| Sun Fire B10p SSL Proxy Blade Administration Guide |    
|
| Sun Fire B10p SSL Proxy Blade Administration Guide |
|
| C H A P T E R 6 |
|
Upgrading the Application Software and the BSC Firmware |
This chapter describes how to upgrade the software and firmware on one or more Sun Fire B10p SSL proxy blades. It also describes how to set up a TFTP (Trivial File Transfer Protocol) server if you do not already have one set up on your network. The software upgrade procedures require you to use TFTP.
The Sun Fire B10p SSL proxy blade delivers high performance by utilizing optimized hardware engines and a tightly coupled embedded processor running a real time operating system. The code that runs on this processor is called the application software and can be updated using an FTP process.
In addition to the embedded processor, there is a micro controller called the blade support controller (BSC). The BSC is the primary interface to the Sun Fire
B1600 service controllers (SCs) and performs the advanced lights out management (ALOM) functions for a given blade. These functions include powering on and off, and the resetting and monitoring functions. The code that runs on this device is called the BSC firmware and can be updated using the flashupdate command which involves using TFTP.
The Sun Fire B10p SSL proxy blade software components are as follows:
Check the following web site to ensure you have the latest software:
http://wwws.sun.com/software/download/network.html
To update the firmware and application software, there must be network connectivity between the B10p SSL proxy blade and the TFTP or FTP server. The B10p SSL proxy blade requires that all management traffic (including updates) must always be VLAN tagged.
A TFTP and FTP server can be made available as a:
If a server is used that has a management VLAN interface configured, the management VLAN must be added to the respective port on the switch. If a server is used that does not have the VLAN configuration, refer to Upgrading the Application Software From a non-VLAN-Capable Server for instructions how to create network connectivity between the server and the B10p SSL proxy blade.
The procedures for upgrading software for the Sun Fire B10p SSL proxy blade involve using TFTP. Hence to use the blade, you need to have a TFTP server available on your network.
|
Note - If you are using separated data and management networks, set up a TFTP server available on both networks. |
1. On the system that you intend to set up as the TFTP server, log in as root.
2. Use a text editor to un-comment the following line in the file /etc/inetd.conf:
3. On the same system create a TFTP home directory by typing the following at the Solaris prompt:
5. Verify that TFTP is working.
To do this, use TFTP to get a file from the /tftpboot directory. Follow the instructions below:
a. On the system that you are using as the TFTP server, copy any file (for example, the Solaris /etc/release file) to the /tftpboot directory.
Type the following command at the Solaris prompt:
Where filename is the name of the file you intend to make available on the TFTP server.
b. Make the file you have just copied read-only:
Where filename is the name of the file you intend to make available on the TFTP server.
|
Note - that TFTP is not the same as FTP. It does not display the same error messages as FTP, and you cannot use the cd or ls commands (or indeed most other commands) that FTP allows you to use. |
The SSL proxy blade supports the ability to perform network based software upgrades to the device. The software upgrades to the SSL proxy blade are encrypted and authenticated to preserve their security. Normal operation of the SSL proxy blade must be stopped during the upgrade process because a reboot is required after activating an upgrade.
|
Note - Read this section completely before proceeding to perform a software upgrade. |
Check http://www.sun.com/supporttraining/ for information on upgrade packages. Copy the upgrade package to a local FTP/TFTP server before performing the upgrade.
Upgrades are a two-step process. First, verify and copy the upgrade package as the backup image of the software. Then activate the new software using the
boot activate command. This command swaps the active software with the backup, thus making the upgrade active on the next boot.
The upgrade sequence is as follows. You need to log in as so (security officer) to perform upgrades.
This section describes how to use the boot upload commands for network-based software upgrades.
Use FTP or TFTP to copy the package from the specified FTP or TFTP server.
The upgrade package is automatically decrypted and verified for authenticity. The successfully verified package is placed in the backup image location within the SSL proxy blade. An upgrade package can be up to three Megabytes in size and may take up to one minute to copy from a local FTP server. A spinning cursor shows activity during the process.
|
Note - The FTP/TFTP server IP address must be on the same subnet as the management (admin) IP address of the B10p SSL proxy blade. |
1. Stop the B10p SSL proxy blade if it is currently running.
2. Get the new image from the FTP server.
3. Install the new image to take effect after the reboot.
4. Reboot the B10p SSL proxy blade to run the new image.
1. Stop the B10p SSL proxy blade if it is currently running.
2. Get the new image from the server.
If the upgrade package is not successfully verified, then contact the Sun Microsystems support service to report the problem.
3. Once the upgrade is in the backup location, activate it.
CLI# boot activate Do you want to overwrite your existing flash.cfg file (Yes/No)? No *** Warning. Do not turn off the power! *** activating boot. image updated. reboot to run new image. |
4. After the upgrade is activated, reboot the SSL proxy blade:
As soon as the upgrade is finished:
If the upgrade has unwanted side effects, you can always revert to the previous version of software. The boot activate command swaps the current and backup versions, but does not swap the boot images. If the upgrade documentation indicates that a new version of the boot image is part of the upgrade, do not use the boot activate command to revert to the previous version.
