Firmware Management

Updating Infrastructure Firmware

Previously, users scheduled infrastructure firmware updates per domain group. Cisco UCS Central has changed that feature. Now, you schedule infrastructure firmware updates for specific domains, or domains assigned to a domain group, using maintenance groups and tags.

You can trigger infrastructure firmware updates on one domain, multiple domains, or domains belonging to a domain group, based on the product family. For example, you could update the infrastructure firmware on all of the Cisco UCS Mini systems, and not update any of the blade servers. Another example is that you could update all maintenance groups on the west coast, but none on the east coast. The following is an overview of the initial steps needed.

Procedure

Step 1

Register UCS domains with Cisco UCS Central.

See the Cisco UCS Central Getting Started Guide for more information.

Step 2

During registration, subscribe to the infrastructure and catalog firmware policy and make it a global policy.

See the Cisco UCS Central Getting Started Guide for more information.

Step 3

Download the appropriate infrastructure firmware image from the Image Library.

See Downloading Infrastructure Firmware Images from Cisco for more information.

Note

 

The update cannot start until the entire image is downloaded.

Step 4

Create values for maintenance group tags. Apply tags to individual domains, or all domains in a domain group, to include them in a maintenance group.

See Creating Maintenance Groups and Adding Domains or Domain Groups for more information.

Step 5

Schedule an infrastructure firmware update for a maintenance group tag.

See Scheduling an Infrastructure Firmware Update for more information.

Step 6

If you enabled user acknowledgment, then acknowledge the update in the pending activities section.

See Acknowledging an Infrastructure Firmware Update Policy for more information.

Setting the Firmware Policy to Global

The Infrastructure and Catalog firmware policy is set to local, by default, because it is so disruptive. Edit it and set it to global before scheduling a domain infrastructure firmware update. If the firmware policy is set to local, it does not affect any domain when run.

You can set the policy to global during registration, or from within Cisco UCS Central after registration. The following steps describe how to do it after registration.

Procedure

Step 1

Click the Browse Tables icon and choose Domains.

Step 2

Select a domain.

Step 3

In the domain page, click the Tools icon and choose Edit Policy Resolution Control.

Step 4

In the Infrastructure and Catalog Firmware slot, click Global.

Step 5

Click Save.

Maintenance Groups

A maintenance group contains a collection of selected domains, or all of the domains assigned to a domain group, for which you want to update the firmware simultaneously. You can upgrade the firmware immediately, or with a schedule. You can require a user to acknowledge the upgrade, or it can start automatically.

A maintenance group tag, or value, allows you to group a collection of domains. You can group domains based on geographic location, job function, hardware, or any other business need. You can also apply a maintenance tag to all of the domains in a domain group.

Important
A domain can only have one maintenance group tag assigned to it concurrently.

Catalog Version for Firmware Updates

You can select one catalog per domain infrastructure update scheduled job. Each catalog version only applies to one product family. Therefore, it is a best practice, when updating the catalog, to create a maintenance group which contains only those domains with identical product families. Then, Cisco UCS domains included in that maintenance group are updated with the capability catalog defined for that product family. If you include other product families in that maintenance group, their catalog version is not updated.

Creating Maintenance Groups and Including Untagged Domains in the Maintenance Group

When you initially upgrade to Cisco UCS Central, create maintenance groups and tag domains, or all domains assigned to a domain group, from the Actions bar.

Note

You can only tag domains, or a domain group, that are not already tagged with a maintenance group tag.

Procedure

Step 1

In the Actions table, type Create Maintenance Group Tag and press Enter.

Step 2

Enter a name for the Maintenance Group Tag Name.

Step 3

Select how to apply tags to domains:

  • By Domain Group

    The Maintenance Group tag applies to all domains within the selected domain group. It will not be applicable to any new domains that get added further to the domain group. If you select to include sub-domain groups, the Maintenance Group tag also applies to all of the domains in the sub-domain groups.

  • Manually

    Manually select domains for inclusion in this Maintenance Group. The domains can belong to a domain group or be ungrouped.

