Page MenuHomePhabricator
Create Task
Maniphest T295691

Upgrade pfw to Junos 20+
Closed, ResolvedPublic
Actions

Description

The Junos 20 branch is now in Junos recommended versions for SRX1500 firewalls, see https://kb.juniper.net/InfoCenter/index?page=content&id=KB21476&smlogin=true

Upgrading those firewalls has several advantages:

  • Testing routers redundancy in a planned window
  • Keeping a tight Junos version spread (we currently have 12, 14, 15, 17, 18, 20)
  • Fixing low risk security issues

As we're getting in the "no changes" time of the year, it will probably have to wait for next year. @Jgreen around what time should we ping you for that?

Details

Due Date
May 17 2022, 4:00 AM

Related Objects
Search...

Event Timeline

ayounsi triaged this task as Low priority.Nov 15 2021, 2:54 PM
ayounsi created this task.
Restricted Application added a project: Infrastructure-Foundations. · View Herald TranscriptNov 15 2021, 2:54 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Maintenance_bot added a project: SRE.Nov 15 2021, 3:45 PM
Jgreen added a comment.Nov 16 2021, 3:15 PM

@ayounsi I think it would be fine to do the codfw pfw's this year. Please ping me on IRC when you have some time to discuss.

Jgreen moved this task from Triage to Watching on the fundraising-tech-ops board.Nov 17 2021, 2:33 PM
Jgreen moved this task from Watching to In Progress on the fundraising-tech-ops board.Jan 12 2022, 4:57 PM
ayounsi mentioned this in T254013: all network devices must run OpenSSH >= 7.2p1 but != 7.4p1.Jan 19 2022, 10:50 AM
Jgreen moved this task from In Progress to Watching on the fundraising-tech-ops board.Jan 25 2022, 2:16 PM
Papaul subscribed.Jan 27 2022, 5:54 PM

I chat with @Jgreen in IRC we will be doing the upgrade next week on Tuesday the 1st at 10:30 CT

Papaul added a comment.Feb 1 2022, 5:35 PM
request system software add <JUNOS package> no-copy unlink

started at 10:38am CT and complete at 10.52am CT ~ 13mins

request system reboot

started at 10:54am CT complete at 11:27am CT ~33mins

Complete

Hostname: pfw3-codfw
Model: srx1500
Junos: 20.4R3-S1.3
Papaul closed this task as Resolved.EditedFeb 1 2022, 5:39 PM
Papaul claimed this task.

Codfw complete

Papaul reopened this task as Open.Feb 1 2022, 5:42 PM
Jgreen set Due Date to May 17 2022, 4:00 AM.Feb 1 2022, 5:53 PM

We're planning to do the upgraded during the Fundraising planned maintenance window of 5/16/2022 to 5/20/2022.

Papaul added a comment.May 2 2022, 3:09 AM

@Jgreen hello do you think this can be done on May the 16th?

Papaul raised the priority of this task from Low to Medium.May 2 2022, 3:11 AM
Jgreen added a comment.May 3 2022, 12:41 PM
In T295691#7894680, @Papaul wrote:

@Jgreen hello do you think this can be done on May the 16th?

@Papaul, yes that sounds good. We can plan for downtime on that day.

Papaul added subscribers: Jclark-ctr, Cmjohnson.May 10 2022, 3:45 PM

@Cmjohnson @Jclark-ctr I upload the junos-srxsme-20.1R1.11.tgz to apt.wikimedia.org under /srv/junos . if you have time this week can you please copy that image file to a USB and please coordinate with me when that it is done so we can plug the USB to both pfw3a-eqiad and pfw3b-eqiad an copy the image there before Monday 16th.

Thanks

Papaul added a comment.May 10 2022, 4:00 PM

@Cmjohnson @Jclark-ctr the right image is junos-srxentedge-x86-64-20.4R3-S1.3.tgz and not junos-srxsme-20.1R1.11.tgz since codfw is using junos-srxentedge-x86-64-20.4R3-S1.3.tgz

Thanks

Papaul added a comment.May 10 2022, 4:59 PM

@Jgreen hello. I am planning on doing this on the 16th at 10:00am CT . let me know it time works for you.
Thanks

Papaul added a comment.May 12 2022, 9:24 PM

The Junos image is now on both pfw

root@pfw3-eqiad% ls /var/tmp/junos-srxentedge-x86-64-20.4R3-S1.3.tgz
/var/tmp/junos-srxentedge-x86-64-20.4R3-S1.3.tgz
root@pfw3-eqiad%
Papaul added a comment.May 16 2022, 4:06 PM

Junos upgrade complete in Eqiad.

Papaul closed this task as Resolved.May 16 2022, 4:08 PM
Jgreen moved this task from Watching to Done on the fundraising-tech-ops board.Jun 2 2022, 5:36 PM
ayounsi mentioned this in T316529: Upgrade management routers and switches to Junos 21.Aug 29 2022, 12:46 PM
ayounsi mentioned this in T316532: Upgrade POPs asw to Junos 21.Aug 29 2022, 1:03 PM
ayounsi added a parent task: T316539: Upgrade network devices to Junos 20+.Aug 29 2022, 1:27 PM
ayounsi mentioned this in T315838: Set consistent MTUs.Jan 4 2023, 3:12 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL