Forum Discussion
Upgrade F5 Deploy Hotfix deployment
Hi Jomedusa,
You cannot install on a current working partition.
So use a unused partition or rewrite unused partition.
Now you must upoad the necessary base OS files and Hotfixes in F5 /shared/images using WINSCP as shown below in images or using your GUI which so ever is convenience to you, dont forget to take a Backup and license reactivation on standby else it will cause failover , do only ne box at a time if oyu are doing in a cluster, and once one box done make it primary and then primary to standby then ony do the 1st box , and check your boxes are covered under F5 Support before moving to OS installation on a new partition:
We call it a OS upgrade but in technical we install a new partition with new OS and Hotfix and then reboot the F5 to the new partition, and never touch the present working partiotn as it can be used for any contingency or OS failure then for restore purpose by boting back to old working partition, Please be informed during the entire proecess present working partition is not touched for any changes.
- To install the hotfix image, use the following command syntax:
Note: Include the create-volume option if you are adding a new volume to the system for the hotfix installation.
install sys software hotfix <hotfix_name>.iso volume <volume_name> [create-volume]
For example, to install a hotfix on HD1.1, the command appears similar to the following example in tmsh mode it will install the base file automatically conditionally all the OS file and HotFix and Enginnering HF must be available in F5 /shared/images before starting instation on a new partition.:
install sys software hotfix Hotfix-BIGIP-16.1.4.1.0.50.5-ENG.iso volume HD1.1
Post installation test:
root@(TEST_LAB-002)(cfg-sync Disconnected)(Standby)(/Common)(tmos)# show sys software
--------------------------------------------------------------------
Sys::Software Status
Volume Product Version Build Active Status Allowed Version
--------------------------------------------------------------------
HD1.1 BIG-IP 16.1.4.1 0.50.5 yes complete yes
HD1.2 BIG-IP 16.1.3.5 0.0.5 no complete yes---------------------------
Sys::Software Update Check
---------------------------
Check Enabled true
Phonehome Enabled true
Frequency weekly
Status none
Errors 0root@(TEST_LAB-002)(cfg-sync Disconnected)(Standby)(/Common)(tmos)# load sys config verify
Validating system configuration...
/defaults/asm_base.conf
/defaults/config_base.conf
/defaults/ipfix_ie_base.conf
/defaults/ipfix_ie_f5base.conf
/defaults/low_profile_base.conf
/defaults/low_security_base.conf
/defaults/policy_base.conf
/defaults/analytics_base.conf
/defaults/apm_base.conf
/defaults/apm_oauth_base.conf
/defaults/apm_pua_ssh_base.conf
/defaults/apm_saml_base.conf
/defaults/app_template_base.conf
/defaults/classification_base.conf
/var/libdata/dpi/conf/classification_update.conf
/defaults/ips_base.conf
/var/libdata/ips/ips_update.conf
/defaults/daemon.conf
/defaults/pem_base.conf
/defaults/profile_base.conf
/defaults/sandbox_base.conf
/defaults/security_base.conf
/defaults/urldb_base.conf
/usr/share/monitors/base_monitors.conf
/defaults/cipher.conf
/defaults/ilx_base.conf
Validating configuration...
Loading schema version: 16.1.3.5
/config/bigip_base.conf
/config/bigip_user.conf
/config/bigip.conf
Loading schema version: 16.1.4.1
There were warnings:
diffie-hellman-group-exchange-sha256 not supported. Replacing with default "ECDH_SHA2_NISTP256"I have done 1000+ OS upgrades in last many years , please let me know if i can be of any help to answer your queries in regard to OS upgrade and , i will be glad to assist you.
Reference document link
https://my.f5.com/manage/s/article/K13123
HTH
🙏
- jomedusaNov 30, 2023Altostratus
Thanks so much for the responses...one final question is the host is not running the host fix it is running the base image of 16.1.4.1 will be an issue if the guest is running the hotfix?
- Nov 30, 2023
Host/parent os and guest/child os are independent of each other.
You can check the host guest compatibility matrix in F5 site
They csn also be compatible on one on 26.x and child on 14.x but it's always recommended to have the latest version of is and hotfix on all the parent as well as guest as possible. When doing host guest upgrade change the state of guest to deploy to provision N vise versa to preserve their config from being corrupt. Same like we force offline similar way just shut down the all standby child vcmp gracefully on one side standalone parent before starting upgrading parent/host
K14088: vCMP host and compatible guest version matrix - MyF5 | Support https://my.f5.com/manage/s/article/K14088
- PhatANhappyNov 30, 2023MVP
There can be a interdependency on BIG3d - if you are using the GTM - IQUERY and LTM...
https://my.f5.com/manage/s/article/K25923322This was a much bigger deal in the earier days of vCMP - but its stuck in my head.
Since - i have used both methods without out noticing any different.
* - i also make sure, i am not allowing a version miss match for long periods of time. a day or 2 should not be an issue
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com