To ensure upgrade safety, VyOS uses "binary installation" that allows you to keep multiple images on the same system and switch between them.
Note: if you have a working system, you don't need to boot from the ISO in order to upgrade! The commands given below are to be issued from your current system. The only reason to boot from the ISO is installing VyOS on a new machine.
- Lookup the URL for the requires release in release notes or release announcement. Note: the URL/image file is dependant on your system architecture, if you pick the wrong architecture you can end up with a non-responsive remote device.
- Issue the following operational mode command: add system image <image URL>
- Answer the installation script questions.
- [Optional] View images with "show system image" operational command.
- Reboot your system.
An example upgrade session:
vyos@vyos$ show system image The system currently has the following image(s) installed: 1: VyOS-1.1.6 (default boot) (running image) vyos@vyos:~$ add system image http://packages.vyos.net/iso/release/1.1.7/vyos-1.1.7-amd64.iso Trying to fetch ISO file from http://packages.vyos.net/iso/release/1.1.7/vyos-1.1.7-amd64.iso % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 234M 100 234M 0 0 4903k 0 0:00:48 0:00:48 --:--:-- 6078k ISO download succeeded. Checking for digital signature file... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 836 100 836 0 0 1997 0 --:--:-- --:--:-- --:--:-- 5805 Found it. Checking digital signature... gpg: directory `/root/.gnupg' created gpg: new configuration file `/root/.gnupg/gpg.conf' created gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/root/.gnupg/pubring.gpg' created gpg: Signature made Wed Feb 17 06:37:47 2016 MST using RSA key ID A0FE6D7E gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: Good signature from "VyOS Maintainers (VyOS Release) <email@example.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 0694 A923 0F51 39BF 834B A458 FD22 0285 A0FE 6D7E Digital signature is valid. Checking MD5 checksums of files on the ISO image...OK. Done! What would you like to name this image? [VyOS-1.1.7]: OK. This image will be named: VyOS-1.1.7 Installing "VyOS-1.1.7" image. Copying new release files... Would you like to save the current configuration directory and config file? (Yes/No) [Yes]: yes Copying current configuration... Would you like to save the SSH host keys from your current configuration? (Yes/No) [Yes]: yes Copying SSH keys... Setting up grub configuration... Done. vyos@vyos$ show system image The system currently has the following image(s) installed: 1: VyOS-1.1.7 (default boot) 2: VyOS-1.1.6 (running image)
If upgrade went wrong
If you can access the machine console, reboot it and select previous image in the GRUB menu. Upgrade does not modify existing images and files associated with them, so you will be able to get a working system again.
Forward-compatible configuration syntax changed are handled automatically. In case a release includes incompatible syntax changes, you may need to edit your config or perform other actions, check release notes. Releases are assumed to be backwards-compatible unless otherwise specified.
Upgrading on Amazon Web Services
VyOS uses the same upgrade procedure on all platforms, including AWS.
Unlike earlier Vyatta AMI, there are no problems with image upgrade.
Upgrading from pre-1.1.6
Signing keys were change for the release of 1.1.7.
1.1.6 is signed with the old keys but will check upgrades with the new key. You can either upgrade to 1.1.6 before upgrading to the current version or download the new key as shown below:
vyos@VyOS-AMI:~$ sudo gpg --keyserver pgp.mit.edu --recv-key 0xA0FE6D7E gpg: keyring `/root/.gnupg/secring.gpg' created gpg: requesting key A0FE6D7E from hkp server pgp.mit.edu gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key A0FE6D7E: public key "VyOS Maintainers (VyOS Release) <firstname.lastname@example.org>" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)
A note on apt-get
Even though VyOS is Debian-based, it does not use apt-get for upgrade. The only supported upgrade procedure is image-based upgrade described above.
Using apt-get upgrade/dist-upgrade is very likely to render your system inoperable.