The SSL proxy blade has a built in Factory Image that guarantees the SSL proxy blade platform is recoverable even if an unbootable image is loaded on it. Because SSL proxy blade software is authenticated, image corruption is extremely unlikely. Although the Factory Image can be used to process SSL traffic, it is intended to provide a safe mode to load the latest available software version for the SSL proxy blade.
The Factory Image should be used only if the SSL proxy blade is not booting to a point where new software can be loaded. Before booting from factory image, connect a serial terminal and reboot to inspect the boot up messages. The boot problem could be associated with some internal hardware malfunction. If this is the case, call support.
To boot from Factory Image, power on the SSL proxy blade, and press and hold the Esc key down until you are prompted for input. When the boot menu is displayed, press r to revert to the factory image. Under normal system operation, the command boot revert also reboots from factory image.
If the SSL proxy blade loses power during the upgrade process, the backup image may be corrupted. In this case, it is best to ignore the backup image and perform the upgrade process again.
The description of each CLI command relevant to software image and booting is given below.
Use the show version command to display the current version of the software.
As any user, enter the show version command:
Use the reboot command to restart the blade. You are prompted to save the configuration, if needed. This command resets all connections and reboots the system.
Use the show boot command to display version information for all system software components.
As so or admin, enter the show boot command:
Use the boot activate command to activate the backup software version. The current active version is saved as the backup. This command is used after uploading a new software version. There may be a prompt to confirm overwriting the flash configuration (which should have been previously exported). You can also use this command to revert to a backup version.
As so, enter the boot activate command:
CLI# boot activate Do you want to overwrite your existing flash.cfg file (Yes/No)? Yes *** Warning. Do not turn off power! *** activating boot. image updated. reboot to run new image. |
Use the boot revert command to restore the factory installed software version. This command also clears the flash memory, removing all information including configuration, log files, and other information. This command reboots the SSL proxy blade and performs the operation.
As so, enter the boot revert command:
CLI# boot revert This will reformat the system and erase all system files Are you sure you want to do this (Yes/No)? |
Use the boot upload command to load new images of the software using FTP.
As so, enter the boot upload command:
Use the boot upload-tftp command to load new images of the software using TFTP.
As so, enter the boot upload-tftp command:
You can configure the Sun Fire B1600 blade chassis to update the Sun Fire B10p SSL proxy blade image from a server that is not VLAN capable.
1. Connect the network with this server to one of the eight uplinks of the chassis. In this example, the server is connected to port 0.
2. Insert the B10p SSL proxy blade into the chassis. In this example, slot 0 is used.
a. Choose a VLAN tag to be used for the management VLAN configured on the B10p SSL proxy blade. In this example, VLAN tag 3 is used.
b. Configure the B10p SSL proxy blade's networking with this VLAN and an appropriate IP address on the server's subnet.
3. From the SSC console, connect to the switch console.
4. Log in to the switch console as the admin user; the default password is admin.
5. Add the VLAN to the database.
Console# config Console(config)# vlan database Console(config-vlan)# vlan 3 name SSL-mgmt media ethernet Console(config-vlan)# end |
6. Verify that the output of the show VLAN command contains the following line:
7. Add the VLAN to the B10p SSL proxy blade port.
Console# configure Console(config)# interface ethernet SNP0 Console(config-if)# switchport allowed vlan add 3 tagged Console(config-if)# end |
8. Add the VLAN as the native VLAN to the uplink port.
Console# configure Console(config)# interface ethernet NETP0 Console(config-if)# switchport allowed vlan add 3 untagged Console(config-if)# switchport native vlan 3 Console(config-if)# end |
9. Verify that the output of the show VLAN command contains the following line:
10. Verify that the output of the show interfaces command is similar to the following:
Console# show interfaces VLAN membership mode: Hybrid Ingress rule: Disabled Acceptable frame type: All frames Native VLAN: 3 Priority for untagged traffic: 0 Allowed Vlan: 1(u), 3(u), |
11. For the B10p SSL proxy blade slot, verify that the output of the show interfaces switchport ethernet SNP0 command is similar to the following:
There should now be network connectivity between the server and the B10p SSL proxy blade.
The BSC on each blade server is a management agent for the system controller. It communicates information about the blade server it resides in to the system controller. It also receives and processes any commands that you type into the system controller's command-line interface.
Follow the instructions in this chapter if you have been advised by a Sun support engineer to download new firmware onto a System Controller, blade server, or integrated switch.
Using the TFTP server from the server controller enter the following command:
Where S indicates the slot and n is the number of the slot containing the blade you want to update. Valid slot numbers range from 0 to 15.
The following example shows the TFTP IP address as 10.4.128.103 and the file as /tftpboot/FRU/bsc-rel/scg-nrst-03.flash, updating the blade in slot 4. It also shows the messages that are returned and prompts:
| Sun Fire B10p SSL Proxy Blade Administration Guide | 817-0826-11 |
|
Copyright © 2004, Sun Microsystems, Inc. All rights reserved.
To Set Up a TFTP Server