Software Installation and Upgrade Overview (Junos OS Evolved)
SUMMARY A Juniper Networks device is delivered with the Juniper Networks operating system (Junos OS Evolved) already installed. When you power on the device, it starts (boots) using the installed software. As new features and software fixes become available, you must upgrade your software to use them.
Before installing software, you must back up the system, including the configuration. You upgrade (or downgrade) the version of the operating system on a device by copying a software installation package to your device and then use the CLI to install the new software on the device. You then reboot the device, which boots from the newly installed software. After a successful upgrade, back up the new software and configuration. See Back up and Recover Software with Snapshots.
Before installing software on a device that has one or more custom YANG data models added to it, back up and remove the configuration data corresponding to the custom YANG data models from the active configuration. For more information see Managing YANG Packages and Configurations During a Software Upgrade or Downgrade.
To understand more about Junos OS Evolved Software Licensing, see the Juniper Licensing Guide. Please refer to the product Data Sheets accessible from Products & Services for details, or contact your Juniper Account Team or Juniper Partner.
The following sections introduce the overall considerations in upgrading and downgrading the software:
Types of Junos OS Evolved Installation
The two types of installations used to upgrade or downgrade your device are standard installation and recovery. The standard installation is the standard method of upgrading and downgrading the software. You perform a recovery installation when the software on the device is damaged or otherwise unable to accommodate a software upgrade or downgrade.
Standard Installation |
A standard installation is the typical method used to upgrade or downgrade software on the server. This method uses the installation package that matches the installation package already installed on the system. For information on the different installation packages available, see Junos OS Evolved Installation Packages. |
Recovery Installation |
A recovery installation is the method used to repair a device with damaged software or a condition that prevents the upgrade or downgrade of the software. |
Multiple Software Versions Available
Junos OS Evolved stores multiple versions of software on the storage media. To see the
software packages installed on the system, use the show system software
list
operational mode command. Junos OS Evolved also allows you to roll back to
any of the releases already stored on the system with the request system software
rollback
operational mode command.
Each version also stores the last configuration file that was running when that release was
running. Junos OS Evolved supports a roll back to an alternate image with either the current
configuration file or with the configuration snapshot from when the alternate image was last
running, using the request system software rollback image-name
with-old-snapshot-config
operational mode command.
Node Software Synchronization for Dual-RE Systems
Junos OS Evolved ensures all nodes in a system are running the same software version.
If you insert an RE that has the same current software version as the primary RE into the
system, the new RE joins the system. The system automatically synchronizes the
configurations and the other software versions from the existing RE to the new RE, even if
you have not configured theauto-sw-sync
statement.
If you insert an RE that has a different software version into the system, the RE is kept
outside the system and the system generates a software mismatch alarm. The alarm specifies
the RE name and the version of software on the newly-inserted RE, similar to the following:
Software Version Mismatch on
re1:junos-evo-install-ptx-x86-64-20.4R2.6-EVO
. You need to manually synchronize
the REs to bring RE1 back into the system.
user@host-re0> show system alarms 2 alarms currently active Alarm time Class Description 2021-04-19 16:02:26 PDT Major Re1 Node unreachable 2021-04-19 16:04:46 PDT Major Software Version Mismatch on re1:junos-evo-install-ptx-x86-64-20.4R2.6-EVO
You can either manually or automatically synchronize the software versions and configurations to the new RE. Automatic software synchronization is disabled by default. We recommend that you enable automatic software synchronization.
-
To automatically always synchronize the software versions and configurations to the new RE, configure the
auto-sw-sync enable
statement at the[edit system]
hierarchy level. When you configure theauto-sw-sync
statement, the system detects the new RE, synchronizes all of the images to the new RE, and reboots the new RE so that the new RE boots up with the same software and the same configuration version as the primary RE and joins the system. Each software image contains the configuration running when that software image was last active. -
To manually synchronize the software versions and configurations to the new RE, use the
request system software sync all-versions
operational mode command. All software images and configurations stored with the images are synchronized to the new RE and the system reboots the new RE. When the new RE comes back up, the new RE joins the system.
For a dual-RE system, when the secondary RE boots with a different current image than the
primary RE's current image and you have configured the auto-sw-sync enable
statement, the primary RE synchronizes the current image to the secondary RE. The primary RE
also synchronizes the rollback software image and the other images to the secondary RE. If
the current configuration file (juniper.conf.gz) from the primary RE
matches the current configuration file on the secondary RE, then the primary RE does not
synchronize the rescue configuration (rescue.conf.gz) to the secondary
RE.
To synchronize the rescue configuration from the primary RE to the secondary RE, issue the
file copy
command on the primary RE:
user@host-re0> file copy /config/rescue.conf.gz re1:/config/
For more information on replacing REs, see Replace a Routing Engine in a Dual-RE System.
Back up the Current System’s Files
Creating a backup of the current system on your device has the following advantages:
-
The device can boot from a backup and come back online in case a component fails or a power failure during an upgrade corrupts the primary boot device.
-
The backup copy of the system saves your active configuration files and log files.
-
The device can recover from a known, stable environment in case of an unsuccessful upgrade.
During a successful upgrade, the upgrade package completely re-installs the existing operating system. It retains the juniper.conf, rescue.conf, SNMP ifIndexes, /var/home, /config/scripts, SSH files, and other filesystem files. The upgrade process removes all other information. Therefore, you should back up your existing system in case you need to return to it after running the installation program.
You create copies of both the software and the configuration running on a device using the
request system snapshot
command. The request system
snapshot
command takes a “snapshot” of the files currently used to run the
device—the complete contents of the /root, /soft,
and /config file systems, which include the current and all rollback
software images, the active configuration, and the rescue configuration—and copies all of
these files into an alternate (internal solid-state drive) memory source. You can then use
this snapshot to boot the device at the next boot up or as a backup boot option. When the
backup completes, the current and backup software installations are identical. For a dual-RE
system, you should create a snapshot on both the primary and the secondary RE, ensuring a
snapshot is available, no matter which RE you use to reboot the device.
When you issue the request system snapshot
command, the system backs up
the /root file system and the /config file
system to the secondary solid-state drive (SSD). The /root and
/config file systems are on the device's primary SSD. The snapshot
/root and /config file systems are on the
device's secondary SSD.
Determine the Software Installation Package
Juniper Networks delivers software releases in signed packages that contain digital
signatures to ensure official Juniper Networks software. To see the information about the
software packages currently running on the device, use the show version
operational mode command at the top level of the command-line interface (CLI).
The show version
command does not show the software edition, only the
release number of the software.
You download software to the /var/tmp directory of your device from the Juniper Networks Software Downloads webpage.
For more information about software packages, see Junos OS Evolved Installation Packages.
Connect to the Console
We recommend that you upgrade all individual software packages using an out-of-band connection from the console or the management Ethernet interface, because in-band connections can drop during the upgrade process.
Console ports allow root access to devices through a terminal or laptop interface, regardless of the state of the device, unless the device is off. By connecting to the console port, you can access the root level of the device, without using the network to which the device might or might not be connected. Connecting to the console port creates a secondary path to the device without relying on the network.
Using the terminal interface provides a technician, who is usually sitting in a NOC a long distance away, the ability to restore a device or perform an initialization configuration securely, using a modem, even if the primary network has failed. Without a connection to the console port, a technician must visit the site to perform repairs or initialization. A remote connection to the device through a modem requires the cable and connector (provided in the device accessory box), plus a DB-9 to DB-25 (or similar) adapter for your modem, which you must purchase separately. For more information about connecting to the console port, see the hardware guide for your particular device.
Validate the Installation Package with the Current Configuration
When you upgrade or downgrade software, we recommend that you validate the configuration
with the request system software add
operational mode command, to check
that the candidate software is compatible with the current configuration. By default, when
you add a package with a different release number, the system automatically performs the
validation check.
Upgrade Method Impacts on Internal Media
Installation from the boot loader using a USB storage device re-formats the internal media before installation.
Installation using the CLI retains the existing partitioning scheme.
Upgrade methods that re-format the internal media before installation wipe out the existing contents of the media and the configuration files. You must back up all configuration files in the /config directory and any important data before starting the installation process.
Boot Sequence
Juniper Networks devices start using the installed Junos OS Evolved software. Boot-able copies of the software are stored in two locations: the internal solid-state drive and the removable media (USB). The following subsections discuss the order of the locations the system checks for a valid boot-able operating system.
Boot Order
Junos OS Evolved devices attempt to boot from these storage media in the following order:
-
Dual, internal SSD devices. First, the system tries to boot from the primary SSD device. If that SSD fails to boot, then the system attempts to boot from the secondary SSD device.
-
USB device. (If you insert a USB emergency boot device, select USB00 from the Grub menu to boot from the USB device.)
Boot from an Alternate Boot Device
If the device boots from an alternate boot device, when you log in to the device, a message displays indicating the alternate boot device. For example, the following message shows that the software booted from the secondary SSD (/dev/sdb):
login: username Password: password [...output truncated...] --- NOTICE: System is running on alternate media device (/dev/sdb).
Do not select an emergency boot device during reboot under normal operations. The
router does not operate normally when booted from an emergency boot device. Selecting
the USB00
option on the Grub menu installs the image from the USB onto
the SSD. You must then apply the user configuration.
The system boots from an alternate boot device when the system detects a problem with the primary boot device—usually the primary SSD (/dev/sda)—that prevents the device from booting. Consequently, the system boots from the alternate boot device (the secondary SSD, /dev/sdb). When the system boots from the alternate boot device, the system removes the primary boot device from the list of candidate boot devices. The problem is usually a serious hardware error. We recommend you contact the Juniper Networks Technical Assistance Center (JTAC).
When the device boots from the alternate boot device, the software and the configuration
are only as current as the most recent snapshot (taken with the request system
snapshot
operational mode command).