New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
6.3.0 install updates #696
base: master
Are you sure you want to change the base?
Conversation
… make it more usable.
…adding network interface info.
…added the \ delimiter.
…" Merge branch '6.3.0-traffic-engineering' into 6.3.0-install-updates
… '6.3.0-traffic-engineering' into 6.3.0-release-documentation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One thing I think we should add is the software access channel is now part of the datamodel. Apologies if I forgot to mention this earlier. Previously, in order to enable different repos like alpha
, the customer would have to drop to the Linux shell and execute commands with install128t
. Now this behavior is integrated into the product. There is an authority level configuration object:
config
authority
software-access
channel <prealpha|alpha|beta|release>
username <username>
token <token>
exit
exit
exit
Its important to note that upon upgrading the conductor to 6.3, the existing credentials on disk will be automatically added to the configuration and default to the release
channel so the user will not have to take any action. If the user wishes to change the channel
for the authority they can simply change it in the datamodel and the new channel
will be enabled for all routers in the authority. There is also a router level override if the user wishes to enable a different channel for a single router. The user is able to use the same credentials as the authority object or override them as well:
config
authority
router
system
software-access
channel <prealpha|alpha|beta|release>
use-authority-credentials true
exit
exit
exit
exit
exit
Override authority credentials (probably a very uncommon use case):
config
authority
router
system
software-access
channel <prealpha|alpha|beta|release>
use-authority-credentials false
router-credentials
username <username>
token <token>
exit
exit
exit
exit
exit
exit
docs/intro_rollback.md
Outdated
@@ -7,6 +7,10 @@ Occasionally you may want or need to revert to a previously running version of S | |||
|
|||
## Rollback Considerations | |||
|
|||
With an upgrade or installation of SSR v6.3.0, conductor rollbacks are performed using the `request system software revert` command from the conductor's PCLI. On routers, it is recommended that upgrades and rollbacks are performed from the conductor's GUI. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On routers, it is recommended that upgrades and rollbacks are performed from the conductor's GUI.
This is correct however, the GUI only supports upgrades. The PCLI supports upgrades and reverts.
docs/intro_rollback.md
Outdated
@@ -7,6 +7,10 @@ Occasionally you may want or need to revert to a previously running version of S | |||
|
|||
## Rollback Considerations | |||
|
|||
With an upgrade or installation of SSR v6.3.0, conductor rollbacks are performed using the `request system software revert` command from the conductor's PCLI. On routers, it is recommended that upgrades and rollbacks are performed from the conductor's GUI. | |||
|
|||
Rolling back earlier versions of the SSR software (conductor peer or router) with the interactive installer `install128t`, that is managed by a conductor may result in the system becoming unresponsive. It is highly recommended that rollbacks be performed through the conductor UI. Manual upgrades and rollbacks may not be resilient to failures. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we say that for 6.3 that using the interactive installer is no longer supported? The user should always use either the GUI or PCLI. Especially now that the PCLI supports self upgrades and rollbacks even when 128T is not running.
docs/intro_upgrade_considerations.md
Outdated
|
||
### Rollback Considerations | ||
Upgrading or rolling back a system (conductor peer or router) with the interactive installer `install128t`, that is managed by a conductor may result in the system becoming unresponsive. It is highly recommended that upgrades be performed through the conductor UI. Manual upgrades and rollbacks may not be resilient to failures. See [Rolling Back Software](intro_rollback.md) for more information on these operations. | ||
With an upgrade or installation of SSR v6.3.0, conductor rollbacks are performed using the `request system software revert` command from the conductor's pcli. On routers, it is recommended that upgrades and rollbacks are performed from the conductor's GUI. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same comment as above. Only the PCLI supports upgrades and reverts, the GUI only supports upgrades.
docs/intro_upgrade_considerations.md
Outdated
Upgrading or rolling back a system (conductor peer or router) with the interactive installer `install128t`, that is managed by a conductor may result in the system becoming unresponsive. It is highly recommended that upgrades be performed through the conductor UI. Manual upgrades and rollbacks may not be resilient to failures. See [Rolling Back Software](intro_rollback.md) for more information on these operations. | ||
With an upgrade or installation of SSR v6.3.0, conductor rollbacks are performed using the `request system software revert` command from the conductor's pcli. On routers, it is recommended that upgrades and rollbacks are performed from the conductor's GUI. | ||
|
||
Upgrading or rolling back earlier versions of the SSR software (conductor peer or router) with the interactive installer `install128t`, that is managed by a conductor may result in the system becoming unresponsive. It is highly recommended that upgrades be performed through the conductor UI. Manual upgrades and rollbacks may not be resilient to failures. See [Rolling Back Software](intro_rollback.md) for more information on these operations. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same comment as above, can we say its not supported any longer?
|
||
### Upgrading Using the CLI | ||
|
||
Use the `request system software upgrade` command and the associated arguments to perform upgrades. All of the upgrade features are available from the command line as well as the GUI. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We may want to mention that the PCLI is now capable of doing an HA sequenced self upgrade. So if the user is logged into an HA conductor and executes request system software upgrade router <conductor-router-name>
then the default behavior is to perform a sequenced self upgrade of the conductor, one node at a time automatically. If the user prefers to manually upgrade each conductor node one at a time then they can target each node directly with request system software upgrade router <conductor-router-name> node <conductor-node-name>
and wait for the first node to finish before moving onto the second.
docs/upgrade_ibu_conductor.md
Outdated
|
||
* If an HA pair is discovered to have a mismatched software state (image-based and package-based) an Alarm is reported. The software state must be the same for both nodes. | ||
* Failure of a router to complete the conversion generates a user visible event and records the reasons for the failure on the conductor. | ||
* Router conversion success generates an event recording the transition on the conductor. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Router conversion success generates an event recording the transition on the conductor.
