Saucepan

User Tools

Site Tools

Trace: datasheets
infoblox_nios:upgrade

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
infoblox_nios:upgrade [2025/11/13 15:49] – [NIOS Upgrade] bstaffordinfoblox_nios:upgrade [2026/03/19 23:06] (current) – [Upgrades to NIOS 9.1] bstafford
Line 13: Line 13:
  
 NOTE: When you have install a hotfix bundle/collective hot fix (e.g. CHF 8.6.3.2 ), make sure you perform a product restart (of full reboot) on the systems to ensure the fix is fully implemented. If you forget and then try to upgrade to another version of NIOS (e.g. 9.0.1) you can (albeit, very unlikely) run into [[https://support.infoblox.com/s/article/000009442|issues]]. NOTE: When you have install a hotfix bundle/collective hot fix (e.g. CHF 8.6.3.2 ), make sure you perform a product restart (of full reboot) on the systems to ensure the fix is fully implemented. If you forget and then try to upgrade to another version of NIOS (e.g. 9.0.1) you can (albeit, very unlikely) run into [[https://support.infoblox.com/s/article/000009442|issues]].
 +
 +
 +NOTE: From NIOS 9.0.6 onwards, upgrade status logs are captured in the Grid Master log files. You can view these logs using the ''show log debug follow /UPGRADE_STATUS/'' CLI command.
  
 You may need to increase the session time out limit for your user account if you are having issues uploading code to the GM prior to an upgrade. If the time out limit is too low, the time out can break the upload. You may need to increase the session time out limit for your user account if you are having issues uploading code to the GM prior to an upgrade. If the time out limit is too low, the time out can break the upload.
Line 53: Line 56:
  
 After you complete the downgrade procedure, all data in the database is lost. The downgrade process does not preserve data but does preserve license information and basic network settings. After you complete the downgrade procedure, all data in the database is lost. The downgrade process does not preserve data but does preserve license information and basic network settings.
 +
 +===== Upgrades to NIOS 9.1 =====
 +SSH into GM and disable TLS 1.0 and TLS 1.1
 +
 +<code>set ssl_tls_settings override
 +set ssl_tls_protocols disable TLSv1.0
 +set ssl_tls_protocols disable TLSv1.1</code>
 +You will need to restart the GUI manually. Navigate to the Grid tab -> Grid Manager tab -> Members tab, select the member checkbox, expand the Toolbar, and click Control -> Restart GUI
 +
 +You may also get the following error logs in the GM syslog based on one or more of the Trusted Root CA in your CA store in NIOS
 +<code>Upgrade check failed, SKI doesn't exist in CA-certificate subject=</code>
  
 ===== Upgrades to NIOS 9.0 ===== ===== Upgrades to NIOS 9.0 =====
Line 59: Line 73:
  
 You should install Hotfix-NIOS-98022 BEFORE upgrading to NIOS 9.0 (but AFTER distribution of NIOS 9.0.x code) to ensure that all OpenVPN connections (Grid communication) is using a correct certificate. Failure to do this can result in members going offline (not connecting to GM) and/or GM entering a reboot loop. From NIOS 9.0.6 onwards, Upgrade Test and Upgrade will fail if OpenVPN certificates are not correct. More details [[https://support.infoblox.com/s/article/How-to-recover-NIOS-from-old-certificate-related-issues|here]]. You should install Hotfix-NIOS-98022 BEFORE upgrading to NIOS 9.0 (but AFTER distribution of NIOS 9.0.x code) to ensure that all OpenVPN connections (Grid communication) is using a correct certificate. Failure to do this can result in members going offline (not connecting to GM) and/or GM entering a reboot loop. From NIOS 9.0.6 onwards, Upgrade Test and Upgrade will fail if OpenVPN certificates are not correct. More details [[https://support.infoblox.com/s/article/How-to-recover-NIOS-from-old-certificate-related-issues|here]].
 +
 +Consider setting the following after upgrading to 9.0 to ensure that DNS restarts don't take longer. named_max_exit_wait - default is to wait until exit happens. This command sets a max (e.g. 3 or 5 seconds)
 +
  
 In NIOS 9.0 and higher, if you use LDAP authentication and you need the LDAP connection to egress the MGMT interface, you must put a static route on the NIOS box to force the traffic to use the MGMT interface.  This is because in NIOS 9.0.0, LDAP requests to the LDAP server and Active Directory server cannot be sent using the MGMT IP address, because OpenLDAP version 2.4.49 (Ubuntu) removed the options of binding the source IP address on the client. Therefore, an LDAP request or an Active Directory authentication request is always sent through the LAN IP address, even though you have enabled the Connect through Management Interface option. In NIOS 9.0 and higher, if you use LDAP authentication and you need the LDAP connection to egress the MGMT interface, you must put a static route on the NIOS box to force the traffic to use the MGMT interface.  This is because in NIOS 9.0.0, LDAP requests to the LDAP server and Active Directory server cannot be sent using the MGMT IP address, because OpenLDAP version 2.4.49 (Ubuntu) removed the options of binding the source IP address on the client. Therefore, an LDAP request or an Active Directory authentication request is always sent through the LAN IP address, even though you have enabled the Connect through Management Interface option.
Line 142: Line 159:
  
 The following command is available from NIOS 9.0 onwards The following command is available from NIOS 9.0 onwards
 +<code>set enable_strict_ca_cert_check</code>
 <code>set disable_strict_ca_cert_check</code> <code>set disable_strict_ca_cert_check</code>
 <code>show strict_ca_cert_check</code> <code>show strict_ca_cert_check</code>
infoblox_nios/upgrade.1763048998.txt.gz · Last modified: by bstafford