Updating my Sun Ray Server and DTU firmware The ice storm in Tulsa is playing havoc with my power - causing brown-outs. My servers are all on UPS, but not my Sun Ray 1G (which is also a DTU in Sun Ray terminology). The upshot is that it recycles and that causes it to get a new DHCP lease. And that causes my punchin session to block the Sun Ray. My configuration is that my w2100z is my Sun Ray server and my punchin client. I connect my Sun Ray to the w2100z, tell the ipsec configuration to bypass traffic to it, and then start up punchin (think VPN client).
Once the IP changes, I have to go in through a console to the w2100z to turn off punchin and then reconfigure the security. I could open up the entire subnet, but that really isn't very polite/secure.
Oh, and my DHCP server is a linksys, so it doesn't support handing out fixed IP. I could move the DHCP server to my web server, but I like having it on the linksys.
So I went looking for answers. I found planet sunray-users, which had a link to Fat Bloke — SGD 4.4 - The Administration Console which looked really cool and in the end, I don't think it does what I want. I installed it anyway, to play with later.
It also had a link to ThinkThin — SRSS 4.0 patch -01 released. I normally do not install patches, because I BFU Nevada systems, but I tried it anyway. (This system is special in that I don't BFU it willy-nilly because of the Sun Ray Server.) The patch failed, it said my packages were wrong.
The next link I found was to Latest News Sun Ray User Group Wiki and an announcement to Sun Ray Software 4 09/07 being released. It has a pop-up GUI by which you can configure the IP. That is what I need! By now, I suspect that I don't have Sun Ray Software 4 at all, despite loading those packages. I followed the install instructions over at Sun Ray Server Software 4.0 Installation and Configuration Guide for the Solaris Operating System and sure enough, it uninstalls Sun Ray Server 3.1.
It saved my 3.1 configuration and I didn't have to step through that again (well, other than to install the Tomcat admin stuff). At one point, I updated the firmware - I think. I also applied the patch set afterwards.
Sun has further documentation which is of help - Sun Ray Server Software 4.0 Administrator's Guide for the Solaris Operating System. It had a section on getting the pop-up GUI to work on the DTU. And since neither Stop-S nor Stop-N worked, but other pop-ups did work, I had to assume I needed to install the GUI firmware. Which is not installed by default.
The only problem was that the firmware process would not reload an existing firmware image:
# /opt/SUNWut/sbin/utfwadm -A -a -N all -f /opt/SUNWut/lib/firmware_gui
All the units served by "warlock" on the 192.168.2.0
network interface, running firmware other than version
"GUI4.0_127553-01_2007.11.09.17.41" will be upgraded at their next power-on.
# /opt/SUNWut/sbin/utfwsync -v
Stopping Authentication Managers on warlock ...
Stopping host 'warlock'
Warning: no private interconnect interfaces configured - no action taken
All the units served by "warlock" on the 192.168.2.0
network interface, running firmware other than version
"4.0_127553-01_2007.11.09.17.41" will be upgraded at their next power-on.
### stopped DHCP daemon
### started DHCP daemon
### reinitialized DHCP daemon
Will restart Authentication Managers in 5 seconds
Restarting Authentication Managers ...
Restarting host 'warlock'
stopping authentication manager
starting authentication manager
The DTU did restart, but the pop-up GUI did not. Looking at the man page, I added '-F':
# /opt/SUNWut/sbin/utfwadm -A -a -N all -F -f /opt/SUNWut/lib/firmware_gui
All the units served by "warlock" on the 192.168.2.0
network interface, running firmware other than version
"GUI4.0_127553-01_2007.11.09.17.41" will be upgraded at their next power-on.
### stopped DHCP daemon
### started DHCP daemon
### reinitialized DHCP daemon
I was upset at first, it was hard to see that 'GUI' in the version string. I redid the 'utfwsync' and I paid attention - I didn't see the DTU tell me it was updating the firmware. And a Stop-V showed it to still be on the old firmware. I did a Ctrl-Alt-Moon and still no luck. The same with pulling the power cord. Grr!
Hey, the 'utfwsync' told me what went on:
# /opt/SUNWut/sbin/utfwsync -v
Stopping Authentication Managers on warlock ...
