6.3.0 install updates #696
Conversation
… make it more usable.
…adding network interface info.
…added the \ delimiter.
…" Merge branch '6.3.0-traffic-engineering' into 6.3.0-install-updates
… '6.3.0-traffic-engineering' into 6.3.0-release-documentation
There was a problem hiding this comment.
One thing I think we should add is the software access channel is now part of the datamodel. Apologies if I forgot to mention this earlier. Previously, in order to enable different repos like alpha, the customer would have to drop to the Linux shell and execute commands with install128t. Now this behavior is integrated into the product. There is an authority level configuration object:
config
authority
software-access
channel <prealpha|alpha|beta|release>
username <username>
token <token>
exit
exit
exit
Its important to note that upon upgrading the conductor to 6.3, the existing credentials on disk will be automatically added to the configuration and default to the release channel so the user will not have to take any action. If the user wishes to change the channel for the authority they can simply change it in the datamodel and the new channel will be enabled for all routers in the authority. There is also a router level override if the user wishes to enable a different channel for a single router. The user is able to use the same credentials as the authority object or override them as well:
config
authority
router
system
software-access
channel <prealpha|alpha|beta|release>
use-authority-credentials true
exit
exit
exit
exit
exit
Override authority credentials (probably a very uncommon use case):
config
authority
router
system
software-access
channel <prealpha|alpha|beta|release>
use-authority-credentials false
router-credentials
username <username>
token <token>
exit
exit
exit
exit
exit
exit
docs/intro_rollback.md
Outdated
| @@ -7,6 +7,10 @@ Occasionally you may want or need to revert to a previously running version of S | |||
|
|
|||
| ## Rollback Considerations | |||
|
|
|||
| With an upgrade or installation of SSR v6.3.0, conductor rollbacks are performed using the `request system software revert` command from the conductor's PCLI. On routers, it is recommended that upgrades and rollbacks are performed from the conductor's GUI. | |||
There was a problem hiding this comment.
On routers, it is recommended that upgrades and rollbacks are performed from the conductor's GUI.
This is correct however, the GUI only supports upgrades. The PCLI supports upgrades and reverts.
docs/intro_rollback.md
Outdated
| @@ -7,6 +7,10 @@ Occasionally you may want or need to revert to a previously running version of S | |||
|
|
|||
| ## Rollback Considerations | |||
|
|
|||
| With an upgrade or installation of SSR v6.3.0, conductor rollbacks are performed using the `request system software revert` command from the conductor's PCLI. On routers, it is recommended that upgrades and rollbacks are performed from the conductor's GUI. | |||
|
|
|||
| Rolling back earlier versions of the SSR software (conductor peer or router) with the interactive installer `install128t`, that is managed by a conductor may result in the system becoming unresponsive. It is highly recommended that rollbacks be performed through the conductor UI. Manual upgrades and rollbacks may not be resilient to failures. | |||
There was a problem hiding this comment.
Can we say that for 6.3 that using the interactive installer is no longer supported? The user should always use either the GUI or PCLI. Especially now that the PCLI supports self upgrades and rollbacks even when 128T is not running.
docs/intro_upgrade_considerations.md
Outdated
|
|
||
| ### Rollback Considerations | ||
| Upgrading or rolling back a system (conductor peer or router) with the interactive installer `install128t`, that is managed by a conductor may result in the system becoming unresponsive. It is highly recommended that upgrades be performed through the conductor UI. Manual upgrades and rollbacks may not be resilient to failures. See [Rolling Back Software](intro_rollback.md) for more information on these operations. | ||
| With an upgrade or installation of SSR v6.3.0, conductor rollbacks are performed using the `request system software revert` command from the conductor's pcli. On routers, it is recommended that upgrades and rollbacks are performed from the conductor's GUI. |
There was a problem hiding this comment.
Same comment as above. Only the PCLI supports upgrades and reverts, the GUI only supports upgrades.
docs/intro_upgrade_considerations.md
Outdated
| Upgrading or rolling back a system (conductor peer or router) with the interactive installer `install128t`, that is managed by a conductor may result in the system becoming unresponsive. It is highly recommended that upgrades be performed through the conductor UI. Manual upgrades and rollbacks may not be resilient to failures. See [Rolling Back Software](intro_rollback.md) for more information on these operations. | ||
| With an upgrade or installation of SSR v6.3.0, conductor rollbacks are performed using the `request system software revert` command from the conductor's pcli. On routers, it is recommended that upgrades and rollbacks are performed from the conductor's GUI. | ||
|
|
||
| Upgrading or rolling back earlier versions of the SSR software (conductor peer or router) with the interactive installer `install128t`, that is managed by a conductor may result in the system becoming unresponsive. It is highly recommended that upgrades be performed through the conductor UI. Manual upgrades and rollbacks may not be resilient to failures. See [Rolling Back Software](intro_rollback.md) for more information on these operations. |
There was a problem hiding this comment.
Same comment as above, can we say its not supported any longer?
|
|
||
| ### Upgrading Using the CLI | ||
|
|
||
| Use the `request system software upgrade` command and the associated arguments to perform upgrades. All of the upgrade features are available from the command line as well as the GUI. |
There was a problem hiding this comment.
We may want to mention that the PCLI is now capable of doing an HA sequenced self upgrade. So if the user is logged into an HA conductor and executes request system software upgrade router <conductor-router-name> then the default behavior is to perform a sequenced self upgrade of the conductor, one node at a time automatically. If the user prefers to manually upgrade each conductor node one at a time then they can target each node directly with request system software upgrade router <conductor-router-name> node <conductor-node-name> and wait for the first node to finish before moving onto the second.
docs/upgrade_ibu_conductor.md
Outdated
|
|
||
| * If an HA pair is discovered to have a mismatched software state (image-based and package-based) an Alarm is reported. The software state must be the same for both nodes. | ||
| * Failure of a router to complete the conversion generates a user visible event and records the reasons for the failure on the conductor. | ||
| * Router conversion success generates an event recording the transition on the conductor. |
There was a problem hiding this comment.
