My previous post (Juniper SRX DB mode (Debug mode)) described a situation which is one of firewall cluster members got stuck into DB mode. Although it was fixed eventually by re-installed image, it was still failed again after a couple of months.
RMA ticket created with vendor Juniper and a new device was issued by Juniper. This post recorded all steps how to configure this new device and re-joined it back into existing cluster.
The all steps are quite straightforward. You may meet some file transferring issues or connectivity issues, but as long as you know your environment enough, those will be easily resolved if you followed all steps listed below.
Similar posts are in this blog:
- Juniper SRX340 HA Configuraiton
- Configure SRX 240 cluster Step by Step
- Configure High End Juniper SRX 1400 as Chassis Cluster Steps
- Juniper SRX 240 Chassis Cluster (High Availability) Configuration
Notes: before let new cluster member join into existing cluster, please make sure one thing:
Disable IDP feature on existing Chassis cluster. Else your new cluster member will fail to join into existing cluster and get into disabled mode. Fabric interface will show down status because new cluster member could not take your IDP configuration since it does not have IDP license and Signature Database.
Once you tried to add new cluster member in, the new cluster member will show as secondary status then change to hold ,eventually it will become disabled because failed to sync configuration. Fabric link will show up status shortly after rebooted then changed to down. Please see following texts copied from console:
{disabled:node0} root> show chassis cluster status Monitor Failure codes: CS Cold Sync monitoring FL Fabric Connection monitoring GR GRES monitoring HW Hardware monitoring IF Interface monitoring IP IP monitoring LB Loopback monitoring MB Mbuf monitoring NH Nexthop monitoring NP NPC monitoring SP SPU monitoring SM Schedule monitoring CF Config Sync monitoring Cluster ID: 9 Node Priority Status Preempt Manual Monitor-failures Redundancy group: 0 , Failover count: 0 node0 0 disabled no no CF node1 100 primary no no None {disabled:node0} root> show chassis cluster interfaces Control link status: Up Control interfaces: Index Interface Monitored-Status Internal-SA 0 fxp1 Up Disabled Fabric link status: Down Fabric interfaces: Name Child-interface Status (Physical/Monitored) fab0 fab0 fab1 ge-5/0/3 Down / Down fab1 Redundant-ethernet Information: Name Status Redundancy-group reth0 Up 1 reth1 Up 1 reth2 Down Not configured Redundant-pseudo-interface Information: Name Status Redundancy-group lo0 Up 0 {disabled:node0} Now lets start with all steps from beginning.
1. Basic Configuration for new RMA device
1.1 Check new device
It is important to make new device has same hardware and software. Also, do not forget to check license you might have.
Please make sure your new system backup and primary has same JunOS version. Just in case there is a failure , your system will boot to a wrong JunOS version causing clustering issue.
{disabled:node0} root> show system snapshot media internal node0: -------------------------------------------------------------------------- Information for snapshot on internal (/dev/da0s1a) (backup) Creation date: Sep 26 06:55:31 2017 JUNOS version on snapshot: junos : 15.1X49-D70.3-domestic Information for snapshot on internal (/dev/da0s2a) (primary) Creation date: Feb 16 15:44:47 2018 JUNOS version on snapshot: junos : 15.1X49-D50.3-domestic {disabled:node0} root> request system snapshot slice alternate node0: -------------------------------------------------------------------------- Formatting alternate root (/dev/da0s1a)... Copying '/dev/da0s2a' to '/dev/da0s1a' .. (this may take a few minutes) The following filesystems were archived: /
