Stingray/Brocade Software Uprade 10.4r1

Upgrading a Stingray Traffic Manager is easy either via CLI or GUI. Following are easy steps to upgrade via the Administration Interface on STM:

Upgrade Procedure via GUI:
1. Obtain the new installation package ( for example ZeusTM_104r1_Linux-x86_64.tgz)

2. Navigate to the System > Traffic Managers page on the Admin Interface of the Traffic Manager you intend to upgrade.

3. Click the Upgrade button and upload the new installation package

4. Follow the instructions to apply the software upgrade.

*Software version mismatch alarm is expected if your upgrading a cluster. This alarm will clear itself once complete cluster is running on same version.

Roll back Procedure via GUI:
1. Navigate to the System> Traffic Managers page on the the Admin Interface of the Traffic Manager you intend to upgrade.

2. Click the rollback button and select the old installation package for example release 9.9.

  1. Follow the instructions to apply the software upgrade.

 

Upgrade procedure via CLI:

  1. Upload and extract the software package for xample ZeusTM_104r1_Linux-x86_64.tgz in /root
  2. Get into the cd ZeusTM_104r1_Linux-x86_64
  3.  Run the installation script ./zinstall
  4. Select upgrade and allow to complete.

Through the web interface verify that the load balancer has returned to production operation. Warnings are expected on the Cluster Diagnosis due to the version mismatch within the cluster.

 

Rollback procedure via CLI

On each load balancer in turn, as required:

  1. Get into the cd /usr/local/zeus
  2. Run the rollback script ./zxtm/bin/rollback
  3. Select version the older version for example 9.9
  4. Allow the downgrade process to run to completion

 

Renew SSL Certificate on Stingray Loadbalancer

Once SSL certificate on Stingray/Brocase/Zeuss reaching expiry, there will be an alert generated on the Loadbalancer in advance to inform you to take necessary action.

If you recieve .pfx certificate from customer, then you would need to convert it in order to import into the Stingray Loadbalancer. Please note that this .pfx file contains public and private key and extension .pfx is associated Microsoft Servers.  Private key in received .pfx file received from customer will also be encrypted with password, so customer will provide you password as well do decrypt it before installing into the Stingray Loadbalancer.

What you would need is basically access to any Unix machine that has openssl installed. Then you need to follow these steps:

Extracting the private key from a PKCS12 file:

openssl pkcs12 -in certificate.from.customer.pfx -nocerts -out key.pem -nodes

If you omit the -nodes flag, openssl will prompt you for an encryption password to protect your private key; Stingray does not support such encrypted keys.  If you inadvertently create an encrypted key, you can generate the decrypted version as follows:

openssl rsa -in key.pem -out key.decrypted.pem

Extracting the certficate from a PKCS12 file:

openssl pkcs12 -in certificate.from.customer.pfx -nokeys -out cert.pem

Now go into Loadbalncer>SSL tab. Then import cert.pem and key.decrypted.pem file into the Loadbalancer. You would then see the newly imported certificate is now showing into the list of all available SSL certificate.

You would now need to attach the newly imported certificate with the VIP/Pool.

  1. Just go into the Catalog>SSL tab and select your certificate that is expiring.
  2. Then click on the VIP/Pool linked to the certificate that is expiring.
  3. Select the newly imported certificate from the drop-down list of available certificates and click update at the bottom of the page.

You should now see the alert in the load balancer regarding certificate expiry is now cleared. This can be checked in event logs in the load balancer tab and notice that the new certificate activation cause alert to go green from amber.