Upgrade Paragon Automation
You can upgrade your existing Juniper Paragon Automation Release 2.1.0 installation to Release 2.2.0 using Paragon Shell. The upgrade functionality enables you to upgrade your Paragon Automation installation and all the applications running on it.
We do not support upgrading from Juniper Paragon Automation Release 2.0.0 to Release 2.2.0.
The upgrade process is automated by a set of Paragon Shell commands and carries out the required pre-upgrade system checks, retrieves the upgrade package, and executes the upgrade process on the cluster nodes. You can upgrade using an upgrade file that is either downloaded locally on your primary node or downloaded directly from a Web page.
During an upgrade, it is important that no change activities including onboarding of devices, provisioning of services or changing other configurations are done in the system. The upgrade will automatically reboot all components and there will be short unavailability during that time. The upgrade process does not affect the traffic through the network and once the upgrade is complete, the devices and services are not reconfigured.
We recommend that you back up your configuration before upgrading. For information on backing up your current configuration, see Back Up and Restore Paragon Automation.
To upgrade your Paragon Automation cluster:
Upgrade your installation and all the applications running on it using either the local option or the url option.
- Upgrade Paragon Shell and the OVA System Files.
Prerequisites to the Upgrade Process
Before you upgrade the Paragon Automation cluster, ensure the following.
-
Paragon Shell is accessible and operational.
-
The cluster nodes have the following free disk space available:
-
The primary node from which the cluster was deployed must have 15% of the total disk space + three times the upgrade file size free.
-
The other two primary and worker nodes must have 15% of the total disk space + the same amount as the upgrade file size free.
-
The worker node must have 15% of the total disk space free.
-
-
The cluster is healthy and operational.
Execute the
# health-check
command from the Linux root shell. TheOverall Cluster Status
must beGREEN
. For example:root@primary1:~# health-check Health status checking... ======================================================= Get node count of Kubernetes cluster. ======================================================= OK There are 4 nodes in the cluster. <output snipped> ====================================================== Verifying Elasticsearch ====================================================== OK Opensearch test... Checking health status at opensearch-cluster-master.common:9200... Opensearch is healthy (green). OPENSEARCH VERIFICATION PASS ======================================================= Overall cluster status ======================================================= GREEN
-
Delete or deprovision L3VPN, EVPN, and L2 circuit service and resource instances used for service orchestration.
Log in to the Paragon Automation GUI.
Delete the service instances.
Select the service instance you want to deprovision on the Service Instances page (Orchestration > Instances).
Click More > Deprovision.
The Confirm Deprovision page appears.
Click Yes on the Confirm Deprovision page.
The service is deprovisioned and the resources used by the service are released.
Delete the resource instances and the dependencies.
Note:Retain the resource instances created for the network implementation plan.
Select the resource instance that you want to delete on the Resource Instances page Orchestration > Resource Instances.
Click More > Deprovision.
The Deprovision Resource Instance page appears.
Click Yes on the Deprovision Resource Instance page.
The service is deprovisioned and the resources used by the service are released.
Note:If you do not delete the service and resource instances before cluster upgrade, you can also delete them post-upgrade.
-
Stop all running Active Assurance Monitors.
-
(Optional) Check the current build and OVA version of your existing setup from Paragon Shell.
root@primary> show paragon version ova: 20240502_0230 build: eop-release-2.1.0.8141.g0de84d1c80 Client Version: v1.28.6+rke2r1 Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3 Server Version: v1.29.3+rke2r1
Upgrade Paragon Automation using either the local option or the url option.
Upgrade using the local
Option
Use this option for air-gapped environments where your Paragon Automation installation does not have access to the Internet. However, you need to be able to copy the upgrade_paragon-release-build-id.tgz and upgrade_paragon-release-build-id.tgz.psig files to your primary node.
Log in as root user to the primary node from which the current cluster was installed. You are logged in to Paragon Shell.
Type
exit
to exit from Paragon Shell to the Linux root shell.Copy the upgrade_paragon-release-build-id.tgz and upgrade_paragon-release-build-id.tgz.psig files, of the version to which you want to upgrade, to the /root/epic/temp folder.
You might need to download the upgrade_paragon-release-build-id.tgz and upgrade_paragon-release-build-id.tgz.psig files from the Juniper Software Download site to your local computer before copying it to the primary node.
(Optional) Use the
gpg --verify
command to validate the digital signature of the upgrade file. For example:root@primary1:~# gpg --verify upgrade_paragon-release-2.2.0.8213.g458486e9da.tgz.psig upgrade_paragon-release-2.2.0.8213.g458486e9da.tgz gpg: Signature made Tue Apr 23 01:00:09 2024 UTC gpg: using RSA key 4B7B22C9C4FE32CF gpg: Good signature from "Northstar Paragon Automation 2024 ca@juniper.net" [ultimate]
Here
primary1
is the installer primary node. Validation takes a couple of minutes to complete.Type
cli
to enter Paragon Shell.Use the following command to upgrade Paragon Automation.
request paragon cluster upgrade local filename upgrade_paragon-release-build-id.tgz
For example:
root@primary1> request paragon cluster upgrade local filename upgrade_paragon-release-2.2.0.8213.g458486e9da.tgz Using local file /root/epic/temp/upgrade_paragon-release-2.2.0.8213.g458486e9da.tgz for upgrade Upgrade is in progress ... Updated to build: paragon-release-2.2.0.8213.g458486e9da Paragon Cluster upgrade is successful! Please continue to primary host node to upgrade Paragon-shell and update OVA system files by: /root/epic/upgrade_paragon-shell_ova-system.sh
Your Paragon Automation installation and all the applications running on it are upgraded.
You can now upgrade Paragon Shell and the OVA system files. Go to Upgrade Paragon Shell and the OVA System Files.
Note that, the upgrade process takes a little over an hour to complete. Also, if you get disconnected from the VM during the upgrade process, you can periodically check the upgrade log file until you see an output similar to this:
root@primary1:~# cat /root/upgrade/upgrade.log <output-snipped> … PLAY RECAP ********************************************************************* 10.1.2.3 : ok=1819 changed=430 unreachable=0 failed=0 rescued=0 ignored=2 10.1.2.4 : ok=185 changed=26 unreachable=0 failed=0 rescued=0 ignored=0 10.1.2.5 : ok=185 changed=26 unreachable=0 failed=0 rescued=0 ignored=0 10.1.2.6 : ok=177 changed=25 unreachable=0 failed=0 rescued=0 ignored=0 Saturday 03 August 2024 09:41:53 +0000 (0:00:00.665) 1:26:57.926 ******* =============================================================================== user-registry : Push Docker Images from local registry to paragon registry - 532.34s jcloud/airflow2 : Install Helm Chart ---------------------------------- 278.28s Install Helm Chart ---------------------------------------------------- 147.88s delete existing install config-map - if any --------------------------- 111.87s Save installer config to configmap ------------------------------------- 98.15s jcloud/papi : Install Helm Chart --------------------------------------- 97.77s Create Kafka Topics ---------------------------------------------------- 79.97s user-registry : Push Helm Charts to paragon registry ------------------- 78.70s systemd ---------------------------------------------------------------- 67.23s kubernetes/addons/helper-commands : Install Pathfinder Utility scripts -- 44.65s kubernetes/addons/helper-commands : Copy profiler to /opt/paragon/bin -- 39.79s registry : Copy nginx image on 10.1.2.4 -------------------------------- 37.46s registry : Copy nginx image on 10.1.2.5 -------------------------------- 37.04s registry : Copy nginx image on 10.1.2.6 -------------------------------- 36.80s registry : Copy nginx image on 10.1.2.3 -------------------------------- 36.03s Install Helm Chart ----------------------------------------------------- 34.49s registry : Copy zot image on 10.1.2.4 ---------------------------------- 33.29s registry : Copy zot image on 10.1.2.5 ---------------------------------- 32.46s registry : Copy zot image on 10.1.2.6 ---------------------------------- 31.67s registry : Copy zot image on 10.1.2.3 ---------------------------------- 30.25s Playbook run took 0 days, 1 hours, 26 minutes, 57 seconds registry-14272 Application Cluster upgraded to version build: paragon-release-2.2.0.8213.g458486e9da!!!
Now proceed to Upgrade Paragon Shell and the OVA System Files and Post Cluster Upgrade Tasks.
Upgrade using the url
Option
Use this option if your Paragon Automation installation has access to the Internet.
Log in as root user to the primary node from which the current cluster was installed. You are logged in to Paragon Shell.
Use the following command to upgrade Paragon Automation.
request paragon cluster upgrade url "https://juniper.software.download.site/upgrade_paragon-release-build-id.tgz?query_string"
For example:
root@primary1> request paragon cluster upgrade url "https://cdn.juniper.net/software/paragon-images/upgrade_paragon-release-2.2.0.8213.g458486e9da.tgz?query_string" Upgrading paragon cluster from https://cdn.juniper.net/software/paragon-images Downloading tarball file upgrade_paragon-release-2.2.0.8213.g458486e9da.tgz Download file size: 19,526,900,113 bytes Current disk Usage: Total: 263,622,004,736 bytes Used: 83,496,677,376 bytes Available: 168,297,881,600 bytes Please wait for current download to finish... (File is large. It may take a while.) Upgrade tarball file is downloaded. Upgrade is in progress ... Updated to build: paragon-release-2.2.0.8213.g458486e9da Paragon Cluster upgrade is successful! Please continue to primary host node to upgrade Paragon-shell and update OVA system files by: /root/epic/upgrade_paragon-shell_ova-system.sh
Here
primary1
is the installer primary node.Your Paragon Automation installation and all the applications running on it are upgraded.
You can now upgrade Paragon Shell and the OVA system files. Go to Upgrade Paragon Shell and the OVA System Files.
Note that, the upgrade process takes a little over an hour to complete. Also, if you get disconnected from the VM during the upgrade process, you can periodically check the upgrade log file until you see an output similar to this:
root@primary1:~# cat /root/upgrade/upgrade.log <output-snipped> … PLAY RECAP ********************************************************************* 10.1.2.3 : ok=1908 changed=533 unreachable=0 failed=0 rescued=0 ignored=2 10.1.2.4 : ok=187 changed=31 unreachable=0 failed=0 rescued=0 ignored=0 10.1.2.5 : ok=187 changed=31 unreachable=0 failed=0 rescued=0 ignored=0 10.1.2.6 : ok=179 changed=29 unreachable=0 failed=0 rescued=0 ignored=0 Friday 27 September 2024 20:19:15 +0000 (0:00:00.295) 1:36:36.571 ****** =============================================================================== Create Kafka Topics -------------------------------------------------- 2866.24s user-registry : Push Docker Images from local registry to paragon registry - 472.90s Install Helm Chart ---------------------------------------------------- 100.75s Install Helm Chart ----------------------------------------------------- 89.25s jcloud/airflow2 : Install Helm Chart ----------------------------------- 71.12s systemd ---------------------------------------------------------------- 63.44s jcloud/papi : wait for papi rest api ----------------------------------- 61.69s delete existing install config-map - if any ---------------------------- 51.48s Save installer config to configmap ------------------------------------- 50.79s user-registry : Push Helm Charts to paragon registry ------------------- 37.01s jcloud/papi : Install Helm Chart --------------------------------------- 32.68s Wait for common-utils to be running ------------------------------------ 28.40s paragon-shell-config : Load paragon-shell initial configs on master node -- 26.93s kubernetes/addons/helper-commands : Install Pathfinder Utility scripts -- 25.73s Install Helm Chart ----------------------------------------------------- 22.19s command ---------------------------------------------------------------- 21.97s Wait for opensearch-backup to be running ------------------------------- 21.82s kubernetes/addons/helper-commands : Copy profiler to /opt/paragon/bin -- 18.28s systemcheck : Get Disk IOPS -------------------------------------------- 17.12s kubernetes/addons/resource-reservation : Apply resource-reservation kube-cfg file -- 14.67s Playbook run took 0 days, 1 hours, 36 minutes, 36 seconds registry-8862 Application Cluster upgraded to version build: eop-release-2.2.0.8213.g458486e9da!!!
Now proceed to Upgrade Paragon Shell and the OVA System Files and Post Cluster Upgrade Tasks.
Upgrade Paragon Shell and the OVA System Files
When your Paragon Automation installation and all the applications running on it are successfully upgraded, you must upgrade Paragon Shell and the OVA system files.
Exit from the installer primary node Paragon Shell to the Linux root shell by typing
exit
.Execute the Paragon Shell upgrade shell script.
root@primary1:~# bash /root/epic/upgrade_paragon-shell_ova-system.sh Upgrading paragon-shell... Updating paragon-shell for primary1...... Container paragon-shell Stopping Container paragon-shell Stopped Container paragon-shell Removing Container paragon-shell Removed paragon-shell Pulling paragon-shell Pulled Container paragon-shell Creating Container paragon-shell Created Container paragon-shell Starting Container paragon-shell Started Updating paragon-shell for primary2...... Container paragon-shell Stopping <output snipped> primaryname update-status primary1 ok primary3 ok primary2 ok primary4 ok paragon-shell upgrade successful! Updating OVA system files... OVA system files update successful!
Paragon Shell and the OVA system files are upgraded.
(Optional) Check the build and OVA version of your upgraded setup from Paragon Shell.
root@primary> show paragon version ova: 20241003_0458 ova-patch: 20241009_0418_upgrade_version build: eop-release-2.2.0.8213.g458486e9da Client Version: v1.28.6+rke2r1 Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3 Server Version: v1.29.3+rke2r1
Now proceed to perform the post cluster upgrade tasks.
Post Cluster Upgrade Tasks
After upgrading the cluster and Paragon Shell OVA, perform the following tasks to complete the upgrade process.
Update the base OS. See Update the OS.
Upgrade the service designs, update the network implementation plan, and recreate the resource and service instances. See Update the Network Implementation Plan and Recreate Service Instances After Upgrade.
Restart all Active Assurance Monitors one by one. Wait until each restarted monitor is running and producing metrics before restarting the next monitor.