Juniper router upgrade

Preparation

1. Download the proper image to apt1001:/srv/junos/
   • We now only use 64bits vmhost
   • Based on upgrade task and Juniper recommended

All the steps bellow should be done with:
cumin1001:~$ sudo cookbook sre.network.prepare-upgrade <image-filename>.tgz <router-fqdn>

1. Make room for the image
   • request system storage cleanup
2. Save rescue config (just in case)
   • request system configuration rescue save
3. Copy image
   • file copy "https://apt.wikimedia.org/junos/$filename.tgz" /var/tmp/ routing-instance mgmt_junos
4. Check checksum
   • file checksum md5 /var/tmp/$filename.tgz
   • Compare with checksum on Juniper's website

Upgrade

1. Check if console port(s) is(/are) working
2. Depool site (optional)
3. Drain traffic away from router
   1. Apply GRACEFUL_SHUTDOWN - https://phabricator.wikimedia.org/T211728
   2. Disable the peers
      • deactivate protocols bgp group Transit4
      • deactivate protocols bgp group Transit6
      • deactivate protocols bgp group IX4
      • deactivate protocols bgp group IX6
      • Adjust OSPF metrics
      • If eqiad/codfw drain the pfw3 link by increasing the MED value on both sides
4. Ensure router is not VRRP master
   • show vrrp summary
   • set groups vrrp interfaces <*> unit <*> family inet address <*> vrrp-group <*> priority 70    
   • set groups vrrp interfaces <*> unit <*> family inet6 address <*> vrrp-inet6-group <*> priority 70
5. Downtime host in Icinga and LibreNMS

If Multi RE:

1. Remove graceful-switchover
   • deactivate chassis redundancy graceful-switchover
   • request system configuration rescue save (to not have the above statement in the rescue config)
2. Install image on backup RE
   • request vmhost software add /var/tmp/$filename.tgz re1
3. Reboot RE1
   • request vmhost reboot re1
4. Once back up (show chassis routing-engine), perform RE switchover (impactful)
   • request chassis routing-engine master switch
5. Once done, repeat previous 3 steps for re0
6. Rollback "Remove graceful-switchover"

If single RE:

1. Install image on RE
   • request vmhost software add /var/tmp/$filename.tgz
2. Reboot router
   • request vmhost reboot

Both single and dual RE:

1. Check if router is healthy
   • show log messages | last
   • show system alarms
   • show ospf(3) interface
   • show bgp summary
   • All green in Icinga and LibreNMS

Cleanup

1. • request system storage cleanup
2. Remove Icinga and LibreNMS downtimes
3. Rollback "Drain traffic away from router"
4. Rollback VRRP change if any
5. Save rescue config (just in case)
   • request system configuration rescue save
6. On vmhost devices, save the disk snapshot to the backup partition
   • request vmhost snapshot for single RE devices
   • request vmhost snapshot routing-engine both for dual RE devices