Upgrading OS for Cluster Devices ?

Unanswered Question
Jussi Torhonen Wed, 04/07/2010 - 22:50
User Badges:

Check supported upgrade paths in Release Notes.


When doing such supported upgrades, check 'Upgrading Machines in Cluster' section in C-series documentation 'Advanced Configuration Guide'.

pvdberg00 Thu, 04/08/2010 - 00:08
User Badges:

First disconnect both servers from the cluster. After that perform an upgrade (follow the upgrade instructions) on both machines. After the upgrade of BOTH machines connect the machines to the cluster again.

homesh2009 Thu, 04/08/2010 - 01:52
User Badges:

Hi Krishna,


Login to one of the C160 via ssh


run below commands


clusterconfig

    disconnect


suspendlistener


Now login to same c160 via web.


go to administration -->system upgrade


after the rebboot reconnect to same box via ssh


Run the below command


clusterconfig

     resume



Repeat the above steps for the other box.


after both the boxes get upgraded then run below comand via ssh via any of the boxes


clusterconfig

     reconnect


it will give you both the boxes option (1,2,............n) (as per the number of boxes in cluster)


choose all the options one by one


there is no need to run commit.


regards,

homesh

Jussi Torhonen Thu, 04/08/2010 - 02:00
User Badges:

When upgrading here AsyncOS 7.1.0 for our C160 cluster, we noticed that TLS certificate settings were reseted. TLS certs are managed different way in the new rekease. After the upgrade, you must go to GUI menu Network -> Certificates, and see that they are ok. Perhaps Submit and Commit afterwards. After that, you must select proper certificate for your listener via Network -> Listeners -> MailInterface -> Certificate.

Hi,

Thanks For your Reply.


Box1 : 192.168.1.1

Box2 : 192.168.1.2

Cluster : 192.168.1.3


This Is My Box IP Address. Now All Mail are routed trough Cluster IP Address:192.168.1.3.


As per your above steps.


First i am connecting to Cluster IP Address and Disconnecting the Box1:192.168.1.1

After Disconnecting we have to Update the OS.

Now All Mails are Routed trough Box2:192.168.1.2

After Updating the Box1:192.168.1.1 i cant join it into the Cluster.

Again i am Doing the same steps to my Box2:192.168.1.2

Now my Both Box are not in Cluster what about my incoming mails.

There is no devices to receive the mails.

Please Clarifiy me on this


Doubt:

if i disconnect one box from the Cluster did that box have the same configuration are it becomes like a Dummy Box.

I mean configuration information.


Regards,

Bala Krishna G

homesh2009 Fri, 04/09/2010 - 01:43
User Badges:

HI Krishna,


Ironport cluster is only for configuration sync and not for load balancing.


when you remove the box from cluster during that time do not add /remove any settings to the cluster.

suspend all listeners so that Ironport will not even process any new mails, upgrade the box then resume all the listeners so that ironport will start

processing the new mails. Now repeat the procedure for the other box and join both the boxes to the cluster. Now you can add /remove any

config setting it will get replicated on to each box in cluster.


dont use cluster IP. you can connect to any of the box IP and do your work.

regarding the mail routing it has to be done by MX prioriy or any external load balancer you may have.


Doubt:

if i disconnect one box from the Cluster did that box have the same configuration are it becomes like a Dummy Box.

I mean configuration information.


Ans: if you disconnect the box from the cluster it will still have all the settings.


Please go through the advance user guide for detail explaination about Ironport clustering.


Regards,

HOmesh

Jussi Torhonen Fri, 04/09/2010 - 02:01
User Badges:

homesh2009 wrote:


Ironport cluster is only for configuration sync and not for load balancing.



DNS round-robin helps making C-series HA cluster somehow load balanced as well. So you have C-series cluster, say mxnode1 and mxnode2.


@ IN MX 10 mxcluster.corp.local.


mxcluster IN A 192.168.0.1

               IN A 192.168.0.2


mxnode1 IN A 192.168.0.1


mxnode2 IN A 192.168.0.2



In TLS certificate, use CN=mxcluster.corp.local and subjectAltName=DNS:mxnode1.corp.local,DNS:mxnode2.corp.local


For SMTP smarthost relay clients, use mxcluster.corp.local.


Now, both incoming internet mail traffic and outgoing relayed mail traffic is being equally distributed along those two C-series node servers. Been here in service provider like production environment for almost an year without any problems. Sure using dirfferent ip addressing, domain namespace and TLS certificate properties, but the idea is above. Using openssl pressend self-signed TLS certificates.


Regards,

Jussi

Actions

This Discussion