Upgrade Firmware

Firmware Upgrade Overview

This section includes the firmware and driver update procedure for Cisco Integrated System for Microsoft Azure Stack Hub. Cisco periodically releases system update for the Azure Stack Hub platform. These system updates include updated firmware and drivers that improve the platform lifecycle and resolve known defects. Customers are required to update their systems to the latest system update within 60 days of the system update release date.

The following components of the Cisco appliance require periodic firmware updates to resolve known functional and security issues:

  • Top-of-Rack Switches

  • Cisco UCS

    • Cisco UCS Manager

    • UCS Fabric Interconnects

    • UCS Fabric Extenders

    • UCS C-Series rack server components, including BIOS, SAS HBA, NIC, HDD, and SSD

    • Server device drivers

For assistance with firmware upgrade issues or errors, refer the Support Guidance chapter to open a Cisco TAC case for Azure Stack Hub support.


Note

Cisco recommends performing firmware upgrade during the scheduled maintenance window.

Cisco Integrated System for Microsoft Azure Stack Hub firmware download portal can be accessed by selecting Integrated System Azure Stack - System Updates on UCS C-Series Rack-Mount UCS-Managed Server Software Download page. Also, it can be set up to notify you about the availability of the new firmware. Cisco highly recommends that you sign up for these notifications.

The following software components hosted on Microsoft Azure Stack Hub firmware download portal are required for the firmware upgrade procedure:

Component

Description

ucs-6300-k9-bundle-infra.<version number>.A.bin

UCS Infrastructure Firmware

ucs-k9-bundle-c-series.<version number>.C.bin

UCS Server Firmware

nxos.<version number>.bin

ToR Switch Firmware

<OEM extension version number>.zip

Zip file containing the OEM Extensions Package. The OEM Extensions Package is made of two files. One zip file and one xml file.

Cisco_UCS_AzureStack_FwUpdate_<version number>.zip

Firmware and Driver Update Automation (CASPU)

Identifying Installed Firmware

Based on when the system is installed and updated, some of the components or all the components of Micorsoft Azure Stack Hub hardware requires firmware upgrade. This section provides the procedure to identify installed firmware.

UCS Infrastructure and Server Firmware

Procedure

Step 1

Log into Cisco UCS Manager (https://<UCS_Manager_IP>) by using the admin credentials, through a SSH client, such as Putty.
Step 2

Check the version using the show version command. 

UCS-B# show  version
System version: 4.0(4b)
Step 3

On the Microsoft Azure Stack Hub firmware download portal, check for the latest firmware version from the posted Cisco UCS firmware files (ucs-6300-k9-bundle-infra.4.0.4g.A.bin or ucs-k9-bundle-c-series.4.0.4g.C.bin).

The firmware version of bundle image files are same. If the posted firmware version is greater than the installed firmware version, the system requires UCS firmware upgrade. For example, if the installed UCS firmware version is 4.0(4b) and the posted firmware version is 4.0(4g), the system requires UCS firmware upgrade from 4.0(4b) to 4.0(4g).

Note 

The OEM extension package installation is required to complete UCS firmware upgrade.

Top-of-Rack Nexus Switch Firmware

Procedure

Step 1

Log into Top-of-Rack Nexus switch A by using the admin credentials, through a SSH client, such as Putty.
Step 2

Check the version using the show version | inc NXOS command. 

ToR-1# show version | inc NXOS
NXOS: version 7.0(3)I7(4)
NXOS image file is: bootflash:///nxos.7.0.3.I7.4.bin
NXOS compile time:  6/14/2018 2:00:00 [06/14/2018 10:49:04]
Step 3

On the Microsoft Azure Stack Hub firmware download portal, check for the latest Nexus switch firmware version from the Nexus switch firmware file (nxos.7.0.3.I7.8.bin). If the posted firmware version is greater than the installed firmware version, the system requires Nexus switch firmware upgrade.

Known Behavior During Firmware Upgrade

  • During ToR switch upgrade, the admin portal may show a route publication failure alert. This behavior is expected and can be safely ignored. This alert will clear automatically after firmware upgrade.