Step 4

Follow the steps for your choice:

If you selected Do the following
By Domain Group

  1. Select a domain group in the drop-down list.

  2. Select whether to include all domains from the sub-domain groups.

  3. Click Create.

Manually

  1. Click Add and select domains for inclusion in the Maintenance Group.

  2. Scroll down and click Select.

  3. Click Create.

Creating Values for Maintenance Group Tags

If you want to create multiple Maintenance Group tags, create them in the Tag type page.

Procedure

Step 1

Click the Browse Tables icon and choose Tag Management.

Step 2

Click Tag Types.

Step 3

Click Maintenance Group to select it.

Step 4

Click Edit.

Step 5

In the Maintenance Group dialog box, click Values.

Step 6

Click Add and add a name for the maintenance group.

Step 7

Repeat the previous step to add all of the values that you need for the maintenance groups.

Step 8

Click Save.

Tagging a Domain or Domain Group for Inclusion in a Maintenance Group

You can only apply one maintenance group tag to a domain. Currently, Cisco UCS Central does not support applying multiple maintenance group tags to a domain.

Procedure

Step 1

Click the Browse Tables icon and choose Domains.

Step 2

Select a domain, or filter them based on domain group, to select all domains assigned to a domain group.

Note

 
For individual domains, it does not matter if the domain is in a domain group or if it is ungrouped. That does not affect the domain infrastructure firmware update.

Step 3

Click Tag.

Step 4

In the Add Tag dialog box Type field, select Maintenance Group.

Step 5

In the Value field, select a value.

Step 6

Click Add.

Step 7

Repeat for all of the domains that you want to include in this maintenance group.

To include all of the domains in the list in your maintenance group, select the domain option in the heading and click Tag.

Step 8

If you want to include multiple domain groups in a maintenance group, they must be sub-domains of the parent domain group. Filter based on the domain group and sub-domain group, and then tag all of the domains from that search result.

Scheduling an Infrastructure Firmware Update

In the Infrastructure Firmware update page, you can create new scheduled jobs or modify jobs already created for a future date.

Procedure

Step 1

Click the System Tools icon and choose Firmware Management.

Step 2

On the Firmware Management page, click the Tools icon and choose Schedule Infrastructure Firmware Update.

Step 3

In the Infrastructure Firmware Update dialog box, select a tag from the Maintenance Group drop-down list.

Step 4

Select the UCS fabric interconnects product family and appropriate firmware versions from the Infrastructure firmware version drop-down, to use for the update.

You do not need to update all of the available hardware systems. You can also update different hardware types with different firmware versions.

Step 5

Select the compatible Service Pack Version from the drop-down for the fabric interconnects product family.

Service packs are supported from Cisco UCS Manager 4.1(3) and later. If you do not select a service pack, the firmware version is rolled back to the base applicable version for the release. For more information about the supported/applicable service pack versions, see About Service Packs.

Note

 

Downgrade of a Cisco UCS domain installed with a Service Pack 3.1(3) or earlier is not supported.

Infrastructure update through a service pack is not supported in the case of an upgrade to Cisco UCS Manager release 4.1(3) from Cisco UCS Manager 3.1(2) or lower versions. In this case, Cisco UCS Manager does not recognize a service pack and the upgrade proceeds considering only the base version.

Step 6

(Optional) Select the catalog version in the Catalog version drop-down list for the product family.

Step 7

(Optional) Select the Force Deploy option for the product family. When you select Enable, Cisco UCS attempts installation even if the previous attempt to install the selected version failed or was interrupted. Upgrade fails when there are upgrade validation failures, and you must resolve the faults and then select the Force Deploy option again to continue with the upgrade.

Force Deploy and Fabric Evacuation options are disabled by default. These options are supported only on Cisco UCS Manager, release 4.1(3) and later and do not work on earlier Cisco UCS Manager versions, even if you select the Enable option. Select Configuration Status from the Tools menu drop-down or click the Domain Status table to view the status of fabric evacuation.

Step 8

(Optional) Select the Fabric Evacuation option for the product family to stop or start traffic on the IO module or the fabric interconnect during AutoInstall.

