How to verify if the firewall is causing image upgrade failure in Instant AP's managed by Aruba Central?
When upgrade is initiated from Aruba Central, the Virtual Controller (master) IAP get the link required to download the image from the Aruba Central server. Once the link is received, Master IAP would share this information to slave IAPs and then all IAPs then downloads the file and update the VC that they have finished downloading the image and wait for an instruction to reboot the cluster. The Instant AP firmwares are stored in “images.arubanetworks.com” and "d2vxf1j0rhr3p0.cloudfront.net" and the protocol which IAPs use to download the file is http. If the upgrade fails then we need to use the command "debug-download <URL>" (where URL is the link of the image file to download the image> to verify if the IAP's are able to download the image.
Here is a example: Aruba# debug-download http://images.arubanetworks.com/fwfiles/ArubaInstant_Taurus_6.4.4.3-4.2.2.0_53034 Setting --timeout (timeout) to 120 Setting --tries (tries) to 3 Setting --output-document (outputdocument) to /dev/null DEBUG output created by Wget 1.10.2 (Red Hat modified) on linux-gnu. --19:13:47-- http://images.arubanetworks.com/fwfiles/ArubaInstant_Taurus_6.4.4.3-4.2.2.0_53034 => `/dev/null' Resolving images.arubanetworks.com... 104.36.249.199 Caching images.arubanetworks.com => 104.36.249.199 Connecting to images.arubanetworks.com|104.36.249.199|:80... Closed fd 8 failed: Connection timed out. Releasing 0x00040468 (new refcount 1). Retrying. --19:14:09-- http://images.arubanetworks.com/fwfiles/ArubaInstant_Taurus_6.4.4.3-4.2.2.0_53034 (try: 2) => `/dev/null' Found images.arubanetworks.com in host_name_addresses_map (0x40468) Connecting to images.arubanetworks.com|104.36.249.199|:80... Closed fd 8 failed: Connection timed out. Releasing 0x00040468 (new refcount 1). Retrying. --19:14:30-- http://images.arubanetworks.com/fwfiles/ArubaInstant_Taurus_6.4.4.3-4.2.2.0_53034 (try: 3) => `/dev/null' Found images.arubanetworks.com in host_name_addresses_map (0x40468) Connecting to images.arubanetworks.com|104.36.249.199|:80... Closed fd 8 failed: Connection timed out. Releasing 0x00040468 (new refcount 1). Giving up.
In this case, images.arubanetworks.com:80 is not allowed in the firewall thats why the IAP was not able to download the image.
The url's images.arubanetworks.com:80 and If the http://images.arubanetworks.com or http:d2vxf1j0rhr3p0.cloudfront.net should be allowed in the firewall.
The images server are getting moved to d2vxf1j0rhr3p0.cloudfront.net .
So, we need to use the below command to debug this issue.
Aruba# debug-download http://d2vxf1j0rhr3p0.cloudfront.net/fwfiles/ArubaInstant_Taurus_6.4.4.3-4.2.2.0_53034
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.