packetfence
packetfence copied to clipboard
inverse-inc
Unclear process for how to do a Cluster X.Y.PATCH Update
Describe the bug Within the documentation set for Packetfence V12 it is not clear on how to manage a patch update on a clustered environment.
Reference Sections we have reviewed. https://www.packetfence.org/doc/PacketFence_Upgrade_Guide.html#_upgrade_to_a_patch_version_x_y_patch
https://www.packetfence.org/doc/PacketFence_Upgrade_Guide.html#_clustered_environment_specific_procedure
https://www.packetfence.org/doc/PacketFence_Clustering_Guide.html#_performing_an_upgrade_on_a_cluster
Expected A clear and concise description of what actions and order you need to take to update a Cluster to the latest maintenance patch level.
Additional context Add any other context about the problem here.
Hello, I agree that we need to adjust this.
Short answer: you need to follow https://www.packetfence.org/doc/PacketFence_Upgrade_Guide.html#_upgrade_to_a_patch_version_x_y_patch if you want to get patch updates.
Could this process be added to the GUI in near future? This would allow Packetfence administrators to update patches in automated way.
@nqb @julsemaan
Whilst doing the patches today I realised I had not mentioned something about the PATCH process.
In this section https://www.packetfence.org/doc/PacketFence_Upgrade_Guide.html#_restart_packetfence_services
You ask the user to do the following:
/usr/local/pf/bin/pfcmd pfconfig clear_backend /usr/local/pf/bin/pfcmd configreload hard /usr/local/pf/bin/pfcmd service pf restart
When running the /usr/local/pf/bin/pfcmd configreload hard command in our environment on all members of the cluster we receive a barrarge of this type of message
/usr/local/pf/bin/pfcmd configreload hard Could not write namespace resource::cluster_servers() to L2 cache ! Could not write namespace resource::unified_api_system_user() to L2 cache ! Could not write namespace config::Cluster(DEFAULT) to L2 cache ! Could not write namespace config::PfDefault() to L2 cache ! Could not write namespace config::Documentation() to L2 cache ! Could not write namespace interfaces() to L2 cache ! Could not write namespace interfaces::management_network() to L2 cache ! Could not write namespace resource::local_secret() to L2 cache ! Could not write namespace config::Network() to L2 cache ! Could not write namespace config::Pf() to L2 cache ! Could not write namespace config::Switch() to L2 cache ! Could not write namespace config::Authentication() to L2 cache ! Could not write namespace config::Domain() to L2 cache ! Could not write namespace config::EAP() to L2 cache ! Could not write namespace config::Fast() to L2 cache ! Could not write namespace config::Ssl() to L2 cache ! Could not write namespace config::Ocsp() to L2 cache ! Could not write namespace config::TLS() to L2 cache ! Could not write namespace resource::authentication_sources() to L2 cache ! Could not write namespace config::Provisioning() to L2 cache ! Could not write namespace resource::fqdn() to L2 cache ! Could not write namespace config::Roles() to L2 cache ! Could not write namespace config::AdminRoles() to L2 cache ! Could not write namespace resource::RolesReverseLookup() to L2 cache ! Could not write namespace config::Authentication() to L2 cache ! Could not write namespace resource::authentication_config_hash() to L2 cache ! Could not write namespace resource::authentication_lookup() to L2 cache ! Could not write namespace resource::authentication_sources() to L2 cache ! Could not write namespace resource::passthroughs() to L2 cache ! Could not write namespace resource::authentication_sources_monitored() to L2 cache ! Could not write namespace config::Profiles() to L2 cache ! Could not write namespace resource::guest_self_registration() to L2 cache ! Could not write namespace resource::authentication_sources_azuread() to L2 cache ! Could not write namespace resource::authentication_sources_ldap() to L2 cache ! Could not write namespace resource::passthroughs() to L2 cache ! Could not write namespace resource::authentication_sources_radius() to L2 cache ! Could not write namespace resource::passthroughs() to L2 cache ! Could not write namespace resource::RolesReverseLookup() to L2 cache ! Could not write namespace config::BillingTiers() to L2 cache ! Could not write namespace resource::RolesReverseLookup() to L2 cache !
After we then run /usr/local/pf/bin/pfcmd service pf restart to make the member function correctly we always need to run again the /usr/local/pf/bin/pfcmd configreload hard command.
Is then the order correct in the document? Sorry for not mentioning this before you published this.
Oh and it also is called at once during the upgrade resulting in the same messages.
Hello @RHDHV-simon-sutcliffe,
What do you mean by: "to make the member function correctly" ?
What is the behavior of your member before you run again /usr/local/pf/bin/pfcmd configreload hard ?
@nqb What we see it the web interface is all up and functioning. However, we found the endpoints cannot authenticate via TLS webredirect etc Running the /usr/local/pf/bin/pfcmd configreload hard on each node solves the issue.
I also notice that the patch of this morning only made it to 0d0810c7cbed817f72a8694f6497cbf6580acef9 Is the daily Maint build process having challenges still?
Hello @RHDHV-simon-sutcliffe,
Oh and it also is called at once during the upgrade resulting in the same messages.
We only run /usr/local/pf/bin/pfcmd configreload (without hard argument) during packaging upgrade.
Regarding issue you have, I don't think it's related.
@julsemaan can confirm but for me, purpose of configreload hard is to re-read all configuration files and notify pfconfig.
There aren't anymore differences between a configreload with or without hard so I doubt this fixed anything