Step 9

If you want to trigger a firmware update immediately, click Immediately in the Trigger Firmware Update field.

Step 10

If you want to schedule a firmware update, select the date and time for the update in the Schedule Infrastructure Firmware update field.

Step 11

Select whether the update requires user acknowledgment in the User acknowledgment required to install field.

  • Enabled—(Default value) You must manually acknowledge the update request before the domain is updated.

    Note

     

    Acknowledgment is per domain, even if the maintenance group includes a domain group.

  • Disabled—The firmware update runs as scheduled.

Step 12

Click Schedule.

You can monitor the firmware update on the Firmware Management page. The scheduled firmware updates display in the job list.

Note

 

Deleting a tag in a Maintenance Group interrupts the assigned Firmware Update schedule. If a tag is deleted, the corresponding Infrastructure Update policy on the respective Cisco UCS domain will also get deleted, and the policy ownership will be in the Pending Global state. To trigger an Infrastructure Update again, you must delete the old policy on Cisco UCS Central, and re-create the tag or create a new tag and a policy.

The desktop Firmware Management widget displays all of the jobs scheduled for firmware updates. You can check the status of the firmware updates in the Configuration Settings window.

Editing a Scheduled Infrastructure Firmware Update Job

Procedure

Step 1

Click the System Tools icon and choose Firmware Management.

Step 2

Select the specific job in the job list and click Edit.

Step 3

Make the appropriate changes and click Schedule.

Note

 

You cannot edit a job that is already in triggered or latest triggered state.

Acknowledging an Infrastructure Firmware Update Policy

If you set an infrastructure firmware update job to require user acknowledgment before starting, Cisco UCS Central does not start the upgrade until this acknowledgment occurs.

Procedure

Step 1

In the Domains Impacted table, when the Firmware Status column changes to Start Pending, click the Alerts icon and choose Pending Activities.

Step 2

Click Acknowledge to start the firmware update for the domain.

Step 3

When the Firmware Status column changes to Pending User Acknowledgment, this indicates that Cisco UCS Central requires a user acknowledgment to reboot the fabric interconnects. Repeat steps 1 and 2 to acknowledge the reboot.

Firmware Management

In Cisco UCS Central, you can manage all firmware components for all registered Cisco UCS domains. The status of all firmware updates displays under the Domains section:

  • Maintenance group—The maintenance group name.

  • Scheduled for—The details of the scheduled firmware update and the status if it has already been triggered.

  • User Ack—Status of user acknowledgment. If User Ack is Enabled, requires user acknowledgment on the Alerts > Pending Activities page before it updates the firmware.

The following details of the scheduled Infrastructure Firmware Management for a Maintenance Group are displayed on the right panel:categorized by the , the selected , and the selected Service Pack Version are displayed on the right panel.

  • Product family— The appropriate FI product family

  • Firmware Version— The selected firmware version

  • Service Pack Version— The selected service pack version for the product family. You cannot select an incompatible service pack version and schedule an upgrade. For more information about the supported service pack versions for Cisco UCS Manager releases, see About Service Packs.

  • Catalog Version— Details of the catalog versions of a product family.

  • Force Deploy— The Force Deploy option for the product family. When Enabled, Cisco UCS attempts installation even if the previous attempt to install the selected version of the firmware update failed or was interrupted.

  • Evacuation— Evacuation option for the product family to stop or start traffic on the IO module or the fabric interconnect during AutoInstall.

  • Impacted Domain— Current Version, Targeted version of the service pack that you are deploying, Firmware Status and the Domain status for the impacted domain.


Note

To manage Cisco UCS domains firmware from Cisco UCS Central, enable the global firmware management option in Cisco UCS Manager. You can enable the global firmware management option when you register Cisco UCS Manager with Cisco UCS Central. You can also turn global management option on or off based on your management requirements.

The Cisco UCS domains are categorized into domain groups in Cisco UCS Central for management purposes. You can manage firmware for each domain group separately, at the domain group level, or for all domain groups from the domain group root. Cisco UCS Central provides the option to manage the following Cisco UCS domain firmware packages:

  • Capability Catalog—One capability catalog per domain group. All Cisco UCS domains registered to a particular domain group use the capability catalog defined in the domain group.

