A recent cisco UCS vulnerabilities, we should upgrade to latest version.
Install Infrastructure Firmware
1. log in to CIMC https://XXXXX/) from the Jump server
2. Verify that there are no Critical alerts on the UCS Manager "Faults" section
3. Select the "Admin" tab on the left side pane
4. Select the "General" tab on the right-side pane
5. Click on "Backup Configuration"
6. Click on "Create Backup Configuration"
7. Select Admin State --> Enabled and Type --> Full State
8. Location of Backup File --> Local, and save the configuration file in safe location on jump box
9. Once the configuration is saved, Click OK to exit the window.
10. Login to UCS manager via putty session and perform the below steps.
# scope security
# scope keyring default
# set modulus mod2048
# set regenerate yes
# commit-buffer
UPGRADE UCS MANAGER – 3.2(3P)
1. Select the Equipment tab -> select the Equipment tree -> select Firmware Management tab -> then select the Installed Firmware tab.
2. Select UCS Manager at the top and click the Activate Firmware button.
3. In the Activate Firmware dialog select the new version of firmware from the Version to Be Activated drop-down menu and click ok.
1. UCS Manager will now upgrade. You will lose access to UCSM during the upgrade. Sit tight for a few minutes and it will be available again.
2. Log in again to UCSM and accept any Java warnings.
3. Select the Equipment tab -> select the Equipment tree -> select Firmware Management tab -> then select the Installed Firmware tab and verify that the Running Version has changed.
UPGRADE THE FABRIC INTERCONNECTS AND I/O MODULES
1. Select the Equipment tab -> select the Equipment tree -> select Fabric Interconnects
2. Select Fabric Interconnect A (primary) -> select High Availability Details on General Tab to expand.
3. Verify that HA settings are as follows: Ready: Yes, State: Up, Leadership: Primary, Cluster Link State: Full.
4. Select Fabric Interconnect B (subordinate) -> select configure Evacuation and click on and select Force button.
Click apply and wait until stopped traffic on Fabric Interconnect B (subordinate).
5. Please off the configure evacuation on Fabric Interconnect B (subordinate).
6. Select Fabric Interconnect B (subordinate) -> click Activate Firmware in Actions.
7. From the drop down menus select the desired Kernel and System Versions and then click OK.
(ucs-mini-k9-system.5.0.3.N2.3.23o.bin)
Fabric Interconnect B will now upgrade be including the I/O modules. This process will take approximately 20 to 25 minutes.
You can monitor the progress of the firmware upgrade from the FSM tab.
8. Use the FSM tab to monitor the progress of the firmware upgrade. Once the progress reaches 100% you can continue with
Fabric Interconnect A.
9. Connect via SSH directly to Fabric Interconnect IP address. Once connected you can run the below commands to
make the newly updated fabric interconnect the lead FI within the environment.
==============================================
UCS-A# connect local-mgmt
UCS-A(local-mgmt)# cluster lead b
=================================================
10. Now that Fabric Interconnect B has taken over the primary role. Just validate GUI also.
11. select Fabric Interconnect A and follow the all steps (4-9).
12. Fabric Interconnect A will now upgrade including the I/O modules. This process will take approximately 20 to 25 minutes.
You can monitor the progress of the firmware upgrade from the FSM tab. You may lose connectivity to UCSM during this
upgrade process as it’s the primary Fabric Interconnect that you are connected to and it will need to reboot
13. Validate the version. Select the Equipment tab -> select the Equipment tree -> select Firmware Management tab -> then select the Installed Firmware tab.
1. Check that the Fabric Interconnects and I/O Modules have a Running Version.
2. Now that both Fabric Interconnects have been upgraded you can go ahead and return to primary function back to
Fabric Interconnect A.
========================================
UCS-B# connect local-mgmt
UCS-B(local-mgmt)# cluster lead a
==============================================
Install Server Firmware: 3.2 (3p)
1. Put into Esxi host maintenance mode in vCenter.
2. Go to UCS manager and choose server under chassis.
3. Expand Servers > Click service profile on the right-side pane.
4. In the Work pane, click the General tab and choose the template.
5. On next click policies and expand Host Firmware Packages and choose the policy 3.2(3p)).
6. Click Apply and reboot the server and the upgrade process can be monitored under the FSM tab.
7. Once the upgrade is complete, validate the version.
8. Please refer to the below screenshots for reference.
5. Repeat all the above Steps on all ESXi hosts one by one.
UPGRADE UCS MANAGER from 3.2(3P) to 4.0(4i) version.
Follow the all steps UCS manager upgrade and choose 4.0(4i) version now.
Follow the all steps FI upgrade to 4.0(4i)
(ucs-mini-k9-system.5.0.3.N2.4.04g.bin)
Upgrade Server Firmware from 3.2 (3p) to 4.0 (4i) version.
6. Follow the all steps and choose the 4.0 version and perform all ESXi hosts one by one.
7. Once all completed, check if all the hosts are responding to ping and are accessible from vCenter.
8. Load balance virtual machines across all ESXi hosts.
------------------------------***-------------------------------------
Reviewed by Virtulization
on
April 22, 2021
Rating:
No comments: