Build internal repo to upgrade from 9.3-stable to 11.1-u7

[fds09w4jih4r]

For reasons beyond our control, the 9.3 refuses to work with our internal proxy servers for update checking. I've some manual update methods without much luck. So it seems like using an internal repo to update would be best. Any ideas or guidance on how to make an internal repo of 11.1u7 and point our freenas servers to it? Servers on 11.1 already update fine, so no changes needed there. Thanks...!

 

[danb35]

Not a direct answer, but you really should be able to just boot from a 11.1 ISO and do the upgrade that way.

 

[fds09w4jih4r]

Yup, that works! Only 69 more servers to go in one site alone...

 

[danb35]

Yeah, that would be a good reason to want a local mirror. I'm afraid I don't have a better answer though.

 

[fds09w4jih4r]

We may have to revisit that manual shell upgrade..... But I spent a bunch of time hacking away and couldn't get it to work properly... Seems at one point manual update was removed and then added back in again.. So unsure if 9.3-stable is able to update via shell or not... We could automate the copying of the file and then kick the update and reboot as needed after...

 

[Yorick]

So, naively - could you:
- Copy the contents of http://update.freenas.org/FreeNAS/ to a local server
- Instruct your DNS (the one your FreeNAS boxen use, presumably internal / under your control) to lie and point them towards that server for update.freenas.org?

Alternatively you may be able to do a /etc/hosts entry on FreeNAS temporarily to make sure it uses that server, if you don’t want to muck with DNS. Probably a good idea at any rate on at least one box before mucking with DNS, to make sure your repo clone works.

And then back out the DNS change once update has been done.

 

[fds09w4jih4r]

Interesting idea... While we don't have control over the wider company DNS, we could either spin our own and script adding that into freenas or just modify all the /etc/hosts temporarily, run the update from shell and reboot as needed after... all by script...

I'll do some R&D around this idea...

 

[Johnny Fartpants]

Have you tried copying the FreeNAS-11.1-U7-manual-update.tar file to /var/tmp/ and then run "freenas-update FreeNAS-11.1-U7.tar" and after it finishes reboot?

 

[fds09w4jih4r]

I did play a bunch with a version of 9.x which refused to update when I was trying that... I'm going to revisit that option since it seems the simplest...

 

[fds09w4jih4r]

Have you tried copying the FreeNAS-11.1-U7-manual-update.tar file to /var/tmp/ and then run "freenas-update FreeNAS-11.1-U7.tar" and after it finishes reboot?

Seems that syntax doesn't work, this was my problem before I think...

I tried:

freenas-update FreeNAS-11.1-U7.tar
freenas-update update FreeNAS-11.1-U7.tar
freenas-update FreeNAS-11.1-U7.tar update

No go...

 

[Johnny Fartpants]

That's a shame. Works fine in vers11 so must be a 9.3 thing.

I guess you've tried "freenas-update -v update" although given your proxy server issue I doubt this will work.

 

[Johnny Fartpants]

freenas-update FreeNAS-11.1-U7.tar

This is the correct one

 

[Yorick]

If that DNS trickery works, by the way, it’s a good argument for putting freenas.org on DNSSEC. DNS hijacking is a thing and, while useful in this case, shouldn’t be able to succeed. That’s a way to introduce malicious code to FreeNAS users. The /etc/hosts override would still work even with DNSSEC as far as I understand it.

 

[fds09w4jih4r]

Yeah, that's a good tip/idea... It would be an ideal thing to hijack if I may be honest.. Introduce some nice code which could start wiping people's stuff out... Scary stuff...

 

[danb35]

...which is why the updates are cryptographically signed.

 

[fds09w4jih4r]

So, naively - could you:
- Copy the contents of http://update.freenas.org/FreeNAS/ to a local server
- Instruct your DNS (the one your FreeNAS boxen use, presumably internal / under your control) to lie and point them towards that server for update.freenas.org?

Alternatively you may be able to do a /etc/hosts entry on FreeNAS temporarily to make sure it uses that server, if you don’t want to muck with DNS. Probably a good idea at any rate on at least one box before mucking with DNS, to make sure your repo clone works.

And then back out the DNS change once update has been done.

Any suggestion on how to easily make a repo of http://update.freenas.org/FreeNAS/ on my local lab storage node..? Downloading one by one on a browser isn't viable.. Is this repo available in FTP perhaps?

 

[Yorick]

A script and wget?

 

[fds09w4jih4r]

Yeah, I figured.. Found this and building repo now:

https://www.linuxjournal.com/content/downloading-entire-web-site-wget

 

[fds09w4jih4r]

There is more then meets the eye here:

[root@n32c01nas008] /# freenas-update -v check
TryGetNetworkFile([u'http://update-master.freenas.org/FreeNAS/FreeNAS-9.3-STABLE/LATEST'])
TryGetNetworkFile([u'http://update-master.freenas.org/FreeNAS/FreeNAS-9.3-STABLE/LATEST']): Read 8325 bytes total
TryGetNetworkFile(['https://web.ixsystems.com/updates/ix_crl.pem'])
Unable to load https://web.ixsystems.com/updates/ix_crl.pem: <urlopen error [Errno 60] Operation timed out>
Unable to load ['https://web.ixsystems.com/updates/ix_crl.pem']: <urlopen error [Errno 60] Operation timed out>
<urlopen error [Errno 60] Operation timed out>
Received exception during download phase, cannot update

So I need to play more and different DNS tricks...

 

[fds09w4jih4r]

Ok so my issue isn't the company proxy but rather that https://web.ixsystems.com/updates/ix_crl.pem is broken for everyone in the world.... who can fix that.. ? :)