I don't think this is true
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I confirmed that this is not true. There will be an event on the router itself but not the conductor.
* If an HA pair is discovered to have a mismatched software state (image-based and package-based) an Alarm is reported. The software state must be the same for both nodes. | ||
* Failure of a router to complete the conversion generates a user visible event and records the reasons for the failure on the conductor. | ||
* Router conversion success generates an event recording the transition on the conductor. | ||
* The image-based and package-based status is visible in the `asset-status` in the GUI, and in the PCLI using `show assets`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not true, the image-based vs package-based status is visible with show system version
which can be targeted to routers from the conductor
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Chr1st0ph3rTurn3r I decided to add this in, show assets
will now show if the system is PBU or IBU
docs/upgrade_router.md
Outdated
|
||
1. Use the command `show assets` to list the devices managed by this conductor, and the software revision each asset is currently running. | ||
|
||
2. For a given asset, use the command `show asset [asset ID]` or `show asset software router [router name]` to view the available software upgrades for that asset. The list will be in the section labeled "Available for Download" at the end of the output. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is no longer true, none of the show assets
commands show available or downloaded software. The user must use show system software available router <router> node <node>
or show system software download router <router> node <node>
docs/upgrade_router.md
Outdated
|
||
2. For a given asset, use the command `show asset [asset ID]` or `show asset software router [router name]` to view the available software upgrades for that asset. The list will be in the section labeled "Available for Download" at the end of the output. | ||
:::note | ||
If there are software releases absent from the list that you are confident should appear, use the command `send command yum-cache-refresh router [router name]` to refresh the software list. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The command send command yum-cache-refresh router [router name]
is not longer relevant since the available and downloaded software is no longer cached on the conductor. The latest info is always retrieved on demand when show system software available router <router> node <node>
or show system software download router <router> node <node>
are executed.
docs/upgrade_router.md
Outdated
|
||
4. Once the download is complete, use the command `request system software upgrade router <rtr> node <node> version <image-version>` to initiate the upgrade process. View upgrade progress using `show system software upgrade router <rtr> node <node>` | ||
|
||
In a high availability deployment, the conductor upgrades each router node sequentially to minimize/avoid downtime. For manual upgrades, intiating an upgrade on one HA node or router will automatically upgrade the second node/router. However, it is still recommended to perform upgrade activity during periods of low traffic or maintenance windows. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To clarify this a bit more, we give the user a little more flexibility now. If the user targets a router with the upgrade command request system software upgrade router <name>
then both nodes will be upgraded sequentially. However, we also allow the user to target an individual node request system software upgrade router <name> node <name>
which will only upgrade that node. The same behavior occurs if the conductor is targeting itself or a remote router. Its also the same behavior for reverts as well as upgrades.
exit | ||
exit | ||
exit | ||
exit |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The repository
does not have a nameand
truecan go on the same line as
offline-mode`:
config
authority
router
system
software-update
repository
offline-mode true
exit
exit
exit
exit
exit
exit
docs/upgrade_restricted_access.md
Outdated
|
||
The `import iso` command is used to import packages contained within an SSR ISO onto a local repository, allowing the SSR to be upgraded without connecting to Juniper servers. When upgrading a conductor or when `offline-mode` is defined for a router, the ISO must be imported to the target conductor to perform the upgrade. | ||
|
||
Use the [import iso](cli_reference.md#import-iso) command to specify the exact `filepath` to the ISO, or to specify `hunt` which searches the disk for a file that matches the pattern `128T*.iso` (except in the following directories `/boot`, `/dev`, `/proc`, and `/sys`). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The hunt
command now imports anything matching the patterns 128T*.iso
, SSR*.iso
or SSR*.tar
and any corresponding checksum and signature files.
Another thing that may be worth documenting is, when importing an SSR ISO we added some additional security and validation mechanisms where the ISO also needs to be imported with the checksum and signature files for the tarball contained within the ISO. This probably sounds confusing and we have a (hopefully) very obvious error message when the checksum and signature files are missing that the user needs to go download them as well. What is means is, if I was a user and I wanted to import this file:
SSR-6.3.0-58.r1.el7.x86_64.ibu-v1.iso
I would get an import error if I did not also download these two files to go with it and place them in the same directory (note the .tar
and not .iso
)
SSR-6.3.0-58.r1.el7.x86_64.ibu-v1.tar.sha256sum
SSR-6.3.0-58.r1.el7.x86_64.ibu-v1.tar.sha256sum.asc
This is unfortunate and actually a current limitation of our release pipeline that we hope to fix in the future so it wont be necessary to download these extra files and they will be included within the .iso
file.
…entation' into 6.3.0-install-updates
One other thing I thought of is there is now a PCLI command for IBU systems to change the boot volume. The user can view the current boot volume with
Then they can change the selected boot volume with:
To reboot into the other volume they can use the new reboot PCLI command which I added for this purpose in 6.3:
|
No description provided.