SRX300 アップグレード

ネットワーク
この記事は1年以上前に書かれたものです。 情報が古い可能性があります。

ひさびさにアップグレード。

Juniper のサポートサイトからダウンロード。アップグレード方法は親切にダウンロードページに書いてくれている。

SRX にダウンロード
ここでは /var/tmp は以下に junos22.4r2.tgz というファイル名でダウンロード。

file copy "https://cdn.juniper.net/software/junos/22.4R2.8/junos-srxsme-22.4R2.8.tgz?SM~(略)~" /var/tmp/junos22.4r2.tgz

コンフィグなどバックアップを取りましょう。

アップグレード

request system software add /var/tmp/junos22.4r2.tgz reboot

reboot オプションをつけていれば 特に問題がなければ自動で再起動して新しいバージョンになる。
no-copy, no-validate オプションをつければもう少し早いはず。

JUNOS 22.1R1.10 -> 22.4R2.8 へのアップグレードで 約17分 で通信復旧。SRX300 は CPU がへぼいので時間かかる。

以下ログ。

naoki@TYO_SRX1> file copy "https://cdn.juniper.net/software/junos/22.4R2.8/junos-srxsme-22.4R2.8.tgz?SM~(略)~" /var/tmp/junos22.4r2.tgz
/var/home/naoki/...transferring.file.........n100% of  398 MB 1089 kBps 00m00s

naoki@TYO_SRX1> request system software add /var/tmp/
                                                         ^
'/var/tmp/' is ambiguous.
Possible completions:
  <[Enter]>            Execute this command
  <package-name>       URL or pathname of package
  /var/tmp/appidd_cust_app_trace  Size: 0, Last changed: Jun 02 2022
  /var/tmp/appidd_trace_debug  Size: 11960, Last changed: Jul 04 21:38:25
  /var/tmp/cleanup-pkgs.log  Size: 4635, Last changed: Jul 04 21:37:00
  /var/tmp/dyn_filterd_trace_debug  Size: 851, Last changed: Jul 04 21:38:13
  /var/tmp/ebmq_authd_vty  Last changed: Nov 19 2022
  /var/tmp/eedebug_bin_file  Size: 0, Last changed: Jul 04 21:38:04
  /var/tmp/gksdchk.log  Size: 34, Last changed: May 19 2022
  /var/tmp/gres-tp/    Last changed: May 19 2022
  /var/tmp/idp_license_info  Size: 4, Last changed: Jun 02 2022
  /var/tmp/install/    Last changed: May 19 2022
  /var/tmp/junos-srx1k3k-12.3X48-D105.4-domestic.tgz  Size: 276359204, Last changed: May 28 2022
  /var/tmp/junos-srxsme-22.1R1.10.tgz  Size: 414993564, Last changed: Jun 02 2022
  /var/tmp/junos22.4r2.tgz  Size: 418193747, Last changed: Nov 02 15:06:56
  /var/tmp/kmdchk.log  Size: 70, Last changed: Jul 04 21:35:27
  /var/tmp/krt_rpf_filter.txt  Size: 57, Last changed: Jul 04 21:39:04
  /var/tmp/mmcq_authd  Last changed: Nov 19 2022
  /var/tmp/mmcq_bbeStatsdGetCollector  Last changed: Nov 19 2022
  /var/tmp/mmcq_mmdb_rep_mmcq  Last changed: Jun 02 2022
  /var/tmp/nsd_restart  Size: 2, Last changed: Jul 04 21:39:28
  /var/tmp/pfe-limit   Size: 8, Last changed: Jul 04 21:40:34
  /var/tmp/pfe_debug_commands  Size: 111, Last changed: Jun 02 2022
  /var/tmp/phone-home/  Last changed: Jun 02 2022
  /var/tmp/pics/       Last changed: May 19 2022
  /var/tmp/policy_status  Size: 30, Last changed: Jul 04 21:40:28
  /var/tmp/rtsdb/      Last changed: May 19 2022
  /var/tmp/sd-upgrade/  Last changed: Jun 02 2022
  /var/tmp/sec-download/  Last changed: May 19 2022
  /var/tmp/spu_kmd_init  Size: 0, Last changed: May 19 2022
  /var/tmp/vi.recover/  Last changed: May 19 2022
  /var/tmp/vpn_tunnel_orig.id  Size: 0, Last changed: Jun 02 2022
naoki@TYO_SRX1> request system software add /var/tmp/junos22.4r2.tgz reboot ?
Possible completions:
  <[Enter]>            Execute this command
  best-effort-load     Load succeeds if at least one statement is valid
  delay-restart        Don't restart processes
  no-copy              Don't save copies of package files
  no-validate          Don't check compatibility with current configuration
  on-primary           Install image on primary partition while booted on secondary partition
  partition            Format and re-partition the media before installation
  unlink               Remove the package after successful installation
+ upgrade-with-config  Additional configs ('text/xml' format) to be applied on upgrade
  validate             Check compatibility with current configuration
  validate-on-host     Remote host or user@host for configuration validation
  validate-on-routing-engine  Routing engine for configuration validation
  |                    Pipe through a command
naoki@TYO_SRX1> request system software add /var/tmp/junos22.4r2.tgz reboot
NOTICE: Validating configuration against junos22.4r2.tgz.
NOTICE: Use the 'no-validate' option to skip this if desired.
Formatting alternate root (/dev/da0s2a)...
/dev/da0s2a: 2518.0MB (5156848 sectors) block size 16384, fragment size 2048
        using 14 cylinder groups of 183.62MB, 11752 blks, 23552 inodes.
super-block backups (for fsck -b #) at:
 32, 376096, 752160, 1128224, 1504288, 1880352, 2256416, 2632480, 3008544,
 3384608, 3760672, 4136736, 4512800, 4888864