  • During UCS infrastructure firmware upgrade, Cisco UCS Manager shows an alert message to acknowledge server reboot. This alert message must be ignored, as rebooting servers from Cisco UCS manger may result in a down time for Azure Stack Hub and possible data loss. The safe reboot of servers is triggered automatically during OEM extension package installation.

  • During UCS infrastructure firmware upgrade, the Azure Stack Hub admin portal may generate the alert shown in the following figure. This behavior is expected and can be safely ignored. This alert will clear automatically after firmware upgrade.

Cisco Azure Stack Hub Platform Upgrade Automation

Firmware upgrade for Cisco Integrated System for Microsoft Azure Stack Hub is a non-disruptive operation, which is fully automated using Cisco Azure Stack Hub Platform Upgrade (CASPU) automation software. With CASPU Cisco customers can upgrade all the components of Azure Stack Hub all at once or in three parts:

  • Top-of-Rack Nexus switch upgrade (flag: UpdateNexus)

  • UCS infrastructure upgrade (flag: UpdateUCSManager)

  • Server firmware upgrade and driver installation (flag: UpdateOEMExtension)

Running CASPU in parts is particularly useful when the host running CASPU cannot access the admin portal and the management IPs of UCS and ToR switches all at the same time. The CASPU configuration file FirmwareUpdateInputs.xml consists of flags UpdateNexus, UpdateUCSManager, and UpdateOEMExtension to configure the three-part execution of CASPU. By default, all the flags are marked true, and CASPU tries to upgrade all the components at the same time.


Important

Execution order is important for the Azure Stack Hub firmware upgrade. If all the flags are marked true, CASPU automatically selects the correct order. While running CASPU in parts, ensure that you run UCS infrastructure upgrade and server firmware upgrade staging before Server firmware upgrade and driver installation using OEM extension package.

When CASPU is executed in parts, manually invoke the Azure Stack Hub validation tool (Test-AzureStack) (https://docs.microsoft.com/en-us/azure-stack/operator/azure-stack-diagnostic-test?view=azs-2005 ) before and after every step to ensure that the Azure Stack Hub is healthy after each operation. When CASPU is executed in default mode (all flags true), CASPU ensures that Azure Stack Hub is healthy before and after each operation.

Azure Stack Hub systems must be running Azure Stack Hub version 1.1907.17.54 or higher before CASPU utilities can be used to update the firmware and OEM Extensions package.

CASPU is written in PowerShell and can be executed from any Microsoft Windows environment that meets the following requirements:

  • MS Windows 10, 2016 or 2019 Operating System


    Note

    Ensure that the Operating System has all the latest patches.

  • Network connectivity to Management IPs of Nexus ToR switches and UCS

  • Network connectivity to the Azure Stack Hub admin portal and privileged endpoints

  • All Azure Stack Hub PKI certificates installed

  • PowerShell version 5.1 or later installed

  • The latest version of PowerShell for Azure Stack Hub installed (https://docs.microsoft.com/en-us/azure-stack/operator/azure-stack-powershell-install )


Note

The host running CASPU adds customer provided privileged endpoint VM IP address to the trusted host.

Ensure that the host running CASPU has a reliable wired network connection to Azure Stack Hub. Running CASPU from a computer that connects to Azure Stack Hub over a VPN or an unreliable network is not supported.

In addition to firmware upgrade, CASPU makes the following configuration changes to Azure Stack Hub:

  • Sets 9216 MTU for all SVIs and peer link port channel (po10) on both ToR switches. This update addresses the new requirements for ToR switch configuration.

  • Makes ACL changes to implement the latest ToR switch security settings required by Microsoft.

  • Configures QoS class for the cluster communication traffic on ToR switches and Fabric Interconnects.