  • Infrastructure Firmware—One infrastructure firmware policy per domain group. All Cisco UCS domains registered to a particular domain group use the same Infrastructure firmware version defined in the domain group.

Preventing an Infrastructure Firmware Update

There are multiple methods for preventing an infrastructure firmware update:

  • Canceling an Infrastructure Firmware Update job

  • Removing or excluding a domain from a maintenance group

  • Deleting a value for a maintenance tag

Removing or Excluding a Domain from a Maintenance Group

If you wish to remove a domain from a maintenance group which affects multiple domains, then delete the maintenance tag assigned to the domain before you start the upgrade. This prevents the policy from impacting the domain. If the domain is untagged after the infrastructure firmware update starts, then the domain is updated.

Procedure

Step 1

Click the Browse Tables icon and choose Domains.

Step 2

Select a domain.

The assigned tag displays underneath the IP address.

Step 3

Click the X in the maintenance tag name label to untag it and remove it from the maintenance group.

A warning displays.

Step 4

Click Delete.

Canceling a Firmware Update Job

This cancels the job for all of the included domains.

Procedure

Step 1

Click the System Tools icon and choose Firmware Management.

Step 2

Select the job in the job list.

Step 3

Click Delete.

Deleting a Value for a Maintenance Group


Important

Before you delete a value, or tag, for a maintenance group, check that no jobs are associated with it.

  • If you delete a maintenance tag before the upgrade starts, then the upgrade process deletes after notifying the user.

  • If you delete a maintenance tag after the upgrade starts, the upgrade continues.

  • If you delete a maintenance tag and the job is scheduled for the future, and then you re-create the maintenance tag, the job runs on the domain.

  • When you delete a maintenance tag, the job does not delete. It is saved for historical purpose so that you can see what jobs were scheduled and which domains were impacted.

Procedure

Step 1

Click the Browse Tables icon and choose Tag Management.

Step 2

Click Tag Types.

Step 3

Click Maintenance Group to select it.

Step 4

Click Edit.

Step 5

In the Maintenance Group dialog box, click Values.

Step 6

Select the tag and click Delete.

Infrastructure Firmware Updates and Disaster Recovery

Cisco UCS Central performs two kinds of backups:

Backup for Cisco UCS Domain—Creates a binary file that includes a snapshot of an entire Cisco UCS Manager domain. The scheduled infrastructure firmware upgrade jobs are not contained in UCS domains. Therefore, restoring a domain does not affect scheduled infrastructure firmware upgrade jobs.

Backup for Cisco UCS Central—Creates a binary file that includes a snapshot of the entire Cisco UCS Central system. You can use the file generated from this backup to restore the system during disaster recovery. Restoring from this backup can affect the job schedule.


Important
Due to the impact of upgrading to release 2.1 of Cisco UCS Central, we recommend that you perform all domain group updates before you upgrade. Make sure that you have no update jobs pending user-acknowledgment. All jobs are deleted during the upgrade and must be recreated in release 2.1.

Scenario

Impact

You restore a Cisco UCS Central backup that had jobs scheduled in the past.

No impact: Updates are not affected. The backup file contains the maintenance tag and registered domains information. It does not contain the previous jobs so nothing is impacted. It does not run jobs scheduled for a previous date.

You restore a Cisco UCS Central backup that had jobs scheduled in the future.

No impact: The jobs execute as scheduled.

Your Cisco UCS Central system crashes while it is running an infrastructure firmware update.

Impact: Jobs do not run once you recover your Cisco UCS Central system. You must reschedule them.

You restore a configuration backup.

No impact: Configuration backups do not contain any job information, but they do contain maintenance tag information. If you restore from a configuration backup using the replace option, the restored system does not contain any job information. If you restore using the merge option, and had jobs scheduled for a future date, then any tagged domain, from the backup, are included in the future jobs. (This information displays in the impacted domains list)

You merge a full state backup with a current system.

Some Impact: Does not override what you currently have scheduled, but it doesn’t restore job descriptions so you must recreate the jobs.