Router conversion success generates an event recording the transition on the conductor.
I don't think this is true
There was a problem hiding this comment.
I confirmed that this is not true. There will be an event on the router itself but not the conductor.
| * If an HA pair is discovered to have a mismatched software state (image-based and package-based) an Alarm is reported. The software state must be the same for both nodes. | ||
| * Failure of a router to complete the conversion generates a user visible event and records the reasons for the failure on the conductor. | ||
| * Router conversion success generates an event recording the transition on the conductor. | ||
| * The image-based and package-based status is visible in the `asset-status` in the GUI, and in the PCLI using `show assets`. |
There was a problem hiding this comment.
This is not true, the image-based vs package-based status is visible with show system version which can be targeted to routers from the conductor
There was a problem hiding this comment.
@Chr1st0ph3rTurn3r I decided to add this in, show assets will now show if the system is PBU or IBU
docs/upgrade_router.md
Outdated
|
|
||
| 1. Use the command `show assets` to list the devices managed by this conductor, and the software revision each asset is currently running. | ||
|
|
||
| 2. For a given asset, use the command `show asset [asset ID]` or `show asset software router [router name]` to view the available software upgrades for that asset. The list will be in the section labeled "Available for Download" at the end of the output. |
There was a problem hiding this comment.
This is no longer true, none of the show assets commands show available or downloaded software. The user must use show system software available router <router> node <node> or show system software download router <router> node <node>
docs/upgrade_router.md
Outdated
|
|
||
| 2. For a given asset, use the command `show asset [asset ID]` or `show asset software router [router name]` to view the available software upgrades for that asset. The list will be in the section labeled "Available for Download" at the end of the output. | ||
| :::note | ||
| If there are software releases absent from the list that you are confident should appear, use the command `send command yum-cache-refresh router [router name]` to refresh the software list. |
There was a problem hiding this comment.
The command send command yum-cache-refresh router [router name] is not longer relevant since the available and downloaded software is no longer cached on the conductor. The latest info is always retrieved on demand when show system software available router <router> node <node> or show system software download router <router> node <node> are executed.
docs/upgrade_router.md
Outdated
|
|
||
| 4. Once the download is complete, use the command `request system software upgrade router <rtr> node <node> version <image-version>` to initiate the upgrade process. View upgrade progress using `show system software upgrade router <rtr> node <node>` | ||
|
|
||
| In a high availability deployment, the conductor upgrades each router node sequentially to minimize/avoid downtime. For manual upgrades, intiating an upgrade on one HA node or router will automatically upgrade the second node/router. However, it is still recommended to perform upgrade activity during periods of low traffic or maintenance windows. |
There was a problem hiding this comment.
To clarify this a bit more, we give the user a little more flexibility now. If the user targets a router with the upgrade command request system software upgrade router <name> then both nodes will be upgraded sequentially. However, we also allow the user to target an individual node request system software upgrade router <name> node <name> which will only upgrade that node. The same behavior occurs if the conductor is targeting itself or a remote router. Its also the same behavior for reverts as well as upgrades.
| exit | ||
| exit | ||
| exit | ||
| exit |
There was a problem hiding this comment.
The repository does not have a nameandtruecan go on the same line asoffline-mode`:
config
authority
router
system
software-update
repository
offline-mode true
exit
exit
exit
exit
exit
exit
docs/upgrade_restricted_access.md
Outdated
|
|
||
| The `import iso` command is used to import packages contained within an SSR ISO onto a local repository, allowing the SSR to be upgraded without connecting to Juniper servers. When upgrading a conductor or when `offline-mode` is defined for a router, the ISO must be imported to the target conductor to perform the upgrade. | ||
|
|
||
| Use the [import iso](cli_reference.md#import-iso) command to specify the exact `filepath` to the ISO, or to specify `hunt` which searches the disk for a file that matches the pattern `128T*.iso` (except in the following directories `/boot`, `/dev`, `/proc`, and `/sys`). |
There was a problem hiding this comment.
The hunt command now imports anything matching the patterns 128T*.iso, SSR*.iso or SSR*.tar and any corresponding checksum and signature files.
Another thing that may be worth documenting is, when importing an SSR ISO we added some additional security and validation mechanisms where the ISO also needs to be imported with the checksum and signature files for the tarball contained within the ISO. This probably sounds confusing and we have a (hopefully) very obvious error message when the checksum and signature files are missing that the user needs to go download them as well. What is means is, if I was a user and I wanted to import this file:
SSR-6.3.0-58.r1.el7.x86_64.ibu-v1.iso
I would get an import error if I did not also download these two files to go with it and place them in the same directory (note the .tar and not .iso)
SSR-6.3.0-58.r1.el7.x86_64.ibu-v1.tar.sha256sum
SSR-6.3.0-58.r1.el7.x86_64.ibu-v1.tar.sha256sum.asc
This is unfortunate and actually a current limitation of our release pipeline that we hope to fix in the future so it wont be necessary to download these extra files and they will be included within the .iso file.
…entation' into 6.3.0-install-updates
|
One other thing I thought of is there is now a PCLI command for IBU systems to change the boot volume. The user can view the current boot volume with Then they can change the selected boot volume with: To reboot into the other volume they can use the new reboot PCLI command which I added for this purpose in 6.3: |
No description provided.