Cisco JUMP Upgrade – You need things (Part #1)

You need a lot of things to handle a JUMP upgrade. If you’re not familiar with what I’m talking about I’ll run through the basics.

You have a Cisco Communications Manager on an older release and you cannot DIRECTLY upgrade to version 9.1(2). You can JUMP from the following versions – 6.1(4), 6.1(5), 7.1(3), and 7.1(5). Another case is that you’re on Cisco MCS servers and you’re going virtualized. The upgrade to Release 9.1(2) and data migration will be performed in an isolated environment and moved to production during a service window.

The following network services must be available:

  • default gateways—recreate all relevant networks and ensure connectivity between them
  • NTP server—this can be different IP address or a local router
  • DNS server—if a DNS server is used in the existing production environment, ensure the domain name matches for forward and reverse lookup of cluster nodes.
  • FTP and SFTP server—ensure sufficient storage for firmware, images, and backups

WAIT a minute! I’m in an isolated network in VMware, how do I have all of these things available to me? You really expect me to duplicate all of this in an isolated environment? My Cisco cluster will have the same names, IP addresses and configuration. My gateway will be the same. My DNS servers will be the same. Fortunately you can change all of this later on so all we need right now is to get through the installs and make our isolated network functional.

FreeBSD to the rescue. If you don’t know me already, I like FreeBSD. If FreeBSD is good enough for Netflix and Amazon it is good enough for me. Installing and duplicating all of this on a Windows machine would take hours. I’ll get it all done in a matter of minutes with FreeBSD.

5 MINUTES – Install FreeBSD in a guest machine alongside where you plan to upgrade your isolated 9.1(2) server. The current VSwitch should be the live network because we need to pull some actual information from the live network before isolating this FreeBSD VMguest. If this VLAN doesn’t support DHCP be sure to configure the static during installation. This guest doesn’t need much processing with what you’re about to do. Give the guest enough hard drive space you’ll need to host your FTP/SFTP upgrades and backups. I typically allocate 64GB which is thin provisioned anyway.

During installation select NTPD as a system service.

During installation create a user account called “jumpupgrader” or whatever you want. Since this is a controlled environment I add this user to “wheel” so I can get into root as necessary.

Guess what? Now you have a router, NTPd server, DNS server, FTP and SFTP server. However you’ll need slightly more configuration.

NTPd – You’ll need to fudge NTP. You’re going to move this VMguest into an isolated network so NTPd is going to lose contact to upstream stratum servers. (I’m not going into routing though this machine in this blog post)

vi /etc/ntp.conf

Change the last two lines

#server 127.127.1.0 to server 127.127.1.0

#fudge 127.127.1.0 stratum 10 to fudge 127.127.1.0 stratum 1

Service ntpd restart

If I’m going to fudge something I might as well pretend I’m a GPS hardware device. Now you can move this machine into the isolated network and NTPd will continue to respond.

Ntpq –p now responds with “LOCAL(0) .LOCL. 1 l 2 64 1 0.000 0.000 0.000

 

SFTP – SFTP is an SSHD subsystem and is operated by a helper. You can SFTP to your FreeBSD VMguest with your previously created user account. You will be connected to /usr/home/jumpupgrader with Filezilla.

DNS and BIND (I will update and republish within the next week when FreeBSD 10 comes out. There are some changes in the local resolver from BIND to Unbind and LDNS)

Cisco Communications Manager and other Cisco Collaboration products perform reverse and forward lookups during installation. You need to create the DNS zones and host entries. Fortunately this is very easy in BIND. If you need to get more complex than the following configuration just head over to Google and research BIND. As FreeBSD reminds you – I’m not going into the hairy details of DNS.

Vi /etc/rc.conf

 

Add a line

named_enable=”YES”

 

service named start

 

Viola we have a DNS server.

Make a backup of your configuration

/etc/namedb # cp named.conf named.conf.original

You need DNS to listen on the IP addresses you’re going to set up on FreeBSD. You’ll also need to create some zone files for the DNS infrastructure you’re going to fudge. Just follow me on all this and you’ll get it going in no time at all. Copy and paste if you have to.

vi named.conf

 

listen-on { 127.0.0.1; any; };

 

//this enables BIND to listen on any IP address configured. A “sockstat -4 –l” after service restart should show the local LAN ip address:53 in the list.

Go to the bottom of the configuration and put these lines into the configuration. Obviously substituting your “mycompany.local” for your master DNS zone you’re Cisco Collaboration systems exist in. And obviously getting the reverse lookup zone correct for the subnet your isolation servers are going to exist in.

zone “mycompany.local” {

type master;

file “/etc/namedb/master/mycompany.db”;

};

zone “255.31.172.in-addr.arpa”{

type master;

file “/etc/namedb/master/255.31.172.in-addr.arpa”;

};

 

Now write and save.

Time to create the zone files and all that good information needed for a DNS zone. Change the names below and just paste it in.

root@jumpupgrader:/etc/namedb/master # ee /etc/namedb/master/mycompany.db

 

PASTE THIS

 

$TTL 3600        ; 1 hour default TTL

mycompany.local.    IN      SOA      jumpupgrader.mycompany.local. admin.mycompany.local. (

                                2006051501      ; Serial

                                10800           ; Refresh

                                3600            ; Retry

                                604800          ; Expire

                                300             ; Negative Response TTL

                        )

; DNS Servers

                IN      NS      jumpupgrader.mycompany.local.

; Machine Names

localhost    IN    A    127.0.0.1

jumpupgrader    IN    A    172.31.255.120

cucm-publisher    IN    A    172.31.255.5

cucm-subscriber    IN    A    172.31.255.6

 

Escape and save the file.

 

Command to create next zone file-

 # ee /etc/namedb/master/255.31.172.in-addr.arpa

 

PASTE THIS

  
 

$TTL 3600        ; 1 hour default TTL

255.31.172.in-addr.arpa.    IN      SOA      jumpupgrader.mycompany.local. admin.mycompany.local. (

                                2006051501      ; Serial

                                10800           ; Refresh

                                3600            ; Retry

                                604800          ; Expire

                                300             ; Negative Response TTL

                        )

                IN      NS      jumpupgrader.mycompany.local.

120             IN      PTR     mycompany.local.

5    IN    PTR    cucm-publisher.mycompany.local.

6    IN    PTR    cucm-subscriber.mycompany.local.

 

Escape and save the file.

Now do a final restart and let’s check the configuration –

service named restart

root@jumpupgrader:/etc/namedb/master # nslookup

> server 127.0.0.1

Default server: 127.0.0.1

Address: 127.0.0.1#53

> cucm-publisher.mycompany.local

Server: 127.0.0.1

Address: 127.0.0.1#53

 

Name: cucm-publisher.mycompany.local

Address: 172.31.255.5

> 172.31.255.5

Server: 127.0.0.1

Address: 127.0.0.1#53

 

5.255.31.172.in-addr.arpa name = cucm-publisher.mycompany.local.

>

 

Success!

 

Now we have the basic network services needed to handle the CUCM installations in our isolated network. If you copied and pasted most of this you should’ve been done very quickly. Must less time as compared to installing Windows Server 2012, installing DNS services, installing an NTP service, and installing an SFTP service.

 

The next pieces will come in PART 2!

 

 

 

 

 

Advertisements