root> show chassis hardware Hardware inventory: Item Version Part number Serial number Description Chassis CZ4317AF1799 SRX345 Routing Engine REV 0x12 650-065042 CZ4317AF1799 RE-SRX345 FPC 0 FPC PIC 0 8xGE,8xGE SFP Base PIC Power Supply 0 root> show system software Information for junos: Comment: JUNOS Software Release [15.1X49-D70.3] root>
root> show interfaces terse Interface Admin Link Proto Local Remote ge-0/0/0 up down ge-0/0/0.0 up down inet gr-0/0/0 up up ip-0/0/0 up up lsq-0/0/0 up up lt-0/0/0 up up mt-0/0/0 up up sp-0/0/0 up up sp-0/0/0.0 up up inet inet6 sp-0/0/0.16383 up up inet 10.0.0.1 --> 10.0.0.16 10.0.0.6 --> 0/0 128.0.0.1 --> 128.0.1.16 128.0.0.6 --> 0/0 ge-0/0/1 up down ge-0/0/1.0 up down eth-switch ge-0/0/2 up down ge-0/0/2.0 up down eth-switch ge-0/0/3 up down ge-0/0/3.0 up down eth-switch ge-0/0/4 up down ge-0/0/4.0 up down eth-switch ge-0/0/5 up down ge-0/0/5.0 up down eth-switch ge-0/0/6 up down ge-0/0/6.0 up down eth-switch ge-0/0/7 up down ge-0/0/7.0 up down eth-switch ge-0/0/8 up down ge-0/0/8.0 up down eth-switch ge-0/0/9 up down ge-0/0/9.0 up down eth-switch ge-0/0/10 up down ge-0/0/10.0 up down eth-switch ge-0/0/11 up down ge-0/0/11.0 up down eth-switch ge-0/0/12 up down ge-0/0/12.0 up down eth-switch ge-0/0/13 up down ge-0/0/13.0 up down eth-switch ge-0/0/14 up down ge-0/0/14.0 up down eth-switch ge-0/0/15 up down ge-0/0/15.0 up down eth-switch fxp0 up up fxp0.0 up up inet 192.168.1.1/24 fxp2 up up fxp2.0 up up tnp 0x1 gre up up ipip up up irb up up irb.0 up down inet 192.168.2.1/24 jsrv up up jsrv.1 up up inet 128.0.0.127/2 lo0 up up lo0.16384 up up inet 127.0.0.1 --> 0/0 lo0.16385 up up inet 10.0.0.1 --> 0/0 10.0.0.16 --> 0/0 128.0.0.1 --> 0/0 128.0.0.4 --> 0/0 128.0.1.16 --> 0/0 lo0.32768 up up lsi up up mtun up up pimd up up pime up up pp0 up up ppd0 up up ppe0 up up st0 up up tap up up vlan up down vtep up up root> root> show system license License usage: Licenses Licenses Licenses Expiry Feature name used installed needed idp-sig 0 1 0 2018-03-15 00:00:00 UTC Licenses installed: License identifier: JUNOS988862 License version: 4 Valid for device: CZ4317AF1799 Features: idp-sig - IDP Signature date-based, 2018-02-12 00:00:00 UTC - 2018-03-15 00:00:00 UTC {disabled:node0}
1.2 Basic Configuration
Delete all default configuration and configure mgmt interface a ip address.
root> configure Entering configuration mode [edit] root# delete This will delete the entire configuration Delete everything under this level? [yes,no] (no) yes [edit] root# set system root-authentication plain-text-password New password: Retype new password: [edit] root# commit commit complete [edit] root# show ## Last changed: 2018-02-12 16:36:37 UTC version 15.1X49-D70.3; system { root-authentication { encrypted-password "$5$flpHfxbP$0Hwd/4AM3qFtVHuDumJYY/JqBsMdCXxZ9vuWzVFiwAC"; ## SECRET-DATA } } [edit] [edit] root# set interfaces fxp0.0 family inet address 10.9.4.10/24 [edit] root# commit commit complete root> ping 10.9.4.1 PING 10.9.4.1 (10.9.4.1): 56 data bytes 64 bytes from 10.9.4.1: icmp_seq=0 ttl=255 time=2.688 ms 64 bytes from 10.9.4.1: icmp_seq=1 ttl=255 time=0.648 ms ^C --- 10.9.4.1 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.648/1.668/2.688/1.020 ms root> show route inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.9.4.0/24 *[Direct/0] 00:00:36 > via fxp0.0 10.9.4.10/32 *[Local/0] 00:00:36 Local via fxp0.0 root> configure Entering configuration mode [edit] root# set routing-options static route 0.0.0.0/0 next-hop 10.9.4.1 [edit] root# commit and-quit commit complete Exiting configuration mode
A default static route will also need to be configured.
1.3 Test Connectivity Remotely
I got a test machine at 10.1.18.122 to make some basic connectivity test.
