        @@@@         @@@@
| Twitter:      https://twitter.com/opnsense |         @@@@@@@@@@@@@@@
----------------------------------------------

*** GWM.xaxa.local: OPNsense 21.1.9_1 (amd64/OpenSSL) ***

 HA (alc0)       -> v4: 10.168.7.110/30
 LAN (vmx0)      -> v4: 192.168.7.110/24
 WAN (vmx1)      -> v4/DHCP4: 192.168.11.155/24

 HTTPS: SHA256 3B 5C B6 55 8A A9 67 F5 E5 9A BC 51 3D 51 CC 6C
               E0 35 36 CA 99 FC 6D 94 9C F4 03 51 66 4A B8 D0
 SSH:   SHA256 M+v8Hdgl/1gVctrm25OKgVaStYZxYvmLmhmojfjsis0 (ECDSA)
 SSH:   SHA256 nPvc9zFLGy1cnCHNPB6XLUtrtrm25OKg0AlPi6jv4yo (ED25519)
 SSH:   SHA256 wyNe2Wf7qBYPqBEX+mf1hBz5pYhtrm25OKgVMTjA6H0 (RSA)

  0) Logout                              7) Ping host
  1) Assign interfaces                   8) Shell
  2) Set interface IP address            9) pfTop
  3) Reset the root password            10) Firewall log
  4) Reset to factory defaults          11) Reload all services
  5) Power off system                   12) Update from console
  6) Reboot system                      13) Restore a backup

Enter an option: 12

Fetching change log information, please wait... done

This will automatically fetch all available updates and apply them.

A major firmware upgrade is available for this installation: 21.7

Make sure you have read the release notes and migration guide before
attempting this upgrade.  Around 500MB will need to be downloaded and
require 1000MB of free space.  Continue with this major upgrade by
typing the major upgrade version number displayed above.

Minor updates may be available, answer 'y' to run them instead.

Proceed with this action? [21.7/y/N]: N

Как видим обновлению требуется 1000MB свободного места. Прервав обновление, заходим в нормальный шел и проверяем свободное место

  0) Logout                              7) Ping host
  1) Assign interfaces                   8) Shell
  2) Set interface IP address            9) pfTop
  3) Reset the root password            10) Firewall log
  4) Reset to factory defaults          11) Reload all services
  5) Power off system                   12) Update from console
  6) Reboot system                      13) Restore a backup

Enter an option: 8

root@GWM:~ # df -h
Filesystem         Size    Used   Avail Capacity  Mounted on
/dev/gpt/rootfs     40G    7.0G     30G    19%    /
devfs              1.0K    1.0K      0B   100%    /dev
devfs              1.0K    1.0K      0B   100%    /var/dhcpd/dev
devfs              1.0K    1.0K      0B   100%    /var/unbound/dev
root@GWM:~ #

Возвращаемся в меню и проверяем обновление

root@GWM:~ # exit
exit

*** GWM.xaxa.local: OPNsense 21.1.9_1 (amd64/OpenSSL) ***

 HA (alc0)       -> v4: 10.168.7.110/30
 LAN (vmx0)      -> v4: 192.168.7.110/24
 WAN (vmx1)      -> v4/DHCP4: 192.168.11.155/24

 HTTPS: SHA256 3B 5C B6 55 8A A9 67 F5 E5 9A BC 51 3D 51 CC 6C
               E0 35 36 CA 99 FC 6D 94 9C F4 03 51 66 4A B8 D0
 SSH:   SHA256 M+v8Hdgl/1gVctrm25OKgVaStYZxYvmLmhmojfjsis0 (ECDSA)
 SSH:   SHA256 nPvc9zFLGy1cnCHNPB6XLUtrtrm25OKg0AlPi6jv4yo (ED25519)
 SSH:   SHA256 wyNe2Wf7qBYPqBEX+mf1hBz5pYhtrm25OKgVMTjA6H0 (RSA)

  0) Logout                              7) Ping host
  1) Assign interfaces                   8) Shell
  2) Set interface IP address            9) pfTop
  3) Reset the root password            10) Firewall log
  4) Reset to factory defaults          11) Reload all services
  5) Power off system                   12) Update from console
  6) Reboot system                      13) Restore a backup

Enter an option: 12

Fetching change log information, please wait... done

This will automatically fetch all available updates and apply them.

A major firmware upgrade is available for this installation: 21.7

Make sure you have read the release notes and migration guide before
attempting this upgrade.  Around 500MB will need to be downloaded and
require 1000MB of free space.  Continue with this major upgrade by
typing the major upgrade version number displayed above.

Minor updates may be available, answer 'y' to run them instead.

Proceed with this action? [21.7/y/N]: y

*** GWM.xaxa.local: OPNsense 21.1.9_1 (amd64/OpenSSL) ***

 HA (alc0)       -> v4: 10.168.7.110/30
 LAN (vmx0)      -> v4: 192.168.7.110/24
 WAN (vmx1)      -> v4/DHCP4: 192.168.11.155/24

 HTTPS: SHA256 3B 5C B6 55 8A A9 67 F5 E5 9A BC 51 3D 51 CC 6C
               E0 35 36 CA 99 FC 6D 94 9C F4 03 51 66 4A B8 D0
 SSH:   SHA256 M+v8Hdgl/1gVctrm25OKgVaStYZxYvmLmhmojfjsis0 (ECDSA)
 SSH:   SHA256 nPvc9zFLGy1cnCHNPB6XLUtrtrm25OKg0AlPi6jv4yo (ED25519)
 SSH:   SHA256 wyNe2Wf7qBYPqBEX+mf1hBz5pYhtrm25OKgVMTjA6H0 (RSA)

  0) Logout                              7) Ping host
  1) Assign interfaces                   8) Shell
  2) Set interface IP address            9) pfTop
  3) Reset the root password            10) Firewall log
  4) Reset to factory defaults          11) Reload all services
  5) Power off system                   12) Update from console
  6) Reboot system                      13) Restore a backup

Enter an option:

Наверно обновления для версии OPNsense 21.1.9_1 отсутствуют. Попробуем обновиться на 21.7

Enter an option: 12

Fetching change log information, please wait... done

This will automatically fetch all available updates and apply them.

A major firmware upgrade is available for this installation: 21.7

Make sure you have read the release notes and migration guide before
attempting this upgrade.  Around 500MB will need to be downloaded and
require 1000MB of free space.  Continue with this major upgrade by
typing the major upgrade version number displayed above.

Minor updates may be available, answer 'y' to run them instead.

Proceed with this action? [21.7/y/N]: 21.7

Fetching packages-21.7-OpenSSL-amd64.tar: ................................................................................................................................................................................................................................................

К сожалению, это могло продолжаться вечно.

Проверяем что находится в папке “cache”

root@GWM:~ # ls -lah /var/cache/opnsense-update/
total 60
drwxr-xr-x  8 root  wheel   512B Aug 18 21:28 .
drwxr-xr-x  6 root  wheel   512B Aug 18 21:30 ..
drwxr-x---  2 root  wheel   512B Feb  1  2021 .sets.pending
-rw-r--r--  1 root  wheel    28K Feb  1  2021 .upgrade.log
prw-r--r--  1 root  wheel     0B Feb  1  2021 .upgrade.pipe
drwxr-x---  2 root  wheel   512B Aug 15 19:15 31743
drwxr-xr-x  2 root  wheel   512B Aug 18 20:56 52742
drwxr-x---  2 root  wheel   512B Aug 18 20:44 72645
drwxr-xr-x  2 root  wheel   512B Aug 18 21:28 83398
drwxr-x---  2 root  wheel   512B Aug 16 06:29 92844
root@GWM:~ # 

Очищаем кеш обновления и проверяем, удалился ли.

root@GWM:~ # opnsense-update -se
root@GWM:~ # ls -lah /var/cache/opnsense-update/
total 8
drwxr-xr-x  2 root  wheel   512B Aug 18 21:38 .
drwxr-xr-x  6 root  wheel   512B Aug 18 21:30 ..
root@GWM:~ #

Пробуем ещё раз обновиться

  0) Logout                              7) Ping host
  1) Assign interfaces                   8) Shell
  2) Set interface IP address            9) pfTop
  3) Reset the root password            10) Firewall log
  4) Reset to factory defaults          11) Reload all services
  5) Power off system                   12) Update from console
  6) Reboot system                      13) Restore a backup

Enter an option: 12

Fetching change log information, please wait... done

This will automatically fetch all available updates and apply them.

A major firmware upgrade is available for this installation: 21.7

Make sure you have read the release notes and migration guide before
attempting this upgrade.  Around 500MB will need to be downloaded and
require 1000MB of free space.  Continue with this major upgrade by
typing the major upgrade version number displayed above.

Minor updates may be available, answer 'y' to run them instead.

Proceed with this action? [21.7/y/N]: y

Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (0 candidates): . done
Processing candidates (0 candidates): . done
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done
Nothing to do.
Your system is up to date.
Starting web GUI...done.
Generating RRD graphs...done.

*** GWM.xaxa.local: OPNsense 21.1.9_1 (amd64/OpenSSL) ***

Пробуем обновиться до версии 21.7

  0) Logout                              7) Ping host
  1) Assign interfaces                   8) Shell
  2) Set interface IP address            9) pfTop
  3) Reset the root password            10) Firewall log
  4) Reset to factory defaults          11) Reload all services
  5) Power off system                   12) Update from console
  6) Reboot system                      13) Restore a backup

Enter an option: 12

Fetching change log information, please wait... done

This will automatically fetch all available updates and apply them.

A major firmware upgrade is available for this installation: 21.7

Make sure you have read the release notes and migration guide before
attempting this upgrade.  Around 500MB will need to be downloaded and
require 1000MB of free space.  Continue with this major upgrade by
typing the major upgrade version number displayed above.

Minor updates may be available, answer 'y' to run them instead.

Proceed with this action? [21.7/y/N]:  21.7

Fetching packages-21.7-OpenSSL-amd64.tar: ............................

Проверяем трафик на wan интерфейсе (Reporting: Traffic)

Проверяем, что действительно обновление в процессе. Подключаемся ещё раз к opnsense и проверяем размер папки

root@GWM:~ # du -h /var/cache/opnsense-update/
 12K    /var/cache/opnsense-update/16104
137M    /var/cache/opnsense-update/22326
137M    /var/cache/opnsense-update/
root@GWM:~ # du -h /var/cache/opnsense-update/
 12K    /var/cache/opnsense-update/16104
144M    /var/cache/opnsense-update/22326
144M    /var/cache/opnsense-update/
root@GWM:~ #

Как видно папка увеличивается в размере.

Порывшись я нашёл ссылки от куда качаются обновления

https://pkg.opnsense.org/FreeBSD:12:amd64/21.7/

В Linux узнать размер скачиваемого файла можно командой “wget –spider“, в unix я ничего умнее не придумал чем начать скачивать файл

root@GWM:~ # fetch https://pkg.opnsense.org/FreeBSD:12:amd64/21.7/sets/base-21.7-amd64.txz
base-21.7-amd64.txz                             0% of  172 MB  329 kBps^Z
Suspended
root@GWM:~ #

можно просто открыть сайт

докачать файл так и не удалось. При скачивании командой fetch из консоли opnsense, особого успеха не получилось. В итоге все обновления были скачены в другом месте на флешку и загружена на роутер при помощи WinSCP

