CirrusHotfix Upgrade on LTM HA pair
We received a vulnerability report about a possible ssl attack with our current LTM software . Currently we are running 12.1.2.1.0.271 base image while the hotfix image is on 12.1.2.1.0.271 HF1 . F5 iHealth suggest to upgrade the hotfix version to 12.1.2.2.0.276-HF2 . What are the things that we need to do in order to upgrade the Hotfix. I understand that you can not install the new hotfix image to the active partition . Checking our current setup, the image is active on HD1.1 same with the base image .
- Can we overwrite the HD1.2 or HD1.3 since they are inactive ?
- Would Hotfix install on HD1.2 or HD1.2 also install the base image on the same disk Volume . The reason I ask is because if you activate the new boot location , I believe it will also affect the base image .
Volume Product Version Build Active Status
----------------------------------------------------
HD1.1 BIG-IP 12.1.2 1.0.271 yes complete
HD1.2 BIG-IP 11.5.3 2.0.196 no complete
HD1.3 BIG-IP 13.0.0 2.0.1671 no complete
Sys::Version
Main Package
Product BIG-IP
Version 12.1.2
Build 1.0.271
Edition Hotfix HF1
Hi,
F5've changed how they manage hot-fixes. First, they are not called "hot-fixes" anymore. Instead, F5 refer to it as "point releases", which are reflected as the forth number in the period delimited version number. So you no longer need to install a primary ISO and a separate Hot-Fix ISO.
In the new Point Release system, a point release (formerly known as a hotfix rollup) now includes the full software to allow the point release image to install to a partition without needing a base image.
- The base image the hotfix is updating must reside on the BIG-IP system.
The base image must be stored in the default image location, /shared/images so the BIG-IP system can automatically install the image if needed when you perform a hotfix installation. For example if you install HF1 for 11.5.4 on BIG-IP 11.0.0, the system automatically installs the base BIG-IP 11.5.4 image before applying the hotfix; therefore, the base image must be available to the BIG-IP system. The same occurs when you install the hotfix to a new volume.
2. The hotfix installation copies the running configuration and license from the current boot location to the target install location. When you install a hotfix to a target boot location, the system automatically installs the configuration and license from the current boot location to the target installation location.
3. When installing a hotfix, you must run the hotfix installation from an active boot location and specify an inactive boot location as the target install location. This behavior allows you to prepare an inactive boot location, in advance, by installing the hotfix on an existing volume or new volume, and then boot to the new location when you are ready to run the configuration.
4. For example in your case, BIG-IP system is running BIG-IP 12.1.2 on the active boot location (for example, HD1.1), and you want to install HF2, prepare an inactive boot location for the installation (for example, HD1.2). During the maintenance window, you can then designate HD1.2 as the active boot location and boot the system to it. If you need to revert to the previous hotfix version, you can boot to the former-active boot location that contains the hotfix (HD1.1 in this example).
Hope it helps you!
Mayur