C:\Users\administrator>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : accounts.intern Link-local IPv6 Address . . . . . : fe80::c06:93c8:a694:f36d%11 IPv4 Address. . . . . . . . . . . : 10.1.18.122 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.1.18.1 Tunnel adapter isatap.accounts.intern: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : accounts.intern Tunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : C:\Users\administrator>ping 10.9.4.10 Pinging 10.9.4.10 with 32 bytes of data: Reply from 10.9.4.10: bytes=32 time=84ms TTL=61 Reply from 10.9.4.10: bytes=32 time=83ms TTL=61 Reply from 10.9.4.10: bytes=32 time=83ms TTL=61 Reply from 10.9.4.10: bytes=32 time=83ms TTL=61 Ping statistics for 10.9.4.10: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 83ms, Maximum = 84ms, Average = 83ms C:\Users\administrator>
2. Upgrade JunOS to Same Version as existing Cluster Member
2.1 JunOS Download
Log into Juniper Support site to download right JunOS for your new SRX device.
2.2 JunOS Upgrade from FTP Server
Once connectivity confirmed, you can start a ftp server to transfer your JunOS image from ftp server to local disk.
root> exit [email protected]% [email protected]% cd /var/tmp [email protected]% ls appidd_trace_debug install rtsdb cleanup-pkgs.log kmdchk.log sd-upgrade eedebug_bin_file krt_rpf_filter.txt sec-download gksdchk.log nsd_restart spu_kmd_init gres-tp pics vi.recover idp_license_info policy_status vpn_tunnel_orig.id [email protected]% [email protected]% ftp 10.1.18.122 Connected to 10.1.18.122. 220 Welcome to Quick 'n Easy FTP Server Name (10.1.18.122:root): test 331 Password required for test Password: 230 User successfully logged in. Remote system type is UNIX. ftp> get junos-srxsme-15.1X49-D50.3-domestic.tgz local: junos-srxsme-15.1X49-D50.3-domestic.tgz remote: junos-srxsme-15.1X49-D50.3-domestic.tgz 200 Port command successful. 150 Opening BINARY mode data connection for file transfer. 99% |************************************************* | 222 MB 00:00 ETAWARNING! 781404 bare linefeeds received in ASCII mode. File may not have transferred correctly. 100% |**************************************************| 222 MB 00:00 ETA 226 Transfer complete 233633436 bytes received in 359.42 seconds (634.80 KB/s) ftp> quit 221 Bye [email protected]% md5sum junos-srxsme-15.1X49-D50.3-domestic.tgz md5sum: Command not found. [email protected]% md5 junos-srxsme-15.1X49-D50.3-domestic.tgz MD5 (junos-srxsme-15.1X49-D50.3-domestic.tgz) = a02b4e0a5a4dfa17eb2eabd2017c94d7 Unfortunately this time, the MD5 value is not matching what you found from JunOS website.
Here are some explanation about ASCII mode and BIN mode for FTP file transferring:
Lots of files that need to be downloaded from FTP server using the binary transfer type include:
- image files (e.g. .jpg, .bmp, .png)
- sound files (e.g. .mp3, .avi, .wma)
- video files (eg. .flv, .mkv, .mov, .mp4),
- archive files (e.g. .zip, .rar, .tar)
- other files (e.g. .exe, .doc, .xls, .pdf, etc.)
Most popular FTP clients (the BSD command line client included) already use the binary or image type by default. Hence, there’s usually no need to issue the binary command if you download an image file. So why then would you need the ASCII transfer type?
ASCII data type or transfer mode is recommended if you want to transfer text files. Generally speaking, files whose contents can be read using a simple text editor like Notepad, nano, or pico are considered text files.
Lets try it again:
[email protected]% rm junos-srxsme-15.1X49-D50.3-domestic.tgz
[email protected]% ftp 10.1.18.122 Connected to 10.1.18.122. 220 Welcome to Quick 'n Easy FTP Server Name (10.1.18.122:root): test 331 Password required for test Password: 230 User successfully logged in. Remote system type is UNIX. ftp> binary 200 Type set to BINARY ftp> get junos-srxsme-15.1X49-D50.3-domestic.tgz local: junos-srxsme-15.1X49-D50.3-domestic.tgz remote: junos-srxsme-15.1X49-D50.3-domestic.tgz 200 Port command successful. 150 Opening BINARY mode data connection for file transfer. 100% |**************************************************| 222 MB 00:00 ETA 226 Transfer complete 233633436 bytes received in 344.13 seconds (663.00 KB/s) ftp> quit \221 Bye [email protected]% [email protected]% [email protected]% [email protected]% md5 junos-srxsme-15.1X49-D50.3-domestic.tgz MD5 (junos-srxsme-15.1X49-D50.3-domestic.tgz) = 46df41716937ecf5644411bb28503d60 [email protected]% Now we can see MD5 value is matching with original version.
