Upgrade Paragon Automation
The upgrade functionality provided by Paragon Shell enables you to upgrade your Paragon Automation installation and all the applications running on it to the current release.
You can upgrade to the current Juniper Paragon Automation Release 2.4.0 from the following releases.
-
Release 2.3.0
-
Release 2.2.0
We do not support upgrading directly from Juniper Paragon Automation releases 2.0.0 and 2.1.0 to release 2.4.0. If you have a release 2.1.0 installation, you can upgrade to release 2.2.0, and then use the process described in this topic to subsequently upgrade to release 2.4.0 .
The upgrade process is automated by a set of Paragon Shell commands and carries out the required system checks, retrieves the upgrade package, and executes the upgrade process on the cluster nodes. You can upgrade using a file that is either downloaded locally on your primary node or downloaded directly from a Web page.
During an upgrade, it is important that no change activities including onboarding of devices, provisioning of services or changing other configurations are done in the system. The upgrade will automatically reboot all components and there will be short unavailability during that time. The upgrade process does not affect the traffic through the network and once the upgrade is complete, the devices and services are not reconfigured.
We recommend that you back up your configuration before upgrading. For information on backing up your current configuration, see Back Up and Restore Paragon Automation.
Perform the following steps to upgrade to Paragon Automation Release 2.4.0:
Upgrade Prerequisites—Ensure that all upgrade prerequisites are met
Upgrade the Paragon Automation cluster—Upgrade the cluster using either Upgrade using the local filename Option or Upgrade using the remote url Option
Upgrade Paragon Shell and the OVA System Files—Upgrade Paragon Shell and the OVA system files on all the cluster nodes
Upgrade Prerequisites
Before you upgrade the Paragon Automation cluster, ensure the following.
-
Paragon Shell is accessible and operational.
-
The cluster nodes have the following free disk space available:
-
The primary node from which the cluster was deployed must have 15% of the total disk space + three times the upgrade file size free.
-
The other two primary and worker nodes must have 15% of the total disk space + the same amount as the upgrade file size free.
-
The worker node must have 15% of the total disk space free.
-
-
Disable and delete previous OpenSearch backup files to free up space.
Disable OpenSearch backup.
root@primary1# kubectl patch cronjob opensearch-backup-cron -n common -p '{"spec": {"suspend": true}}'Delete the periodic backup job.
root@primary1# kubectl delete job -n common -l app=opensearch-backup-cron
Delete all existing OpenSearch backup files.
root@primary1# kubectl exec -i -n common -c opensearch-backup $(kubectl get po -n common -l app=opensearch-backup -o jsonpath={.items[0].metadata.name}) -- bash -c 'rm -rf /opt/paragon/opensearch-backup/*'
-
Verify that the cluster is healthy and operational.
If you are upgrading from release 2.2.0 to release 2.4.0, execute the
health-checkcommand from the Linux root shell. The Overall Cluster Status must be GREEN.root@primary1# health-check Health status checking... ======================================================= Get node count of Kubernetes cluster. ======================================================= OK There are 4 nodes in the cluster. ... <output snipped> ... ======================================================= Overall cluster status ======================================================= GREEN
If you are upgrading from release 2.3.0 to release 2.4.0, you can skip this step. The upgrade command in release 2.3.0 preemptively runs the health-check to verify cluster health before upgrading the cluster.
-
(Optional) Check the current build and OVA version of your existing release from Paragon Shell using the
show paragon versioncommand.
Upgrade the Paragon Automation cluster
Perform the following steps if you want to upgrade Paragon Automaton releases 2.3.0 and 2.2.0 to the current 2.4.0 release.
You can upgrade your installation and all the applications running on it using any one of the following two options:
Upgrade using the local filename Option
Use this option for air-gapped environments where your Paragon Automation installation does not have access to the Internet. However, you need to be able to copy the upgrade_paragon-release-build-id.tgz and upgrade_paragon-release-build-id.tgz.psig files to your primary node.
local
Option. If you are upgrading from release 2.3.0 to release 2.4.0, perform the following steps.
Log in as root user to the primary node from which the current cluster was installed. You are logged in to Paragon Shell.
Type
exitto exit from Paragon Shell to the Linux root shell.Copy the upgrade_paragon-release-build-id.tgz and upgrade_paragon-release-build-id.tgz.psig files, of the version to which you want to upgrade, to the /root/epic/temp folder.
You might need to download the upgrade_paragon-release-build-id.tgz and upgrade_paragon-release-build-id.tgz.psig files from the Juniper Software Download site to your local computer before copying it to the primary node.
(Optional) Use the
gpg --verifycommand to validate the digital signature of the upgrade file. For example:root@primary1:~/epic/temp# gpg --verify upgrade_paragon-release-2.4.0.8952.gbef82aec6b.tgz.psig upgrade_paragon-release-2.4.0.8952.gbef82aec6b.tgz gpg: Signature made Sat Mar 01 01:00:09 2024 UTC gpg: using RSA key 4B7B22C9C4FE32CF gpg: Good signature from "Northstar Paragon Automation 2024 ca@juniper.net" [ultimate]
Here
primary1is the installer primary node. Validation takes a couple of minutes to complete.Type
clito enter Paragon Shell.Use the following command to upgrade the Paragon Automation cluster:
request paragon cluster upgrade local filename upgrade_paragon-release-build-id.tgzFor example:
root@primary1> request paragon cluster upgrade local filename upgrade_paragon-release-2.4.0.8952.gbef82aec6b.tgz Upgrade is in progress ... Updated to build: paragon-release-2.4.0.8952.gbef82aec6b Paragon Cluster upgrade is successful! Run 'request paragon health-check' command to check current system health with upgraded Paragon cluster. Please continue to primary host node to upgrade Paragon-shell and update OVA system files by: /root/epic/upgrade_paragon-shell_ova-system.sh
Here
primary1is the installer primary node. The upgrade command checks the health of the cluster before upgrading. If the cluster health check returns aGREENstatus, the cluster is upgraded requiring no further input. If the cluster health check returns aREDstatus, the cluster is not upgraded. If the cluster health check returns anAMBERstatus, you are prompted to choose to continue or stop the upgrade.You can also use the
request paragon cluster upgrade local filename upgrade_paragon-release-build-id.tgz no-confirmoption to ignore theAMBERstatus and continue with the upgrade without being prompted. Theno-confirmoption does not ignore aREDstatus.Note that, the upgrade process takes over an hour to complete. If you get disconnected from the VM during the upgrade process, you can periodically check the upgrade log file until you see an output similar to this:
root@primary1:~# cat /root/upgrade/upgrade.log <output snipped> … PLAY RECAP ********************************************************************* 10.1.2.3 : ok=1819 changed=430 unreachable=0 failed=0 rescued=0 ignored=2 10.1.2.4 : ok=185 changed=26 unreachable=0 failed=0 rescued=0 ignored=0 10.1.2.5 : ok=185 changed=26 unreachable=0 failed=0 rescued=0 ignored=0 10.1.2.6 : ok=177 changed=25 unreachable=0 failed=0 rescued=0 ignored=0 Saturday 01 March 2025 09:41:53 +0000 (0:00:00.665) 1:26:57.926 ******* =============================================================================== user-registry : Push Docker Images from local registry to paragon registry - 532.34s jcloud/airflow2 : Install Helm Chart ---------------------------------- 278.28s Install Helm Chart ---------------------------------------------------- 147.88s delete existing install config-map - if any --------------------------- 111.87s Save installer config to configmap ------------------------------------- 98.15s jcloud/papi : Install Helm Chart --------------------------------------- 97.77s Create Kafka Topics ---------------------------------------------------- 79.97s user-registry : Push Helm Charts to paragon registry ------------------- 78.70s systemd ---------------------------------------------------------------- 67.23s kubernetes/addons/helper-commands : Install Pathfinder Utility scripts -- 44.65s kubernetes/addons/helper-commands : Copy profiler to /opt/paragon/bin -- 39.79s registry : Copy nginx image on 10.1.2.4 -------------------------------- 37.46s registry : Copy nginx image on 10.1.2.5 -------------------------------- 37.04s registry : Copy nginx image on 10.1.2.6 -------------------------------- 36.80s registry : Copy nginx image on 10.1.2.3 -------------------------------- 36.03s Install Helm Chart ----------------------------------------------------- 34.49s registry : Copy zot image on 10.1.2.4 ---------------------------------- 33.29s registry : Copy zot image on 10.1.2.5 ---------------------------------- 32.46s registry : Copy zot image on 10.1.2.6 ---------------------------------- 31.67s registry : Copy zot image on 10.1.2.3 ---------------------------------- 30.25s Playbook run took 0 days, 1 hours, 26 minutes, 57 seconds registry-14272 Application Cluster upgraded to version build: paragon-release-2.4.0.8952.gbef82aec6b!!!
Your Paragon Automation installation and all the applications running on it are upgraded.
Execute the
request paragon health-checkcommand to ensure that the upgraded cluster is healthy and operational.The
Overall Cluster Statusmust beGREEN.Upgrade Paragon Shell and the OVA system files.
Upgrade using the remote url Option
Use this option if your Paragon Automation installation has access to the Internet and the upgrade file is in a remote location.
url
Option. The remote url option is available only
from release 2.3.0 onwards.If you are upgrading from release 2.3.0 to release 2.4.0, perform the following steps.
Log in as root user to the primary node from which your existing cluster was installed. You are logged in to Paragon Shell.
Use the following command to upgrade the Paragon Automation cluster:
request paragon cluster upgrade remote url "https://juniper.software.download.site/upgrade_paragon-release-build-id.tgz?query_string"For example:
root@primary1> request paragon cluster upgrade remote url "https://cdn.juniper.net/software/paragon-images/upgrade_paragon-release-2.4.0.8952.gbef82aec6b.tgz?query_string" Checking paragon cluster system health before proceeding with cluster upgrade. This will take a minute... ... <output snipped> ... ======================================================= Overall cluster status ======================================================= GREEN ======================================================= Paragon cluster is healthy. Proceed with Paragon cluster upgrade. Upgrading paragon cluster from https://cdn.juniper.net/software/paragon-images Downloading tarball file upgrade_paragon-release-2.4.0.8952.gbef82aec6b Download file size: 28,831,677,064 bytes Current disk Usage: Total: 263,622,004,736 bytes Used: 106,109,399,040 bytes Available: 145,685,159,936 bytes Please wait for current download to finish... (File is large. It may take a while.) Upgrade tarball file is downloaded. Upgrade is in progress ... Updated to build: eop-release-2.4.0.8952.gbef82aec6b Paragon Cluster upgrade is successful! Run 'request paragon health-check' command to check current system health with upgraded Paragon cluster. Please continue to primary host node to upgrade Paragon-shell and update OVA system files by: /root/epic/upgrade_paragon-shell_ova-system.shHere
primary1is the installer primary node. The upgrade command checks the health of the cluster before upgrading. If the cluster health check returns aGREENstatus, the cluster is upgraded requiring no further input. If the cluster health check returns aREDstatus, the cluster is not upgraded. If the cluster health check returns anAMBERstatus, you are prompted to choose to continue or stop the upgrade.You can also use the
request paragon cluster upgrade remote url "https://juniper.software.download.site/upgrade_paragon-release-build-id.tgz?query_string" no-confirmoption to ignore theAMBERstatus and continue with the upgrade without being prompted. Theno-confirmoption does not ignore aREDstatus.Note that, the upgrade process takes a little over an hour to complete. If you get disconnected from the VM during the upgrade process, you can periodically check the upgrade log file until you see an output similar to this:
root@primary1:~# cat /root/upgrade/upgrade.log <output snipped> … PLAY RECAP ********************************************************************* 10.1.2.3 : ok=1819 changed=430 unreachable=0 failed=0 rescued=0 ignored=2 10.1.2.4 : ok=185 changed=26 unreachable=0 failed=0 rescued=0 ignored=0 10.1.2.5 : ok=185 changed=26 unreachable=0 failed=0 rescued=0 ignored=0 10.1.2.6 : ok=177 changed=25 unreachable=0 failed=0 rescued=0 ignored=0 Saturday 01 March 2025 09:41:53 +0000 (0:00:00.665) 1:26:57.926 ******* =============================================================================== user-registry : Push Docker Images from local registry to paragon registry - 532.34s jcloud/airflow2 : Install Helm Chart ---------------------------------- 278.28s Install Helm Chart ---------------------------------------------------- 147.88s delete existing install config-map - if any --------------------------- 111.87s Save installer config to configmap ------------------------------------- 98.15s jcloud/papi : Install Helm Chart --------------------------------------- 97.77s Create Kafka Topics ---------------------------------------------------- 79.97s user-registry : Push Helm Charts to paragon registry ------------------- 78.70s systemd ---------------------------------------------------------------- 67.23s kubernetes/addons/helper-commands : Install Pathfinder Utility scripts -- 44.65s kubernetes/addons/helper-commands : Copy profiler to /opt/paragon/bin -- 39.79s registry : Copy nginx image on 10.1.2.4 -------------------------------- 37.46s registry : Copy nginx image on 10.1.2.5 -------------------------------- 37.04s registry : Copy nginx image on 10.1.2.6 -------------------------------- 36.80s registry : Copy nginx image on 10.1.2.3 -------------------------------- 36.03s Install Helm Chart ----------------------------------------------------- 34.49s registry : Copy zot image on 10.1.2.4 ---------------------------------- 33.29s registry : Copy zot image on 10.1.2.5 ---------------------------------- 32.46s registry : Copy zot image on 10.1.2.6 ---------------------------------- 31.67s registry : Copy zot image on 10.1.2.3 ---------------------------------- 30.25s Playbook run took 0 days, 1 hours, 26 minutes, 57 seconds registry-14272 Application Cluster upgraded to version build: paragon-release-2.4.0.8952.gbef82aec6b!!!
Your Paragon Automation installation and all the applications running on it are upgraded.
Execute the
request paragon health-checkcommand to ensure that the upgraded cluster is healthy and operational.The
Overall Cluster Statusmust beGREEN.Upgrade Paragon Shell and the OVA system files.
Upgrade Paragon Shell and the OVA System Files
When your Paragon Automation installation and all the applications running on it are successfully upgraded, you must upgrade Paragon Shell and the OVA system files.
Exit from the installer primary node Paragon Shell to the Linux root shell by typing
exit.Execute the Paragon Shell upgrade shell script.
root@primary1:~# bash /root/epic/upgrade_paragon-shell_ova-system.sh Upgrading paragon-shell... Updating paragon-shell for primary1...... Container paragon-shell Stopping Container paragon-shell Stopped Container paragon-shell Removing Container paragon-shell Removed paragon-shell Pulling .... <output snipped> .... primaryname update-status primary1 ok primary3 ok primary2 ok primary4 ok paragon-shell upgrade successful! Updating OVA system files... OVA system files update successful!
Paragon Shell and the OVA system files are upgraded.
(Optional) Check the build and OVA version of your upgraded cluster from Paragon Shell.
root@primary> show paragon version ova: 20250301_1117_ova ova-patch: 20250301_0349 build: eop-2.4.0.8952.gbef82aec6b Client Version: v1.29.6 Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3 Server Version: v1.31.4+rke2r1
Proceed to perform the post cluster upgrade tasks.
Post Cluster Upgrade Tasks
After upgrading the cluster and Paragon Shell OVA, perform the following tasks to complete the upgrade process.
Update the base OS. See Update the OS.
Upgrade the service designs, update the network implementation plan, and recreate the resource and service instances. See Update the Network Implementation Plan and Recreate Service Instances After Upgrade.