jomedusa
Altostratus
AltostratusUpgrade F5 Deploy Hotfix deployment
We are upgrading our LTM's to 16.1.4.1 Build 5 and had a question about installing the hotfix. Should I install the hotfix intially when I upgrade the system?
Thanks,
Joe
Forum Discussion
5 Replies
Hi Jomedusa,
You cannot install on a current working partition.
So use a unused partition or rewrite unused partition.
Now you must upoad the necessary base OS files and Hotfixes in F5 /shared/images using WINSCP as shown below in images or using your GUI which so ever is convenience to you, dont forget to take a Backup and license reactivation on standby else it will cause failover , do only ne box at a time if oyu are doing in a cluster, and once one box done make it primary and then primary to standby then ony do the 1st box , and check your boxes are covered under F5 Support before moving to OS installation on a new partition:
We call it a OS upgrade but in technical we install a new partition with new OS and Hotfix and then reboot the F5 to the new partition, and never touch the present working partiotn as it can be used for any contingency or OS failure then for restore purpose by boting back to old working partition, Please be informed during the entire proecess present working partition is not touched for any changes.
- To install the hotfix image, use the following command syntax:
Note: Include the create-volume option if you are adding a new volume to the system for the hotfix installation.
install sys software hotfix <hotfix_name>.iso volume <volume_name> [create-volume]
For example, to install a hotfix on HD1.1, the command appears similar to the following example in tmsh mode it will install the base file automatically conditionally all the OS file and HotFix and Enginnering HF must be available in F5 /shared/images before starting instation on a new partition.:
install sys software hotfix Hotfix-BIGIP-16.1.4.1.0.50.5-ENG.iso volume HD1.1
Post installation test:
root@(TEST_LAB-002)(cfg-sync Disconnected)(Standby)(/Common)(tmos)# show sys software
--------------------------------------------------------------------
Sys::Software Status
Volume Product Version Build Active Status Allowed Version
--------------------------------------------------------------------
HD1.1 BIG-IP 16.1.4.1 0.50.5 yes complete yes
HD1.2 BIG-IP 16.1.3.5 0.0.5 no complete yes---------------------------
Sys::Software Update Check
---------------------------
Check Enabled true
Phonehome Enabled true
Frequency weekly
Status none
Errors 0root@(TEST_LAB-002)(cfg-sync Disconnected)(Standby)(/Common)(tmos)# load sys config verify
Validating system configuration...
/defaults/asm_base.conf
/defaults/config_base.conf
/defaults/ipfix_ie_base.conf
/defaults/ipfix_ie_f5base.conf
/defaults/low_profile_base.conf
/defaults/low_security_base.conf
/defaults/policy_base.conf
/defaults/analytics_base.conf
/defaults/apm_base.conf
/defaults/apm_oauth_base.conf
/defaults/apm_pua_ssh_base.conf
/defaults/apm_saml_base.conf
/defaults/app_template_base.conf
/defaults/classification_base.conf
/var/libdata/dpi/conf/classification_update.conf
/defaults/ips_base.conf
/var/libdata/ips/ips_update.conf
/defaults/daemon.conf
/defaults/pem_base.conf
/defaults/profile_base.conf
/defaults/sandbox_base.conf
/defaults/security_base.conf
/defaults/urldb_base.conf
/usr/share/monitors/base_monitors.conf
/defaults/cipher.conf
/defaults/ilx_base.conf
Validating configuration...
Loading schema version: 16.1.3.5
/config/bigip_base.conf
/config/bigip_user.conf
/config/bigip.conf
Loading schema version: 16.1.4.1
There were warnings:
diffie-hellman-group-exchange-sha256 not supported. Replacing with default "ECDH_SHA2_NISTP256"I have done 1000+ OS upgrades in last many years , please let me know if i can be of any help to answer your queries in regard to OS upgrade and , i will be glad to assist you.
Reference document link
https://my.f5.com/manage/s/article/K13123
HTH
š
ā
jomedusaThanks so much for the responses...one final question is the host is not running the host fix it is running the base image of 16.1.4.1 will be an issue if the guest is running the hotfix?
Host/parent os and guest/child os are independent of each other.
You can check the host guest compatibility matrix in F5 site
They csn also be compatible on one on 26.x and child on 14.x but it's always recommended to have the latest version of is and hotfix on all the parent as well as guest as possible. When doing host guest upgrade change the state of guest to deploy to provision N vise versa to preserve their config from being corrupt. Same like we force offline similar way just shut down the all standby child vcmp gracefully on one side standalone parent before starting upgrading parent/host
K14088: vCMP host and compatible guest version matrix - MyF5 | Support https://my.f5.com/manage/s/article/K14088
- To install the hotfix image, use the following command syntax:
Hi jomedusa,
Yes, you have to install the hotfix before updating your system and test if the solution applied in the hotfix works correctly.
The steps are:
1. install the SO 16.1.4.1 base in a new disk partition for example disk 1.3.
2. Install the Hotfix in the same disk partition 1.3.
3. boot the partition 1.3 and test the new SO and Hotfix.
Hope it works.
