On 5/28/2012 6:27 AM, Derek Wuelfrath wrote:
Barry,
On 5/25/12 17:09 , Barry Quiel wrote:
On 5/22/2012 6:05 AM, Derek Wuelfrath wrote:
Hi Barry
On 5/21/12 17:25 , Barry Quiel wrote:
I'm trying to upgrade my CentOS 6 box from 3.1.0 to 3.3.2 using packages
from packetfence.org.
Going through the UPGRADE doc I apply 2 database schema updates do a yum
reinstall packetfence-freeradius2. I then run install.pl. Everything
to this point is fine. When I run configurator.pl it recognizes that
its an upgrade, but at the end it spits out an empty pf.conf and
networks.conf.
After an upgrade process, it is not mandatory to use installer.pl
neither configurator.pl.
Every changes that need to be taken care of are well documented in
the UPGRADE document.
It's usually consist of a few database schema updates,
new/removed/modified config parameters.
We no longer maintain the configurator.pl script for the upgrade
process. We are currently working on a new web-based
installer/configurator
that will handle upgrade processes.
You're right there is no mention of running configurator.pl in the
UPGRADE doc. But there is mention of it when you add the rpm. The
thing I would suggest here is to remove the output from the rpm to
eliminate the confusion. In my case I tried to do both, the
directions in the UPGRADE doc and the directions from the output of
installing the RPM
Yes it is a generic message at the end of the rpm install (in case of
first install...) but since we're currently working on a totally new
configurator, we won't change anything there.
A search for "empty pf.conf" on the mail archives comes back with nothing.
A search for "empty pf.conf" on the bug tracker comes back with #579
which looks unrelated.
Even if I remove pf.conf and networks.conf to make configurator.pl think
it is a new install and not an upgrade it still creates empty files.
Any assistance would be greatly appreciated.
What I can suggest you would be to use the old config files (the
ones before you use the configurator.pl script).
If you didn't backup those, the script should have done this for
you. You should have pf.conf.old and networks.conf.old.
Remove the .old extensions and make sure you go through the UPGRADE
document to apply the correct changes.
Don't hesitate to reply in case of any other problems.
Thanks!
Well, I'm glad you asked I am having a bit if an issue. This was a
working ( although limited since not fully deployed ) 3.1.0 box. Now
when I try to start pf I get the following:
Starting PacketFence...Checking configuration sanity...
Use of uninitialized value $net{"named"} in pattern match (m//) at
/usr/local/pf/lib/pf/pfcmd/checkup.pm line 362.
Use of uninitialized value $net{"dhcpd"} in pattern match (m//) at
/usr/local/pf/lib/pf/pfcmd/checkup.pm line 369.
FATAL - please define exactly one management interface
FATAL - internal network(s) not defined!
So I went and looked at the networks defined in network.conf and
interfaces defined in pf.conf. Everything seems right. I couldn't
find any notes on changes to the configuration, so I'm not really
sure whats wrong. From my perspective it was working, there were no
changes in the configuration requirements, and now it doesn't work.
I tried commenting out in various combinations the interface and
network definitions so I could at least get pf to start. I figured
then I could get into the admin web interface and configure the
networks and interfaces. I thought it might re-write those files and
make the problem go away. That plan failed.
Here is the contents of the networks.conf:
[192.168.20.0]
type=vlan-registration
netmask=255.255.255.0
gateway=192.168.20.1
next_hop=
named=enabled
dns=192.168.20.1
domain-name=registration.chico.sungardps.lcl
dhcpd=enabled
dhcp_start=192.168.20.20
dhcp_end=192.168.20.250
dhcp_default_lease_time=20
dhcp_max_lease_time=20
[192.168.11.0]
type=internal
netmask=255.255.255.0
gateway=192.168.11.1
dns=10.247.161.100,10.247.161.101
domain-name=chico.sungardps.lcl
dhcpd=disabled
named=disabled
And the what I believe to be the relevant piece of pf.conf :
[interface eth0]
ip=192.168.11.50
mask=255.255.255.0
gateway=192.168.11.1
type=management
[interface eth1]
ip=192.168.20.1
mask=255.255.255.0
gateway=192.168.20.1
type=internal
enforcement=vlan
As you can see I do have a management interface defined and an
internal network defined. So I scratch my head. I wonder if there
is some other parsing error ( maybe a typo on my part, although I
haven't made any changes and this was a working 3.1.0 config ) in
checkup.pm
Do you mind on sending me both pf.conf and networks.conf.
Thanks!
I have attached the conf files.
[192.168.20.0]
type=vlan-registration
netmask=255.255.255.0
gateway=192.168.20.1
next_hop=
named=enabled
dns=192.168.20.1
domain-name=registration.chico.sungardps.lcl
dhcpd=enabled
dhcp_start=192.168.20.20
dhcp_end=192.168.20.250
dhcp_default_lease_time=20
dhcp_max_lease_time=20
[192.168.11.0]
type=internal
netmask=255.255.255.0
gateway=192.168.11.1
dns=10.247.161.100,10.247.161.101
domain-name=chico.sungardps.lcl
dhcpd=disabled
named=disabled
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=chico.sungardps.lcl
timezone=America/Los_Angeles
[trapping]
#
# trapping.range
#
# Comma-delimited list of address ranges/CIDR blocks that PacketFence will
monitor/detect/trap on. Gateway, network, and
# broadcast addresses are ignored.
range=192.168.20.0/24
#
# trapping.registration
#
# If enabled, nodes will be required to register on first network access.
Further registration options are configured in the
# registration section.
registration=enabled
[registration]
#
# registration.auth
#
# Method by which registering nodes will be authenticated. Templates for LDAP,
RADIUS, Kerberos, local and guests are
# available at <conf_dir>/authentication. If you wish to use a different
authentication mechanism, simply create
# a file called <conf_dir>/authentication/<authname>.pm, fill it with the
necessary data, and set
# auth=<authname>. The default value, local, relies on a local access file in
<conf_dir>/user.conf.
auth=ldap
expire_mode=window
expire_window=24h
[alerting]
#
# alerting.emailaddr
#
# Email address to which notifications of rogue DHCP servers, violations with
an action of "email", or any other
# PacketFence-related message goes to.
emailaddr=<removed>
fromaddr=<removed>
smtpserver=<removed>
#
[database]
#
# database.pass
#
# Password for the mysql database used by PacketFence.
pass=<removed>
[servicewatch]
#
# servicewatch.restart
#
# should pfcmd service pf watch restart PF if services are not running
restart=enabled
[vlan]
closelocationlogonstop=enabled
[expire]
node=240h
[interface eth0]
ip=192.168.11.50
mask=255.255.255.0
gateway=192.168.11.1
type=management
[interface eth1]
ip=192.168.20.1
mask=255.255.255.0
gateway=192.168.20.1
type=internal
enforcement=vlan
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
