This section describes how to upgrade a SD-WAN Gateway installation.
Important: This procedure will not work for upgrading a Gateway image version from 3.x to 4.x due to a significant platform changes. Upgrading from a 3.x to 4.x image will require a new Gateway deployment and reactivation. Please refer to Partner Gateway Upgrade and Migration 3.4 to 4.0 for upgrade information.
Authenticate Software Update Package Via Digital Signature
The software installer in the SASE Orchestrator version 4.3.0 and higher now has the ability to authenticate the software update package using a digital signature.
Prior to upgrading to a newer version of the software, make sure the public key exists to verify the package. The known public key location to verify signature is as follows, /var/lib/velocloud/software_update/keys/software.key. Alternatively, the key can be provided on the command line using --pubkey parameter.
The current release public key is:
-----BEGIN PUBLIC KEY----- MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEqCuQHDuoVkYG6j6++wBMAnowJr5uUQXE b/iKcTbCZky4lBlUWkjR/zucLgNdyOuotQAOHwT689WHPOnhuQo13+IQIeCBXRdG EX50zfkkqXQhFYNORPqCke+cqF0Wd4xD -----END PUBLIC KEY-----
If the key is missing or the signature cannot be verified, the Operator will be notified that the package is untrusted with an option to proceed or not proceed.
To skip verification, use "--untrusted" parameter.
If running in batch mode or not on the terminal, the installation is aborted unless the "--untrusted" option is specified on the command line.
By default, the installer will run in interactive mode and may issue prompts. For automated scripts, use --batch parameter to suppress prompts.
Upgrade Procedures
To upgrade a SD-WAN Gateway installation:
- Download the SD-WAN Gateway update package.
- Upload the image to the SD-WAN Gateway system (using, for example, the scp command). Copy the image to the following location on the system:
/var/lib/velocloud/software_update/vcg_update.tar
- Connect to the SD-WAN Gateway console and run:
sudo /opt/vc/bin/vcg_software_update