  • Changes UCS server boot policy settings from Local Disk to Embedded LUN

Configuring Cisco Azure Stack Hub Platform Upgrade Automation

Procedure

Step 1

In the Microsoft Windows environment that meets the earlier mentioned requirements, download the following firmware upgrade components into a folder (for example, c:\azsfirmwareupgrade):

  • ucs-6300-k9-bundle-infra.<version number>.A.bin

  • ucs-k9-bundle-c-series.<version number>.C.bin

  • nxos.<version number>.bin

  • <OEM extension version number>.zip

  • Cisco_UCS_AzureStack_FwUpdate_<version number>.zip

Step 2

Run gci -path c:\azsfirmwareupgrade -recurse | unblock-file and unblock all the components.

Step 3

Extract the Cisco_UCS_AzureStack_FwUpdate_<version>.zip package.

Step 4

Extract the OEM extension package to the C:\ azsfirmwareupgrade\OEM folder from the <OEM extension version number>.zip file.

Step 5

Update the FirmwareUpdateInputs.xml file located inside the C:\ azsfirmwareupgrade \Cisco_UCS_AzureStack_FwUpdate_<version>\FirmwareUpdate folder.

Field Name

Description

UpdateNexus (True/False)

Flag to perform Nexus firmware upgrade

UpdateUCSManager (True/False)

Flag to perform UCS infrastructure firmware upgrade and server firmware upgrade staging

UpdateOEM (True/False)

Flag to perform rolling server firmware and driver update

RunAzureStackHubHealthCheck (True/False)

Flag to run Test-AzureStack before Nexus and UCS infrastructure firmware upgrade

If the host running CASPU does not have access to the ERCS VM, set this flag to False

ToRSwitch1IP

IP address for the Nexus Top-of-Rack switch 1

ToRSwitch1UserName

Nexus switch 1 admin username

ToRSwitch2IP

IP address for the Nexus Top-of-Rack switch 2

ToRSwitch2UserName

Nexus switch 2 admin username

ToRImageFilePath

File path for the Top-of-Rack switch firmware image

UCSMIP

IP address of Cisco UCS Manager

UCSMUserName

Cisco UCS Manager admin username

ImagePathInfraBundle

File path for the UCS infrastructure firmware bundle

ImagePathHostBundle

File path for the UCS server firmware bundle

AdminResourceManagerURI

URI for the Azure Stack Hub admin resource manager. Normally located in the AzureStackStampInformation.json provided to you after deployment. For example, https://adminmanagement.usw.m4l.rtazslab.net/

OEMExtensionFolderPath

Folder path for the OEM Extension package

C:\ azsfirmwareupgrade\OEM

AzureRMUserName

Azure Stack Hub global administrator username

ERCSIPAddress

IP address of ERCS VM

ERCSUserName

ERCS cloud admin username. For example, <local domain>\cloudadmin

TenantId

(Optional). This option is intended for use in a Cloud Solution Provider (CSP) scenario where the operator does not own the tenant domain. In this case, this option allows the tenant ID to be specified for the login.

When not specified, the Tenant ID associated with login request is used.

Subscription

(Optional). The optional Subscription field allows a specific subscription GUID to be specified when a none-default subscription needs to be used.

The default value is Default Provider Subscription.

Step 6

(Optional) If configured for the duration of the firmware upgrade, disable UCS Call Home to avoid unnecessary alerts.
Step 7

Run C:\ azsfirmwareupgrade \Cisco_UCS_AzureStack_FwUpdate_<version>\FirmwareUpdate \RunFirmwareUpdate.ps1 from an elevated PowerShell window. Provide the required credentials:

Module

Credential Details

UpdateUCSManager

Admin credentials for Cisco UCS Manager

UpdateNexus

Admin credentials for each Nexus ToR switch

UpdateOEMExtension

Azure Stack Hub Global administrator

Cloudadmin account credentials for Privileged Endpoint access
Note 

RunFirmwareUpdate.ps1 can auto install the required PowerShell modules. By default, the script waits for user acknowledgement before installation. If you want the script to install all the required modules without user acknowledgement, you can use the “force” parameter while running the script. For example, RunFirmwareUpdate.ps1 -force.

The UpdateOEMExtension module only starts the installation on the OEM Extension on Azure Stack Hub. It does not wait for the OEM Extension update to complete. You must monitor the status of the OEM Extension update from the admin portal.

Server firmware upgrade is not complete until the OEM Extension is successfully updated.