2.3 JunOS Upgrade
[email protected]% cli root> request system software add junos-srxsme-15.1X49-D50.3-domestic.tgz NOTICE: Validating configuration against junos-srxsme-15.1X49-D50.3-domestic.tgz. NOTICE: Use the 'no-validate' option to skip this if desired. Formatting alternate root (/dev/da0s2a)... /dev/da0s2a: 2533.7MB (5188976 sectors) block size 16384, fragment size 2048 using 14 cylinder groups of 183.62MB, 11752 blks, 23552 inodes. super-block backups (for fsck -b #) at: 32, 376096, 752160, 1128224, 1504288, 1880352, 2256416, 2632480, 3008544, 3384608, 3760672, 4136736, 4512800, 4888864 saving package file in /var/sw/pkg ... Checking compatibility with configuration Initializing... Verified manifest signed by PackageProductionEc_2016 method ECDSA256+SHA256 Using junos-15.1X49-D50.3-domestic from /altroot/cf/packages/install-tmp/junos-15.1X49-D50.3-domestic Copying package ... Verified manifest signed by PackageProductionEc_2016 method ECDSA256+SHA256 Hardware Database regeneration succeeded Validating against /config/juniper.conf.gz usage: cp [-R [-H | -L | -P]] [-f | -i | -n] [-pv] source_file target_file cp [-R [-H | -L | -P]] [-f | -i | -n] [-pv] source_file ... target_directory mgd: commit complete Validation succeeded Installing package '/altroot/cf/packages/install-tmp/junos-15.1X49-D50.3-domestic' ... Verified junos-boot-srxsme-15.1X49-D50.3.tgz signed by PackageProductionEc_2016 method ECDSA256+SHA256 Verified junos-srxsme-15.1X49-D50.3-domestic signed by PackageProductionEc_2016 method ECDSA256+SHA256 JUNOS 15.1X49-D50.3 will become active at next reboot WARNING: A reboot is required to load this software correctly WARNING: Use the 'request system reboot' command WARNING: when software installation is complete Saving state for rollback ... root> request system reboot Reboot the system ? [yes,no] (no) yes Shutdown NOW! [pid 7264] *** FINAL System shutdown message from [email protected] *** System going down IMMEDIATELY root> FWaiting (max 60 seconds) for system process `vnlru' to stop...done Waiting (max 60 seconds) for system process `vnlru_mem' to stop...done Waiting (max 60 seconds) for system process `bufdaemon' to stop...done Waiting (max 60 seconds) for system process `syncer' to stop... Syncing disks, vnodes remaining...0 0 0 0 done syncing disks... All buffers synced. Uptime: 2d18h15m27s Rebooting... cpu_reset: Stopping other CPUs SPI stage 1 bootloader (Build time: May 3 2016 - 23:48:30) early_board_init: Board type: SRX_345 U-Boot 2013.07-JNPR-3.1 (Build time: May 03 2016 - 23:48:31) SRX_345 board revision major:1, minor:12, serial #: CZ4317AF1799 OCTEON CN7130-AAP pass 1.2, Core clock: 1600 MHz, IO clock: 600 MHz, DDR clock: 667 MHz (1334 Mhz DDR) Base DRAM address used by u-boot: 0x10fc00000, size: 0x400000 DRAM: 4 GiB Clearing DRAM...... done Using default environment SF: Detected MX25L6405D with page size 256 Bytes, erase size 64 KiB, total 8 MiB Found valid SPI bootloader at offset: 0x90000, size: 1481840 bytes U-Boot 2013.07-JNPR-3.1 (Build time: May 03 2016 - 23:50:19) Using DRAM size from environment: 4096 MBytes checkboard siege SATA0: not available SATA1: not available SATA BIST STATUS = 0x0 SRX_345 board revision major:1, minor:12, serial #: CZ4317AF1799 OCTEON CN7130-AAP pass 1.2, Core clock: 1600 MHz, IO clock: 600 MHz, DDR clock: 667 MHz (1334 Mhz DDR) Base DRAM address used by u-boot: 0x10f000000, size: 0x1000000 DRAM: 4 GiB Clearing DRAM...... done SF: Detected MX25L6405D with page size 256 Bytes, erase size 64 KiB, total 8 MiB PCIe: Port 0 link active, 1 lanes, speed gen2 PCIe: Link timeout on port 1, probably the slot is empty PCIe: Port 2 not in PCIe mode, skipping Net: octrgmii0 octeon_fdt_broadcom_config: Unknown broadcom phy for octrgmii0 Interface 4 has 1 ports (AGL) Type the command 'usb start' to scan for USB storage devices. Boot Media: eUSB usb Found TPM SLB9660 TT 1.2 by Infineon TPM initialized Hit any key to stop autoboot: 0 SF: Detected MX25L6405D with page size 256 Bytes, erase size 64 KiB, total 8 MiB SF: 1048576 bytes @ 0x200000 Read: OK ## Starting application at 0x8f0000a0 ... Consoles: U-Boot console Found compatible API, ver. 3.1 USB1: Starting the controller USB XHCI 1.00 scanning bus 1 for devices... 2 USB Device(s) found USB0: Starting the controller USB XHCI 1.00 scanning bus 0 for devices... 1 USB Device(s) found scanning usb for storage devices... 1 Storage Device(s) found FreeBSD/MIPS U-Boot bootstrap loader, Revision 2.8 ([email protected], Tue Feb 10 00:32:30 PST 2015) Memory: 4096MB SF: Detected MX25L6405D with page size 256 Bytes, erase size 64 KiB, total 8 MiB [0]Booting from eUSB slice 2 Loading /boot/defaults/loader.conf /kernel data=0xb80a70+0x1515f4 syms=[0x4+0x9dd10+0x4+0xeb2a4] Hit [Enter] to boot immediately, or space bar for command prompt. Booting [/kernel]... Kernel entry at 0x801000c0 ... init regular console Primary ICache: Sets 16 Size 128 Asso 39 Primary DCache: Sets 8 Size 128 Asso 32 Secondary DCache: Sets 1024 Size 128 Asso 4 CIU_FUSE 0xf/0xf GDB: debug ports: uart GDB: current port: uart KDB: debugger backends: ddb gdb KDB: current backend: ddb kld_map_v: 0x8ff80000, kld_map_p: 0x0 Running in PARTITIONED TLB MODE Copyright (c) 1996-2016, Juniper Networks, Inc. All rights reserved. Copyright (c) 1992-2007 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. JUNOS 15.1X49-D50.3 #0: 2016-05-28 20:02:37 UTC [email protected]:/volume/build/junos/15.1/service/15.1X49-D50.3/obj/octeon/junos/bsd/kernels/JSRXNLE/kernel can't re-use a leaf (debug)! JUNOS 15.1X49-D50.3 #0: 2016-05-28 20:02:37 UTC [email protected]:/volume/build/junos/15.1/service/15.1X49-D50.3/obj/octeon/junos/bsd/kernels/JSRXNLE/kernel real memory = 4294967296 (4194304K bytes) avail memory = 2621882368 (2500MB) FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot) Security policy loaded: Junos MAC/veriexec (mac_veriexec) Security policy loaded: JUNOS MAC/pcap (mac_pcap) MAC/veriexec fingerprint module loaded: SHA256 MAC/veriexec fingerprint module loaded: SHA1 netisr_init: !debug_mpsafenet, forcing maxthreads from 4 to 1 cpu0 on motherboard : CAVIUM's OCTEON 70XX/71XX CPU Rev. 0.2 with no FPU implemented L1 Cache: I size 78kb(128 line), D size 32kb(128 line), thirty two way. L2 Cache: Size 512kb, 4 way obio0 on motherboard uart0: <Octeon-16550 channel 0> on obio0 uart0: console (9600,n,8,1) twsi0 on obio0 set clock 0x58 xhci0: <Cavium Octeon 7xxx xHCI Host Driver> on obio0 usb0: <USB bus for xHCI Controller> on xhci0 usb0: USB revision 3.0 uhub0: vendor 0x0000 XHCI root hub, class 9/0, rev 3.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered xhci1: <Cavium Octeon 7xxx xHCI Host Driver> on obio0 usb1: <USB bus for xHCI Controller> on xhci1 usb1: USB revision 3.0 uhub1: vendor 0x0000 XHCI root hub, class 9/0, rev 3.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered cpld0 on obio0 pcib0: <Cavium on-chip PCIe HOST bridge> on obio0 Disabling Octeon big bar support pcib0: Initialized controller pci0: <PCI bus> on pcib0 pci0: <network, ethernet> at device 0.0 (no driver attached) pci0: <network, ethernet> at device 0.1 (no driver attached) gblmem0 on obio0 octpkt0: <Octeon RGMII> on obio0 cfi0: <Macronix MX25L64 - 8MB> on obio0 cfi1: <Macronix MX25L64 - 8MB> on obio0 octagl0: <Octeon AGL> on obio0 umass0: Transcend TS8VSUFMD15TJS, rev 2.00/11.00, addr 2 miibus0: <MII bus> on octagl0 brgphy0: <BCM54616S 10/100/1000baseTX PHY> on miibus0 brgphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto Timecounter "mips" frequency 1600000000 Hz quality 0 Registered AMT tunnel Encap with UDP Tunnel! Loading Redundant LT driver ###PCB Group initialized for udppcbgroup ###PCB Group initialized for tcppcbgroup Kernel thread "wkupdaemon" (pid 48) exited prematurely. da0 at umass-sim0 bus 0 target 0 lun 0 da0: <TS TS8VSUFMD15TJS 1100> Fixed Direct Access SCSI-6 device da0: 40.000MB/s transfers da0: 7720MB (15810560 512 byte sectors: 255H 63S/T 984C) Trying to mount root from ufs:/dev/da0s2a MFSINIT: Initialising MFSROOT Process-1 beginning MFSROOT initialization... Creating MFSROOT... /dev/md0: 20.0MB (40956 sectors) block size 16384, fragment size 2048 using 4 cylinder groups of 5.00MB, 320 blks, 640 inodes. super-block backups (for fsck -b #) at: 32, 10272, 20512, 30752 Populating MFSROOT... Creating symlinks... Setting up mounts... Continuing boot from MFSROOT... Attaching /cf/packages/junos via /dev/mdctl... Mounted junos package on /dev/md1... F Automatic reboot in progress... ** /dev/da0s2a (NO WRITE) ** Last Mounted on / ** Root file system ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 164 files, 116024 used, 1160379 free (59 frags, 145040 blocks, 0.0% fragmentation) mount reload of '/' failed: Operation not supported Verified junos signed by PackageProductionEc_2016 method ECDSA256+SHA256 Verified jboot signed by PackageProductionEc_2016 method ECDSA256+SHA256 Verified junos-15.1X49-D50.3-domestic signed by PackageProductionEc_2016 method ECDSA256+SHA256 Checking integrity of BSD labels: s1: Passed s2: Passed s3: Passed s4: Passed ** /dev/bo0s3e FILE SYSTEM CLEAN; SKIPPING CHECKS clean, 94745 free (17 frags, 11841 blocks, 0.0% fragmentation) ** /dev/bo0s3f FILE SYSTEM CLEAN; SKIPPING CHECKS clean, 861631 free (191 frags, 107680 blocks, 0.0% fragmentation) Checking integrity of licenses: Checking integrity of configuration: rescue.conf.gz: No recovery data hw.re.gres_sync_other: 0 -> 1 Loading configuration ... Non-existant dump device /dev/bo0s1b mgd: commit complete Setting initial options: . Starting optional daemons: usbd. Doing initial network setup: . Initial interface configuration: Time and ticks drifted too much, resetting synchronization... hw.re.gres_sync_other: 1 -> 0 additional daemons: eventd. Non-existant dump device /dev/bo0s1b Additional routing options:kern.module_path: /boot//kernel;/boot/modules -> /boot/modules;/modules/ifpfe_drv;/modules; kld netpfe drv: ifpfed_dialer ipsecIPsec: Initialized Security Association Processing. kld kats kl. Doing additional network setup:. Starting final network daemons:. setting ldconfig path: /usr/lib /opt/lib starting standard daemons: cron. Initial rc.mips initialization:. Local package initialization:. starting local daemons:set cores for group access . kern.securelevel: -1 -> 1 Creating JAIL MFS partition... JAIL MFS partition created Boot media /dev/da0 has dual root support WARNING: JUNOS versions running on dual partitions are not same ** /dev/da0s1a FILE SYSTEM CLEAN; SKIPPING CHECKS clean, 1146759 free (63 frags, 143337 blocks, 0.0% fragmentation) Mon Feb 12 17:51:42 UTC 2018 FFFFFFFFFFFFFFFFF Amnesiac (ttyu0) login: root Password: [email protected]% --- JUNOS 15.1X49-D50.3 built 2016-05-28 20:02:37 UTC [email protected]% [email protected]% cli root> root> show system software Information for junos: Comment: JUNOS Software Release [15.1X49-D50.3]
3. Join into Existing Cluster
Important note again, if you are using IDP feature, please disable IDP on your exiting cluster member first before new device join into Cluster.
root> configure Entering configuration mode [edit] root# delete This will delete the entire configuration Delete everything under this level? [yes,no] (no) yes [edit] root# set system root-authentication plain-text-password New password: Retype new password: [edit] root# commit and-quit commit complete Exiting configuration mode root> show interfaces terse Interface Admin Link Proto Local Remote ge-0/0/0 up up gr-0/0/0 up up ip-0/0/0 up up lsq-0/0/0 up up lt-0/0/0 up up mt-0/0/0 up up sp-0/0/0 up up sp-0/0/0.0 up up inet inet6 sp-0/0/0.16383 up up inet 10.0.0.1 --> 10.0.0.16 10.0.0.6 --> 0/0 128.0.0.1 --> 128.0.1.16 128.0.0.6 --> 0/0 ge-0/0/1 up up ge-0/0/2 up up ge-0/0/3 up up ge-0/0/4 up up ge-0/0/5 up down ge-0/0/6 up down ge-0/0/7 up down ge-0/0/8 up down ge-0/0/9 up down ge-0/0/10 up down ge-0/0/11 up down ge-0/0/12 up down ge-0/0/13 up down ge-0/0/14 up down ge-0/0/15 up down fxp0 up up fxp2 up up fxp2.0 up up tnp 0x1 gre up up ipip up up irb up up lo0 up up lo0.16384 up up inet 127.0.0.1 --> 0/0 lo0.16385 up up inet 10.0.0.1 --> 0/0 10.0.0.16 --> 0/0 128.0.0.1 --> 0/0 128.0.0.4 --> 0/0 128.0.1.16 --> 0/0 lo0.32768 up up lsi up up mtun up up pimd up up root> set chassis cluster cluster-id 9 node 0 reboot Successfully enabled chassis cluster. Going to reboot now. root> *** FINAL System shutdown message from [email protected] *** System going down IMMEDIATELY Feb 12 18:17:44 init: routing (PID 1602) exited with status=0 Normal Exit Feb 12 18:17:44 init: mib-process (PID 1601) exited with status=0 Normal Exit Feb 12 18:17:44 init: snmp (PID 1600) exited with status=0 Normal Exit Feb 12 18:17:44 init: watchdog (PID 1592) exited with status=0 Normal Exit Feb 12 18:17:44 init: usb-control (PID 1237) exited with status=0 Normal Exit FWaiting (max 60 seconds) for system process `vnlru' to stop...done Waiting (max 60 seconds) for system process `vnlru_mem' to stop...done Waiting (max 60 seconds) for system process `bufdaemon' to stop...done Waiting (max 60 seconds) for system process `syncer' to stop... Syncing disks, vnodes remaining...0 0 0 done syncing disks... All buffers synced. Uptime: 28m21s Rebooting... cpu_reset: Stopping other CPUs ..................... ..................... .......<OMIT>.............. ..................... login: root {secondary:node0} root> --- JUNOS 15.1X49-D50.3 built 2016-05-28 20:02:37 UTC
References: