Re: Core 122 updates

Re: Core 122 updates

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 1556 bytes --]

Hello Fred,

yes, this might indeed be an issue.

The updater will catch that and not install the update if not enough
disk space is available on either / or /boot.

So you can try, but it might make sense to reinstall or if you are very
brave remove the old kernel and then install the update :)

-Michael

On Thu, 2018-08-02 at 14:57 -0400, Kienker, Fred wrote:
> FYI – some of the very old firewalls, installed long ago before there was an x86-64 version, have VERY small /boot partitions. This may pose issues updating to Core 122.
>  
> This screen shot was taken from a very old IPFire system running the x586 version:
>  
> [root(a)fw ~]# df -h
> Filesystem      Size  Used Avail Use% Mounted on
> devtmpfs       1001M  4.0K 1001M   1% /dev
> tmpfs          1006M   12K 1006M   1% /dev/shm
> tmpfs          1006M  264K 1006M   1% /run
> /dev/sda3       2.0G 1001M  840M  55% /
> /dev/sda1        24M   18M  4.4M  81% /boot
> /dev/sda4        71G   52G   16G  78% /var
> none            8.0M   12K  8.0M   1% /var/lock
> none           1006M   16K 1006M   1% /var/log/vnstat
> none           1006M   32M  975M   4% /var/log/rrd
>  
> Note that the /boot partition is only 24M in total and has only 4.4M free.
>  
> Michael’s posting on the website about maybe it is time for a “clean” reinstall is very much to the point. But this is very hard to do with these older systems. I’m not sure it is possible to install 122 then restore a backup from 120, but I may well be wrong.
> Best regards,
> Fred
>  

RE: Core 122 updates

[Kienker, Fred]

[-- Attachment #1: Type: text/plain, Size: 3017 bytes --]

Of course, just reloading from scratch and restoring a backup would be 
the best option. However, when you are remotely maintaining systems that 
are hundreds or thousands of kilometers (miles) away, let's just say 
this is "Not An Option".

Some of these systems have been in place for several years and the 
hardware is, shall we say, antique. Because of this, we are downloading 
backups of Core 120, installing 120 onto replacement hardware, restoring 
the 120 backup, updating to 122, making a backup of the 122 settings, 
reinstalling 122, and then finally restoring the 122 backup. When this 
is all done, we have our current hardware, running 122 with the new 
partition layouts and new keys which we then ship to the remote site. 
People there can swap the cables from the old to the new machines. It's 
a lot of steps, but it solves all the problems you have brought up. With 
the replacement Dell hardware, we can do "bare metal" installations 
remotely, which we can't do with the current Dell hardware, and 
hopefully not have to *EVER* do this again.

With systems that have large enough boot partitions, we are delaying 
replacement until the really old hardware is done. But we have seen 
enough unexplained "events" on these systems that we have resorted to 
updating from the command line rather than the GUI. There have been 
several which wound up with "blank" /boot folders. I have not been able 
to discern why this is happening. But if we check for the blank /boot 
folders, and don't reboot, we can recover from this. When it happens, we 
move the mine file from "122" back to "120" and rerun the 120 > 121/122 
update. So far, it has always worked correctly the second time, and the 
system is left in a usable state. If we come up with any kind of idea as 
to what causes this, I will certainly report this back to this list.

Fred

-----Original Message-----
From: Michael Tremer <michael.tremer(a)ipfire.org> 
Sent: 3 August, 2018 04:14
To: Tom Rymes <trymes(a)rymes.com>; Kienker, Fred <fkienker(a)at4b.com>
Cc: development <development(a)lists.ipfire.org>
Subject: Re: Core 122 updates

On Thu, 2018-08-02 at 23:41 -0400, Tom Rymes wrote:
> 
> 
> On Aug 2, 2018, at 2:58 PM, Kienker, Fred <fkienker(a)at4b.com> wrote:
> 
> <snip>
> 
> > Michaels posting on the website about maybe it is time for a 
clean reinstall is very much to the point. But this is very hard to 
do with these older systems. Im not sure it is possible to install 122 
then restore a backup from 120, but I may well be wrong.
> 
> Fred,
> 
> Id advise against installing an older backup to a newer system if 
you can avoid it. Why not install 120 as a clean install, restore the 
backup, and then upgrade. Will the 120 clean install not have a larger 
/boot?

Actually, this is a good point.

Configuration wise it doesn't make a difference but certificates that 
have been generated with MD5 should be renewed and that is probably most 
easy to do with a new installation from scratch.

Best,
-Michael

> 
> Tom

Re: Core 122 updates

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 930 bytes --]

On Thu, 2018-08-02 at 23:41 -0400, Tom Rymes wrote:
> 
> 
> On Aug 2, 2018, at 2:58 PM, Kienker, Fred <fkienker(a)at4b.com> wrote:
> 
> <snip>
> 
> > Michael’s posting on the website about maybe it is time for a “clean” reinstall is very much to the point. But this is very hard to do with these older systems. I’m not sure it is possible to install 122 then restore a backup from 120, but I may well be wrong.
> 
> Fred,
> 
> I’d advise against installing an older backup to a newer system if you can avoid it. Why not install 120 as a clean install, restore the backup, and then upgrade. Will the 120 clean install not have a larger /boot?

Actually, this is a good point.

Configuration wise it doesn't make a difference but certificates that
have been generated with MD5 should be renewed and that is probably
most easy to do with a new installation from scratch.

Best,
-Michael

> 
> Tom