saving package file in /var/sw/pkg ...
Checking compatibility with configuration
Initializing...
cp: /var/etc/extensions.allow: No such file or directory
cp: /var/db/certs/common/certification-authority/*: No such file or directory
Verified manifest signed by PackageProductionECP256_2022 method ECDSA256+SHA256
Using junos-22.4R2.8 from /altroot/cf/packages/install-tmp/junos-22.4R2.8
Copying package ...
veriexec: cannot update veriexec for /cf/var/validate/c/junos/usr/lib/slax/extensions/db/db_driver_sqlite.so: Too many links
Verified manifest signed by PackageProductionECP256_2023 method ECDSA256+SHA256
Hardware Database regeneration succeeded
Validating against /config/juniper.conf.gz
cp: /cf/var/validate/c/var/etc/lighttpd.addresses and /var/etc/lighttpd.addresses are identical (not copied).

UTM Daemon: <xnm:warning xmlns="http://xml.juniper.net/xnm/1.1/xnm" xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm">
UTM Daemon: <source-daemon>utmd</source-daemon>
UTM Daemon: <message>You must reboot the system for Web-Filtering's default mode to take effect.
UTM Daemon: </message>
UTM Daemon: </xnm:warning>
mgd: commit complete
Validation succeeded
Validating against /config/rescue.conf.gz
Network security daemon: <xnm:warning xmlns="http://xml.juniper.net/xnm/1.1/xnm" xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm">
Network security daemon: <source-daemon>nsd</source-daemon>
Network security daemon: <message>You have disabled inet6 flow.
Network security daemon: You must reboot the system for your change to take effect.
Network security daemon: If you have deployed a cluster, be sure to reboot all nodes.</message>
Network security daemon: </xnm:warning>
UTM Daemon: <xnm:warning xmlns="http://xml.juniper.net/xnm/1.1/xnm" xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm">
UTM Daemon: <source-daemon>utmd</source-daemon>
UTM Daemon: <message>You must reboot the system for Web-Filtering's default mode to take effect.
UTM Daemon: </message>
UTM Daemon: </xnm:warning>

mgd: commit complete
Validation succeeded

Installing package '/altroot/cf/packages/install-tmp/junos-22.4R2.8' ...
Verified junos-boot-srxsme-22.4R2.8.tgz signed by PackageProductionECP256_2023 method ECDSA256+SHA256
Verified junos-srxsme-22.4R2.8-domestic signed by PackageProductionECP256_2023 method ECDSA256+SHA256
Verified manifest signed by PackageProductionECP256_2023 method ECDSA256+SHA256
JUNOS 22.4R2.8 will become active at next reboot
Saving state for rollback ...
Rebooting ...
shutdown: [pid 84017]
Shutdown NOW!

*** FINAL System shutdown message from root@TYO_SRX1 ***

System going down IMMEDIATELY

naoki@TYO_SRX1>

~ 再ログイン ~

Last login: Thu Nov  2 14:55:00 2023 from 172.17.x.xx
--- JUNOS 22.4R2.8 built 2023-05-30 04:21:39 UTC

naoki@TYO_SRX1> show version
Hostname: TYO_SRX1
Model: srx300
Junos: 22.4R2.8
JUNOS Software Release [22.4R2.8]

コメント

タイトルとURLをコピーしました