CIMC Upgrade

Cisco - Data Centre


tl;dr

    1. Read the release notes and get an approved maintenance window.
    2. Get a server firmware .iso file from Cisco. Make sure it's for the hardware platform you are using!
    3. Boot the server off this .iso file. Press F6 during the boot for the boot menu.
    4. Run through the Host Upgrade Utility.
    5. Exit out the Host Upgrade Utility and let your server work the magic for an hour or so.
    6. Enjoy the new world with alternatives to Java!

    What's this for?

    CIMC Upgrade for me is when I just can't spend anymore time dealing with Java. It's also for keeping our CIMCs up to date and secure and this should be the biggest reason... but Java... argh.

    Demo Enviroment

    The outputs below come from the following setup...

    • Hardware: Cisco WLC 5520
    • OS: CIMC
    • Old Version: 2.0(9e)
    • New Version: 4.0(2g)
    • Date: 10-08-2019

    CIMC Upgrade

    So what we're going to do in this ramblings is run through the steps needed to your Cisco CIMC upgraded to the latest stable version of software.

    To be able to complete this guide you are going to need the following.

    • An approved maintenance window for your business (there was about 1-2 hours of downtime for me but this will depend on your exact setup and the amount of updates for perform.)
    • A valid maintenance contract with Cisco as you will need to download software from the Cisco website.

    So before our maintenance window starts let's get the .iso file downloaded off the Cisco website. Start off by going to the Cisco Software Download Website and find the 'server firmware' page your the hardware your working on. You will then need to download the Host Upgrade Utility (HHU) .iso file.

    Note: the release with the star next to it is the one Cisco recommends. However it's always worth reading the release notes just in case!

    Once this is downloaded just have a think about where you are and where your CIMC is. For example this is normally the sort of work i would do remotely so my CIMC would be in a DC somewhere and I might be at home in my hammock. I do find this is the best way to do any work by the way, if you can find woodland with a 4G connection... it's just a no brainer! This is fine however I do have to consider my internet link is about 10mbps on a good day; there is no way I want to be mounting iso files over that connection! To get around this I want to find a PC on the same site as the data centre that I can remotely access to mount the ISO from. Needless to say this needs to be logically close to; you don't want this going through 8 routers and 10 firewalls before it gets to the CIMC. If in doubt try and iPerf test, there is a guide here.

    So the maintenance window has started and we're ready to go! Lets start by connecting into our CIMC and launching the KVM.

    After this we will probably get some sort of warning from our browser saying, hmmm I'm not sure this file is a good idea.

    Followed by a 'Do you want to continue?'

    And just in case we haven't had enough popups....

    Why would you want to upgrade away from this?!

    Right, now we have our console open let active virtual devices.

    First will be followed by a security warning.

    Then we can map the .iso file. Remember do this from a PC thats got a good network link to the CIMC!

    Then select the .iso file we downloaded earier!

    Now we're at the point where we can reboot the server. Depending on what you'r running at the OS layer will depend on how you need to do it so I will leave that down to you. Once that's done and the server is booting back up we need to press the F6 key on this screen.

    This will be shortly followed by a list of boot devices where we select "Cisco vKVM-Mapped vDVD1.22".

    If this has all worked then you should see Linux' Tux followed by this screen.

    The utility will then start loading files, scanning for hardware, discovering hardware etc. This will probably take 30min - 1hour depending on you connection speeds.

    Once it's done with that you will need to accept the licence agreement.

    Then were into the Host Upgrade Utility itself!

    Now hit the "Update All" button and say "Yes" when you see this prompt.

    This has a feel for a Java KVM console download... Hit "Yes" again.

    At this point you have a few options, if you're at home doing this out of hours and you like you're odds go and grab a nice cold beer. However if your doing this in hours or are about more cautious about your maintenance then a good old fashioned English breakfast / Espresso should do you.

    After about 30 mins or so you should end up with a screen that looks like this. It's looking good! Let's exit out of the utility now.

    Hit "Yes" to this.

    At this point your server will completely die, the host won't respond to ping, the OS won't respond and if you were to go and look at the server at points all the lights will be off and no one will be home! Regretting having that beer now? On a serious note the beer suggestion was for comic effect here, if you're working on production stuff don't be drinking beer! If you're in a lab though.... have a google for "Ballmer Peak".

    After about 30mins - 1hour, depending on how much upgrade work there is to do, the server will come back up with OS and all! During the upgrade process the server will start spinning the fans up full pelt, flashing its lights and if you're monitoring the CIMC interface you may get alerts this is going up and down too. Don't worry this behaviour is all normal you havn't just turned your server into an over sized paper weight!

    When you do notice the host OS come backup then you should be able to log into the CIMC again.

    The best thing if you ask me is this... HTML console. Bye bye Java!

    If you haven't signed the certificates for the CIMC you will get one warning message but that's it followed by this!

    On a quick side note, if like me, you do most of your administration via SSH/CLI you should be aware that the SSH keys will have been updated to something a bit longer! This is a good thing as its more secure so don't worry too much.