The Cisco UCS Manager domain loses visibility and becomes unregistered before or during an update.

Impact: Update does not start again once the domain regains visibility. You must start it manually, (on-demand).

You create a full state backup. You untag a domain. You restore from the backup.

Impact: The domain was tagged in the backup, so it is still tagged when you restore that backup. If the job was scheduled for the future, the domain is included. To prevent this, untag the domain again.

Job is running, you want to edit it.

No impact: You cannot edit a job while it is in progress. However, you can remove the maintenance tag from a domain, or delete the job, before acknowledging the first pending-acknowledgment request.

An HA failover occurs.

No impact: Scheduled jobs occur normally.

Upgrade from a previous release of Cisco UCS Central.

Impact: Prior versions performed firmware updates per domain group. The current version performs updates per maintenance group. No domain group or scheduled jobs information is saved or transferred during the upgrade. You must create the maintenance groups and tag domains for inclusion. You must also recreate and reschedule all infrastructure firmware update jobs.

About Lightweight Upgrade

Cisco UCS Central 2.1 introduces a Lightweight upgrade that enhances firmware upgrade and delivers security updates through service packs. Service packs are specific and cumulative to a maintenance release. Cisco UCS Central supports firmware upgrades through service packs for Cisco UCS Manager versions 4.1(3) and later.

  • Lightweight upgrade enhances firmware upgrade in the following ways:

    • The firmware version of a component will be updated only if it has been modified.

    • Security updates will be provided through service packs.

    • Within a service pack, updates may only apply to certain components. These components may, at times, be upgraded without an endpoint reboot.

    • Infrastructure and server components updates are delivered through a common service pack bundle. For server components, only the modified firmware images will be part of the service pack bundle.

About Service Packs

Service packs are patches that you can use to apply security updates to Cisco UCS Manager infrastructure and server components. Service packs are specific to a base release. A service pack is provided as a single bundle for infrastructure and server components.

The following guidelines apply to service pack versions:

  • A service pack can be applied only on its base bundle. You cannot install the service pack independently. For example, service pack 3.1(3)SP2 can be applied only on a 3.1(3) release. It is not compatible with a 3.1(4) or later release.

  • Service packs are cumulative. You can use the latest service pack version with any patch version within the same maintenance release. For example, 3.1(3)SP3 will contain all the fixes that went into 3.1(3)SP2 and 3.1(3)SP1. You can apply 3.1(3)SP3 on any 3.1(3) release.

  • Service pack version numbering in separate maintenance releases are unrelated. For example, service packs 3.1(3)SP2 and 3.1(4)SP2 are separate and unrelated.

  • The same fix can be made available for separate maintenance releases through separate service packs. For example, the same fix can be made available in 3.1(3)SP2 and 3.1(4)SP3.

  • You cannot downgrade service packs to versions below the default service pack version for a maintenance release. For example:

    • Base Bundle Version: 3.1(3b)

    • Default Service Pack Version: 3.1(3)SP2(Default)

    • Running Service Pack Version: 3.1(3)SP3

    • Service pack cannot be downgraded below 3.1(3)SP2

  • When an upgrade or downgrade of a service pack fails, the default service pack version for that maintenance release becomes the running service pack version.

  • You can roll back a service pack that was applied to a base release by removing the service pack selection.

The following table lists the Cisco UCS Manager release versions and the running version deployed in different situations when a service pack is applied:

Update Scenario

Bundle Version

Service Pack Version

Update to a service pack within the same maintenance release

No change is made to the bundle version

Service pack is updated to the specified version

Remove Service Pack

No change is made to the bundle version

Service pack is the default version that comes with the bundle

Update base bundle to another maintenance release

Base bundle changes to the version of the specified maintenance release

Current service pack is removed and is updated to the default version for the base bundle

Update to another maintenance release, and service pack

Base bundle changes to the version of the specified maintenance release

Service pack is updated to the specified version

For more information about selecting the compatible service packs for a firmware upgrade, see Host Firmware Package Policy, Scheduling Firmware Infrasturcture Update, and Chassis Firmware Package Policy.