The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This section describes the general process to apply a patch to CPS.
Patches must be applied during a maintenance window. This section includes instructions for stopping all CPS components before applying the patch and restarting the components after the patch has been applied.
Note | Only one patch can be applied to CPS at a time. If you have already applied a patch, you must Undo and then Remove the existing patch before applying the new patch. Refer to Undo a Patch and Remove a Patch for more information. To determine if a patch is currently applied to the system refer to List Applied Patches. |
Step 1 | Run patch -u and patch -r to remove any applied patches from the Cluster Manager before proceeding. For more information, refer to Undo a Patch and Remove a Patch. |
Step 2 | Download the latest patch file from a location provided by your Cisco representative to the Cluster Manager VM. |
Step 3 | Log in to the Cluster Manager as a root user. |
Step 4 | Download the
patch file to the Cluster Manager VM. For example:
wget http://siteaddress/xxx.tar.gz where, siteaddress is the link to the website from where you can download the patch file. xxx.tar.gz is the name of the patch file. |
Step 5 | Run the
patch
-a command to apply the patch:
/var/qps/install/current/scripts/patch/patch -a filename.tar.gz where filename is the path and filename of the downloaded patch file. For example: /var/qps/install/current/scripts/patch/patch -a /tmp/CPS701_1234.tar.gz |
Step 6 | Run the
following command to restore the Policy Builder configurations.
/var/qps/install/current/scripts/setup/restorePolicyRepositories.sh |
Step 7 | Run
build_all.sh script to create updated CPS packages.
This builds updated VM images on the Cluster Manager with the new patch
applied.
/var/qps/install/current/scripts/build_all.sh |
Step 8 | Update the VMs
with the new software using
reinit.sh script. This triggers each CPS VM to
download and install the updated VM images from the Cluster Manager:
/var/qps/install/current/scripts/upgrade/reinit.sh |
Step 9 | Refer to section Rolling Restart of CPS VMs QNS Process (Odd Sides) and Rolling Restart of CPS VMs QNS Process (Even Sides) for further steps. |
Step 10 | Run
about.sh to verify that the component is updated:
about.sh |
After applying a patch in HA deployment, run the following command from Cluster Manager:
puppet apply --logdest=/var/log/cluman/puppet-custom-run.log --modulepath=/opt/cluman/puppet/modules --config=/opt/cluman/puppet/puppet.conf /opt/cluman/puppet/nodes/node_repo.ppNote | Manually enter puppet apply command in your system. |
After applying the puppet apply command, run the following command from Cluster Manager to update the /etc/httpd/conf/httpd.conf file on all VMs:
/var/qps/install/current/scripts/modules/update_httpd_conf.py
The following steps disables the currently applied CPS patch, and reverts the system to the base software version. For example, if a patch 7.5.0.xx is installed on the system, this command reverts the software to the base version 7.5.0.
Note | If you have custom plug-ins installed in your system, refer to CPS Installations using Custom Plug-in before executing the patch -u command. |
To undo the applied patch, execute the following command on the Cluster Manager:
/var/qps/install/current/scripts/patch/patch -u
After undoing the applied patch execute the following commands in Cluster Manager to re-build the CPS system and push the changes to VMs:
/var/qps/install/current/scripts/build_all.sh
/var/qps/install/current/scripts/upgrade/reinit.sh
After undoing a patch, qns processes need to be restarted. Refer to Rolling Restart of CPS VMs QNS Process (Odd Sides) and Rolling Restart of CPS VMs QNS Process (Even Sides) for further steps.
Execute the following command on the Cluster Manager to completely remove a patch and all related items from the Cluster Manager. This deletes the patch file from the /var/qps/.tmp/patches directory of the Cluster Manager:
/var/qps/install/current/scripts/patch/patch -r patch_name
where, patch_name is the name of patch you want to remove.
Example,
/var/qps/install/current/scripts/patch/patch -r Patch_1_11.9.9
Note | Currently CPS supports only one patch at a time. You must remove any existing patches before applying a new patch. |
After removing a patch, qns processes need to be restarted. Refer to Rolling Restart of CPS VMs QNS Process (Odd Sides) and Rolling Restart of CPS VMs QNS Process (Even Sides) for further steps.
Execute the following command on Cluster Manager to list the applied patches installed in the system:
/var/qps/install/current/scripts/patch/patch -l
The about.sh command also displays if any patch is applied on the current CPS system or not.
CPS provides several methods to patch baseline release functionality. One method utilizes the “repositories” configuration file to specify the location of additional software on the CPS Cluster Manger. As such, the current patch utilities aide in removing all repositories. However, CPS Custom plug-in software also uses the “repositories” configuration file to specify the location of custom software. Therefore an additional manual step is required to reconfigure CPS custom plug-in code after patches are removed.