Archive

Posts Tagged ‘update’

Upgrading FreeBSD 9.2 to 10.1 fails

November 28th, 2014 Comments off

The other day I was upgrading an old FreeBSD 9.2 node to the recently released FreeBSD 10.1. This is a rather easy task, thanks to the freebsd-update(8) utility. Well, this time it failed while trying to update the userland components:

# freebsd-update install
Installing updates…ln: ///usr/lib/private/libheimipcc.so: No such file or directory
install: ///usr/lib/private/libheimipcc.so.11: No such file or directory
ln: ///usr/lib/private/libheimipcs.so: No such file or directory
install: ///usr/lib/private/libheimipcs.so.11: No such file or directory
ln: ///usr/lib/private/libldns.so: No such file or directory
install: ///usr/lib/private/libldns.so.5: No such file or directory
ln: ///usr/lib/private/libssh.so: No such file or directory
install: ///usr/lib/private/libssh.so.5: No such file or directory
ln: ///usr/lib/private/libucl.so: No such file or directory
install: ///usr/lib/private/libucl.so.1: No such file or directory
ln: ///usr/lib/private/libunbound.so: No such file or directory
install: ///usr/lib/private/libunbound.so.5: No such file or directory
ln: ///usr/lib/private/libyaml.so: No such file or directory
install: ///usr/lib/private/libyaml.so.1: No such file or directory

Actually it didn’t really “fail”. Besides these obvious errors it still exited with code 0. But some libraries which are required by sshd and pkg were missing. The reason for this failure is rather simple: The directory /usr/lib/private is missing from FreeBSD 9.2, but freebsd-update assumes that this directory already exists. Unfortunately this directory wasn’t introduced until FreeBSD 9.3.

A quick fix is to create the missing directory prior to running freebsd-update. I guess more people will come across this issue since FreeBSD 9.2 is nearing it’s end-of-life date.

Categories: [EN] Tech Tags: , , ,

Automatically update pfSense firewalls (with puppet)

July 14th, 2014 Comments off

Updating pfSense firewalls is easy and stable thanks to its proven upgrade mechanisms. So why should I use the WebGUI to update every pfSense firewall manually? If you have multiple pfSense firewalls and a working test environment, there is no reason to avoid automatic updates.

I’ve extracted a portion of the pfSense firmware upgrade code and put together a small PHP script. This makes it possible to automatically update pfSense. In combination with puppet you need just one line to enable automatic updates:

class { 'pfsense_autoupdate': }

Now your pfSense firewall will check hourly for new versions and install it (almost) instantly. If you want more control you can specify any of the optional parameters:

class { 'pfsense_autoupdate':
  major_updates => false,
  update_hours => ['22-23', '2-4', 6],
  update_weekdays => ['6-7'],
  random_sleep => false,
  firmware_url => 'http://example.com/pfsense/firmware/',
  sig_verification => false,
  quiet => true,
}

You may download the PHP script and puppet module from puppet forge. Additionally you may want to check out the project page on github. Note that you need the puppet agent for pfSense and my pfSense provider collection for this to work.

css.php