|
OpenBSD Installation and Upgrading Installing and upgrading OpenBSD. |
|
Thread Tools | Display Modes |
|
|||
Snapshot problem
A few hours ago I installed an OpenBSD snapshot in a Linux KVM . After installing it failed to generate an "isakmpd/iked RSA key"
The SSH host keys could not be generated because ssh-keygen could not load the libcrypto.so.30.3 And some other weird errors happened as can be seen in the screenshot: Because I could not figure out how to configure a serial console to the OpenBSD virtual guest on the Linux KVM Hypervisor and because I noticed a new snapshot got uploaded 45 minutes later, I did not report it to the misc mailing list. Code:
OpenBSD 5.6-current (GENERIC.MP) #572: Mon Nov 17 16:01:55 MST 2014 deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP Code:
1726 Nov 18 00:15:23 2014 SHA256-stockholm 1726 Nov 18 01:15:23 2014 SHA256-nluug 1726 Nov 18 02:01:24 2014 SHA256 Code:
SHA256 (install56.iso) = 68fc7642b0886a1ef573ba141e288a36af1424
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Thanks for this kind of post. I follow current on my laptop but, i'm gonna try to test the install from now on on a separate machine.
|
|
|||
I have never done an upgrade. "Real men" backup and reinstall or they use RAIC (Redundant Array of Inexpensive Computers) to follow current
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Hi again! Oh, and happy new year!
Sorry for adding another comment to the thread, but.. Do you recommend not upgrading this way? I don't mean to sound impolite but I'm just a user, not an expert like many of you in here. Currently i'm backing up my root partition daily with the /altroot method, just in case. I've had no issues for about 5 months; upgrading and then using sysmerge has never failed. |
|
||||
There's nothing wrong with testing a snapshot before deploying it -- in a virtual machine or on hardware.
I test snapshots on my personal workstation before deploying the same snapshot on any production platform. In the event of a problem -- and they can happen, snapshots are not guaranteed -- I can restore, or repair, and either wait for the next snapshot or build my own personal snapshot from source. [1] Snapshots are made by developers, and are created for a variety of reasons. On active architectures during some development phases snapshots can be produced several times in a single day. On less active architectures snapshots may be very infrequent. J65nko was caught by a library mismatch, from a snapshot built during an active library "bump". It can happen, but we -current users are much more likely to see library major/minor dependency issues arise with "snapshot packages", which are not built in sync with any published snapshots. The altroot facility is a fine way to backup your boot blocks and the root filesystem. But it is not a backup of your libraries (/usr/lib), nor of the programs which call them (/usr/bin, /usr/sbin, /usr/libexec...). Altroot would not provide any recovery from a similar error to the one J65nko experienced. It's a boot block and root filesystem backup facility only. I'm old fashioned, I use dump(8)/restore(8) for system backups, as well as offsite backup of select critical data [2]. Since the restore(8) program is included with the ramdisk kernel, it's a relatively [3] easy to do a bare metal restoration of a system. I just did one for one of my routers a couple of months ago. --- [1] Methods are detailed in both FAQ 5 and release(8). [2] I happen to use Colin Percival's Tarsnap service for select critical data. [3] Bare metal restores are only easy if the admin is comfortable with fdisk(8), disklabel(8), newfs(8), and installboot(8). |
|
|||
Your are very lucky then
Although I hardly run into issues like not having a functioning system, I would not recommend to upgrade an existing system without having a good verified backup. BTW I never upgrade a snapshot, I always reinstall a new one. I used to have 2 Pentium III systems as workstation. Then I did a fresh install on the box with the oldest snapshot. I called this RAIC (Redundant Array of Inexpensive Computers). That way I always had a working system. Nowadays I first do a test install of a new snapshot in a virtual machine under Linux KVM. The most common issue is a library version conflict. When you monitor the snapshots you will encounter an average of three snapshots a day of the base system. (except for holiday times). The X install sets are updated at a much lower schedule of once or twice a week. The building of the snapshot packages from the ports tree, depending on the architecture, takes much more time. So it is quite common that the binary snapshot packages are compiled using a base system and/or X Window libraries that are older than the latest snapshot. Then you encounter things like: Code:
Can't install libiconv-1.14p1 because of libraries |library c.77.3 not found Can't install gettext-0.19.3: can't resolve libiconv-1.14p1 | /usr/lib/libc.so.78.0 (system): bad major Can't install gettext-0.19.3: can't resolve libiconv-1.14p1 Can't install aspell-0.60.6.1p1: can't resolve libiconv-1.14p1,gettext-0.19.3 Can't install alpine-2.11p3: can't resolve aspell-0.60.6.1p1,gettext-0.19.3,libiconv-1.14p1 Can't install lynx-2.8.9pl1p0 because of libraries Can't install bzip2-1.0.6p1 because of libraries Can't install unzip-6.0p5 because of libraries Can't install xz-5.0.7 because of libraries Code:
Current date : 2015-01-01_05:12_UTC NOW date : 2014-12-31_21:10_UTC PREV date : 2014-12-31_03:17_UTC --------------- NOW ------------------------ 1903 Dec 30 20:31:51 2014 SHA256-stockholm 1903 Dec 30 20:31:51 2014 SHA256-eu3 1903 Dec 30 20:31:51 2014 SHA256-bitnl 1903 Dec 30 20:31:51 2014 SHA256 1903 Dec 30 21:31:51 2014 SHA256-nluug --------------- PREV ------------------- 1903 Dec 30 20:31:51 2014 SHA256-stockholm 1903 Dec 30 20:31:51 2014 SHA256-eu3 1903 Dec 30 20:31:51 2014 SHA256-bitnl 1903 Dec 30 20:31:51 2014 SHA256 1903 Dec 30 21:31:51 2014 SHA256-nluug --------------- X NOW ---------------------- 15187243 Dec 30 12:20 xbase56.tgz 39929798 Dec 30 12:21 xfont56.tgz 18917619 Dec 30 12:21 xserv56.tgz 4570423 Dec 30 12:21 xshare56.tgz --------------- X PREV ---------------------- 15187243 Dec 30 12:20 xbase56.tgz 39929798 Dec 30 12:21 xfont56.tgz 18917619 Dec 30 12:21 xserv56.tgz 4570423 Dec 30 12:21 xshare56.tgz --------------- PKG NOW -------------------- 86944279 Dec 29 04:09 0ad-0.0.17.tgz 720206249 Dec 29 04:09 0ad-data-0.0.17.tgz .... [snip] ............... 110123 Dec 29 04:30 zziplib-0.13.62.tgz 164903 Dec 29 04:30 zzuf-0.13p2.tgz --------------- PKG PREV -------------------- 86944279 Dec 29 04:09 0ad-0.0.17.tgz 720206249 Dec 29 04:09 0ad-data-0.0.17.tgz .... [snip] ............... 110123 Dec 29 04:30 zziplib-0.13.62.tgz 164903 Dec 29 04:30 zzuf-0.13p2.tgz
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
"RAIC" haha nice.
Thank you both for the replies. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
help to understand snapshot | fstef | OpenBSD Installation and Upgrading | 15 | 24th November 2013 02:39 PM |
OpenBSD i386 snapshot & PAE on VirtualBox | aleunix | OpenBSD Installation and Upgrading | 2 | 1st March 2012 06:44 PM |
Snapshot | majkelos | OpenBSD Installation and Upgrading | 4 | 21st October 2011 08:08 PM |
FreeBSD First batch of FreeBSD snapshot releases for 2010 | J65nko | News | 0 | 11th January 2010 05:17 PM |
Best way to upgrade from -release to snapshot | Carpetsmoker | OpenBSD General | 5 | 26th July 2009 08:51 PM |