Running the upgrade for packetfence from version 6.21 to 6.40 caused an issue during the process as freeradius failed to update.
dpkg: error processing package packetfence (--configure): dependency problems - leaving unconfigured Errors were encountered while processing: freeradius-ldap freeradius-mysql freeradius-rest freeradius-redis packetfence E: Sub-process /usr/bin/dpkg returned an error code (1)
This required a few changes to the freeradius install process to get it to work.
I could probably have downloaded the .deb and installed freeradius independently, but a few edits of the postinst scripts for the four failures saw it succeed.
Edit the four
.postinst files in
freeradius-redis.postinst and replace the force-reload with restart. Then just rerun the
apt-get upgrade process.
$ sudo vi /var/lib/dpkg/info/freeradius-[name].postinst
[ESC]:%s/force-reload/restart/g = Global search and replace
[ESC]:wq = Save and quit
Repeat the above for all four files then:
$ sudo apt-get dist-upgrade
PacketFence fails to start after the upgrade
This seems perfectly reasonable given the details in the UPGRADE guide says we need to carry out some schema updates. But when you use apt-get for the install it doesn’t seem to do this part for you.
$ sudo systemctl status packetfence -l ● packetfence.service - PacketFence Service Loaded: loaded (/lib/systemd/system/packetfence.service; enabled) Active: failed (Result: exit-code) since Wed 2017-01-18 08:39:30 GMT; 14min ago Process: 1439 ExecStart=/usr/local/pf/bin/pfcmd service pf start (code=exited, status=255) Jan 18 08:38:36 packetfence sudo: pam_unix(sudo:session): session closed for user root Jan 18 08:38:43 packetfence pfcmd: Smartmatch is experimental at /usr/local/pf/lib/pf/cluster.pm line 588. Jan 18 08:39:01 packetfence pfcmd: [Wed Jan 18 08:39:01 2017] pfappserver.pm: Cannot determine desired terminal width, using default of 80 columns Jan 18 08:39:19 packetfence pfcmd: httpd.admin|start Jan 18 08:39:19 packetfence pfcmd: Checking configuration sanity... Jan 18 08:39:28 packetfence pfcmd: FATAL - The PacketFence database schema version '6.2.0' does not match the current installed version '6.4.0' Jan 18 08:39:28 packetfence pfcmd: Please refer to the UPGRADE guide on how to complete an upgrade of PacketFence Jan 18 08:39:29 packetfence systemd: packetfence.service: control process exited, code=exited status=255 Jan 18 08:39:30 packetfence systemd: Failed to start PacketFence Service. Jan 18 08:39:30 packetfence systemd: Unit packetfence.service entered failed state.
So it would seem I need to take care of this myself. It’s easy enough, just run the sql scripts:
$ mysql -u root -p pf -v < /usr/local/pf/db/upgrade-6.2.0-6.3.0.sql $ mysql -u root -p pf -v < /usr/local/pf/db/upgrade-6.3.0-6.4.0.sql
radiusd Fails to Start
All looked well until I noticed the service status of radiusd. This refused to start and I couldn’t find anywhere that would tell me what was causing the failure. Checking log files returned no clues. A run of
pfcmd checkup revealed no issues with radius, so I was at a loss.
In the end I resorted to running
freeradius from the command line using debug options and seeing what failed.
$ sudo /usr/sbin/freeradius -d /usr/local/pf/raddb -Xx -f
This then showed the underlying issue being the path to the certificate files. Looks like the
%%install_dir%% doesn’t work anymore.
So I looked for everywhere it was used ad replaced it with the actual install path
/usr/local/pf. Some of this is generated from template files so make sure you get everything changed. That way when packetfence is restarted and the database writes the config to the files, the templates that it uses also carries the correct path.