Dear Mr. Matthies, thank you very much. We had the same issue on PF 11.2 and were not able to upgrade to 12.0. This workaround saved a lot of time, really thank you!
Best Regards Michael Von: Matthies, Heiko via PacketFence-users <packetfence-users@lists.sourceforge.net> Gesendet: Freitag, 21. Oktober 2022 15:35 An: packetfence-users@lists.sourceforge.net Cc: Matthies, Heiko <heiko.matth...@asap.de> Betreff: Re: [PacketFence-users] Upgrade-Script breaks system Hello all, I fixed this problem myself but I decided to post the solution in case someone stumbles upon the same problem: This issue comes from the process of reconfiguring the iptables ruleset while upgrading to packetfence 12. Something breaks the system so hard that you cant even ping 127.0.0.1 anymore. The solution for this is fairly simple: * Connect to the machine via a virtual console (not ssh, because you are about to loose the connection while uprading) * BEFORE upgrading, backup the iptables config using the following command: iptables-save > iptables.txt * Start the upgrade using: /usr/local/pf/addons/upgrade/do-upgrade.sh * At some point, the update stalls with the error below * Switch to a second terminal using CTRL + ALT + F2 * Convert the saved iptables-config to nft: iptables-restore-translate -f iptables.txt > ruleset.nft * Import the nft ruleset: nft -f ruleset * Switch back to the first terminal: CTRL + ALT + F1 * The update process instantly continues * Reboot the machine after upgrading I dont know if this behavior is a bug, but I think I will file an github issue. Kind Regards, Heiko Matthies [cid:image001.png@01D8E648.AE8141D0] [cid:image002.jpg@01D8E648.AE8141D0]<https://www.asap.de/newsroom/presse-detail/asap-gruppe-zaehlt-erneut-zu-bayerns-best-50> ASAP Engineering GmbH Sachsstraße 1A | 85080 Gaimersheim Tel. +49 8458 3389 252<tel:+49%208458%203389%20252> | Fax. +49 (8458) 3389 399<fax:+49%20(8458)%203389%20399> heiko.matth...@asap.de<mailto:heiko.matth...@asap.de> | www.asap.de<http://www.asap.de> Geschäftsführer: Michael Neisen, Robert Werner, Christian Schweiger | Sitz der Gesellschaft: Gaimersheim | Amtsgericht: Ingolstadt HRB 5408 Datenschutz: Ausführliche Informationen zum Umgang mit Ihren personenbezogenen Daten bei ASAP erhalten Sie auf unserer Website unter Datenschutz.<http://www.asap.de/datenschutz/> Von: Matthies, Heiko <heiko.matth...@asap.de> Gesendet: Montag, 10. Oktober 2022 12:27 An: packetfence-users@lists.sourceforge.net Betreff: Upgrade-Script breaks system Hello, I wanted to upgrade my Packetfence 11.1 instance to 12.0 using the recommended steps from the upgrade-guide: 31.3. Full upgrade (for PacketFence versions 11.1.0 and later) Run following script to perform a full upgrade: /usr/local/pf/addons/upgrade/do-upgrade.sh This procedure worked fine in my lab-environment, but failed in the production instance (both are installed using Packetfence ZEN). I receive the following error after a while: "chain DOCKER in table filter is incompatible, use 'nft' instead" I suppose that's the step where the necessary iptables rules are inserted but after the error, the chain remains empty and the following attempts, to connect to the config service time out. Is this a known issue? I found nothing in the github issues... Thank you in advance! Kind regards, Heiko Matthies
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