Далее приведу пример офлайнового обновления opnsense

root@GWM:~ # opnsense-update -se
root@GWM:~ # cd 21.7/
root@GWM:~/21.7 # ls -l
total 1627764
-rw-r--r--  1 root  wheel  181050588 Aug 19 08:36 base-21.7-amd64.txz
-rw-r--r--  1 root  wheel       1332 Aug 19 08:32 base-21.7-amd64.txz.sig
-rw-r--r--  1 root  wheel  181065716 Aug 19 08:36 base-21.7.1-amd64.txz
-rw-r--r--  1 root  wheel       1332 Aug 19 08:33 base-21.7.1-amd64.txz.sig
-rw-r--r--  1 root  wheel      54680 Aug 19 08:33 bogons.txz
-rw-r--r--  1 root  wheel       1332 Aug 19 08:33 bogons.txz.sig
-rw-r--r--  1 root  wheel     224996 Aug 19 08:33 changelog.txz
-rw-r--r--  1 root  wheel       1332 Aug 19 08:34 changelog.txz.sig
-rw-r--r--  1 root  wheel   28619144 Aug 19 08:35 kernel-21.7-amd64.txz
-rw-r--r--  1 root  wheel       1332 Aug 19 08:34 kernel-21.7-amd64.txz.sig
-rw-r--r--  1 root  wheel   28620496 Aug 19 08:35 kernel-21.7.1-amd64.txz
-rw-r--r--  1 root  wheel       1332 Aug 19 08:34 kernel-21.7.1-amd64.txz.sig
-rw-r--r--  1 root  wheel  622702592 Aug 19 08:59 packages-21.7-LibreSSL-amd64.tar
-rw-r--r--  1 root  wheel       1332 Aug 19 08:49 packages-21.7-LibreSSL-amd64.tar.sig
-rw-r--r--  1 root  wheel  623691264 Aug 19 08:58 packages-21.7-OpenSSL-amd64.tar
-rw-r--r--  1 root  wheel       1332 Aug 19 08:49 packages-21.7-OpenSSL-amd64.tar.sig
root@GWM:~/21.7 #
root@GWM:~/21.7 # opnsense-verify base-21.7-amd64.txz
Verifying signature with trusted certificate pkg.opnsense.org.20210629... done
root@GWM:~/21.7 # opnsense-verify base-21.7.1-amd64.txz
Verifying signature with trusted certificate pkg.opnsense.org.20210629... done
root@GWM:~/21.7 # opnsense-verify bogons.txz
Verifying signature with trusted certificate pkg.opnsense.org.20210629... done
root@GWM:~/21.7 # opnsense-verify changelog.txz
Verifying signature with trusted certificate pkg.opnsense.org.20210629... done
root@GWM:~/21.7 # opnsense-verify kernel-21.7-amd64.txz
Verifying signature with trusted certificate pkg.opnsense.org.20210629... done
root@GWM:~/21.7 # opnsense-verify kernel-21.7.1-amd64.txz
Verifying signature with trusted certificate pkg.opnsense.org.20210629... done
root@GWM:~/21.7 # opnsense-verify packages-21.7-LibreSSL-amd64.tar
Verifying signature with trusted certificate pkg.opnsense.org.20210629... done
root@GWM:~/21.7 # opnsense-verify packages-21.7-OpenSSL-amd64.tar
Verifying signature with trusted certificate pkg.opnsense.org.20210629... done
root@GWM:~/21.7 #
root@GWM:~/21.7 # 
root@GWM:~/21.7 # opnsense-update -ur 21.7 -l ~/21.7/
Fetching packages-21.7-OpenSSL-amd64.tar: . done
Fetching base-21.7-amd64.txz: . done
Fetching kernel-21.7-amd64.txz: . done
!!!!!!!!!!!! ATTENTION !!!!!!!!!!!!!!!
! A critical upgrade is in progress. !
! Please do not turn off the system. !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Extracting packages-21.7-OpenSSL-amd64.tar... done
Extracting base-21.7-amd64.txz... done
Installing kernel-21.7-amd64.txz... done
Please reboot.
root@GWM:~/21.7 # /usr/local/etc/rc.reboot

на всякий случай логи консоли при перезагрузке

root@GWM:~/21.7 # /usr/local/etc/rc.reboot
>>> Invoking stop script 'beep'
>>> Invoking stop script 'freebsd'
Stopping acme_http_challenge.
Waiting for PIDS: 61011.
Stopping flowd.
Waiting for PIDS: 70065 72036.
flowd_aggregate not running? (check /var/run/flowd_aggregate.pid).
Stopping vnstat.
Waiting for PIDS: 47773.
Stopping zabbix_agentd.
Waiting for PIDS: 30196.
>>> Invoking stop script 'backup'
>>> Invoking backup script 'captiveportal'
>>> Invoking backup script 'dhcpleases'
>>> Invoking backup script 'duid'
>>> Invoking backup script 'netflow'
>>> Invoking backup script 'rrd'
>>> Invoking stop script 'config'
Shutdown NOW!
shutdown: [pid 15920]
root@GWM:~/21.7 #
*** FINAL System shutdown message from root@GWM.xaxa.local ***

System going down IMMEDIATELY



System shutdown time has arrived

если в этот момент подключиться к роутеру напрямую

дожидаемся перезагрузки, обновляем пакеты

и обновляемся до версии 21.7.1

Помогла статья? Есть возможность отблагодарить автора

QR Link:

QR Code

Читайте также:

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *