Upgrade HA Active/Passive array to latest version.

Question

Good morning all, 
 I hope you're all well. 
 I'm looking for some advice on the most expeditious and least disruptive method to upgrade an HA array to the latest firmware version. It's a UTM SG330 setup in HA active/passive mode and the firmware version is 9.702-1. 
 The customer is highly risk averse and supports several hundreds of remote users via remote access vpn. It is essential that disruption is kept to a minimum. Multiple or lengthy outages need to be avoided if possible. 
 Does anyone know the most direct path from the current firmware to the latest version? Would it be quicker to reimage/rebuild the array at the latest version and import the latest backup? Is it possible to import a backup from the current version to the latest version? 
 Thanks in advance, 
 Neil.

Vivek Jagad · Accepted Answer

Hello Neil_Evolve , Thank you for reaching out to the community. 
 When you upgrade an HA device, the process is as follows: 
 
 The primary device (device A) upgrades the secondary device (device B). 
 Device B runs the new firmware and takes control of the network. It's now the primary device and device A is the secondary. 
 Device A then upgrades and runs the new firmware. It's still the secondary device, but if you have configured the other device as a preferred primary, then the cluster will failover. 
 
 Now you are currently on 9.702-1 ., there are a couple (approx. 23 new updates) of firmware in between and the process mentioned above will continue to follow until you reach to the latest firmware i.e. 9.711-5 . A direct path can not be followed. So, in that case re-imaging will be much more quicker and a one time process. Yes the backup can be restored from an older firmware to the newer/equivalent firmware but can not be done vice-versa.

JosefBergmann · Answer

Hi, 
 I would activate " Keep node(s) reserved during Up2Date" and update with this methode one node to the latest version, then this fully updated node will become the active node. In a second step, after checking that everything works as expected, update the second node.

BAlfson · Answer

I agree, but there's a potential fly in the ointment. Attempting to get all of the needed Up2Dates loaded at one time will cause problems with a full / partition - probably a lockup. Probably two groups would need to be downloaded separately. This is most easily done at the command line as root. 
 Don't forget to set ' Firmware Download Interval' to "Manual" before starting and to change it back when done. If the Up2Dates below are already on your system, you can delete them once you're in /var/up2date/sys. 
 Once you're at 9.705-3 or you've done something similar to the below to get you there, here's how to get to 9.711-5: 
 cd /var/up2date/sys wget ftp-astaro-com.s3-eu-west-1.amazonaws.com/UTM/v9/up2date/u2d-sys-9.705003-705007.tgz.gpg wget ftp-astaro-com.s3-eu-west-1.amazonaws.com/UTM/v9/up2date/u2d-sys-9.705007-706009.tgz.gpg wget ftp-astaro-com.s3-eu-west-1.amazonaws.com/UTM/v9/up2date/u2d-sys-9.706009-707005.tgz.gpg wget ftp-astaro-com.s3-eu-west-1.amazonaws.com/UTM/v9/up2date/u2d-sys-9.707005-708006.tgz.gpg wget ftp-astaro-com.s3-eu-west-1.amazonaws.com/UTM/v9/up2date/u2d-sys-9.708006-709003.tgz.gpg wget ftp-astaro-com.s3-eu-west-1.amazonaws.com/UTM/v9/up2date/u2d-sys-9.709003-710001.tgz.gpg wget ftp-astaro-com.s3-eu-west-1.amazonaws.com/UTM/v9/up2date/u2d-sys-9.710001-711005.tgz.gpg /sbin/auisys.plx --showdesc 
 Wait 10 minutes after the auisys command starts and then install in WebAdmin. You are now at 9.711-5. 
 Personally, I would disconnect the Slave first and allow the Master to Up2Date overnight. Then, re-image the Slave, power it down, reconnect it and power it up. The Master will reconfigure the Slave and copy the logs to it. 
 If you do go the way of re-imaging both Master and Slave, you can copy off the /var/log directory beforehand and then copy it back on with WinSCP. Again, I would fully prepare one appliance as the Master and then reconnect the Slave and power it up. The Master will reconfigure the Slave and copy the logs to it. 
 Cheers - Bob

Upgrade HA Active/Passive array to latest version.

Top Replies