Stopping host 'warlock'
Warning: no private interconnect interfaces configured - no action taken
All the units served by "warlock" on the 192.168.2.0
network interface, running firmware other than version
"4.0_127553-01_2007.11.09.17.41" will be upgraded at their next power-on.
I need to tell it as well to get the right firmware version. Hmm, I need to change this link:
# ls -la /tftpboot/Sun*
lrwxrwxrwx 1 root root 39 Dec 11 14:17 /tftpboot/SunRayP8 -> SunRayP8-4.0_127553-01_2007.11.09.17.41
-rwxr-xr-x 1 root sys 474976 Nov 9 19:48 /tftpboot/SunRayP8-4.0_127553-01_2007.11.09.17.41
-rwxr-xr-x 1 root sys 475004 Nov 9 19:48 /tftpboot/SunRayP8-GUI4.0_127553-01_2007.11.09.17.41
-rw-r--r-- 1 root root 62 Dec 11 14:17 /tftpboot/SunRayP8.parms
# cd /tftpboot
# rm SunRayP8
# ln -s SunRayP8-GUI4.0_127553-01_2007.11.09.17.41 SunRayP8
And try again ... only to have my hopes dashed again!
Some interesting info:
# cd /opt/SUNWut/sbin
# ./utfwload
2.0 th199096 192.168.2.2 P7.0003baa8c261 4.0_127553-01_2007.11.09.17.41
# ./utfwadm -P
System Version(P1) 4.0_127553-01_2007.11.09.17.41
Domain Intf Upgrade to
------------ ------ --------------------------
192.168.2.0 subnet 4.0_127553-01_2007.11.09.17.41
# cd /tftpboot
# more SunRayP8.parms
version=4.0_127553-01_2007.11.09.17.41
revision=3
barrier=321
So I can change that manually, but I think that the 'utwadm' command should have done that with the '-f'. Okay, I took the easy road and edited it. And that still didn't work! Where is 'utfwsync' getting that info? Hmm, the link is back:
lrwxrwxrwx 1 root root 39 Dec 11 14:40 SunRayP8 -> SunRayP8-4.0_127553-01_2007.11.09.17.41
Hmm, I think I am making this too hard. Let's look at the output of 'utfwadm':
All the units served by "warlock" on the 192.168.2.0
network interface, running firmware other than version
"GUI4.0_127553-01_2007.11.09.17.41" will be upgraded at their next power-on.
I bet I shouldn't be running 'utfwsync' after it. And that does the trick. Do the 'utfwadm' and then CTRL-ALT-MOON the DTU. I'd still like to know how to change the default firmware image.
I now have a fixed IP (must note to watch the MTU setting, I picked the default of 1500, which is also what the linksys was handing out). I can make
sure that my ipsec configuration is set. And I've gotten a great feel for using the interfaces to the Sun Ray firmware.
The links I have provided were great, especially the planet sunray-users and Latest News Sun Ray User Group Wiki! And looking at the URLs, they are the same site. :-> The docs and the man pages helped - next time I'll try and not make it so hard.
Trackback URL: http://blogs.sun.com/tdh/entry/updating_my_sun_ray_server
There's confusion in that Sun Ray Software 4 contains SRSS 3.1. Sun Ray Software 4 Update 2 contains SRSS 4 09/07. Blame marketing.
All you should have had to run, if you did a utadm -A <subnet> is ./utfwadm -AaN all -f /opt/SUNWut/lib/firmware_gui
That will update not only the dhcp tables, but also the parms files.
If all else fails, you can always utadm -r and start from scratch.
If you are going to use the Sun Ray to connect to the Sun VPN, then you'll want to set the MTU to 1366.
Posted by ThinGuy on December 11, 2007 at 03:13 PM CST #
Set the MTU to 1366 even if it is not directly connected to the Sun VPN?
I.e., I've got a Sun Ray 2 which has the VPN already configured and it goes directly to Sun. I wouldn't touch the MTU on it.
Oh, and thanks for a good blog to find out answers...
Posted by Tom Haynes on December 11, 2007 at 05:41 PM CST #