ACS 5.0 -> 5.1 upgrade errors

Unanswered Question
Aug 18th, 2010

We have a new ACS install and are trying to upgrade it from 5.0 to 5.1.  I'm currently following the instructions here:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/installation/guide/csacs_upg.html#wp1167547

I can't get past the first step for installing the 5.0.0.21.9 patch.  I have the repo configured on the ACS web interface as such:

Name:  bltauth2

Protocol:  SFTP

Server:  x.x.x.x

url/update-path:  acs-software/

I can run a "copy sftp://x.x.x.x/acs-software/5-0-0-21-9.tar.gpg disk:" from the command line and that works so I'm assuming the way I set up the repository is correct as well.

When I try to run this from the command line:

acs patch install 5-0-0-21-9.tar.gpg repository bltauth2

I receive this error:

Failed to copy file '5-0-0-21-9.tar.gpg' from repository bltauth2
(Error -311)

Error: patch install 5-0-0-21-9.tar.gpg from repository bltauth2 - transfer failed (code 1)

I can't find any error codes that would give me an idea as to what the problem is.

Any ideas?

Thanks,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
patrick.tuttle@... Wed, 08/18/2010 - 06:56

This coule be your problem ??

I just ran into similar problems and posted this yesterday.

=========================

Hello,

After beeting my head against the wall on this,  I decided to put the patch file onto a box that did not have pkzip or power archive on it.  Essentially so that this patch file would not associate itself to a program.

I then re-named it  to  5-1-0-44-3.tar.gpg   (it downloads from Cisco's web site as  5-1-0-44-3.tar.tar)

I then was then able to use FTP to apply the patch and do "acs patch install 5-1-44-3.tar.gpg (repository)

Seems as though the script only wants to see .gph ye for some strange reason the file downloads as .tar.tar

-pat

mlangguth Wed, 08/18/2010 - 07:09

Thanks for the reply.

The files are on the server in what looks to be the correct file extensions and permissions:

-rwxr-xr-x. 1 xxxx xxxx  36599738 2010-08-16 10:36 5-0-0-21-9.tar.gpg
-rwxr-xr-x. 1 xxxx xxxx  185473090 2010-08-16 10:49 ACS_5.0.0.21_ADE_OS_1.2_upgrade.tar.gpg
-rwxr-xr-x. 1 xxxx xxxx  580765137 2010-08-16 11:00 ACS_5.1.0.44.tar.gz

Thanks,

patrick.tuttle@... Wed, 08/18/2010 - 07:14

Did you extract the file ?  I don't think your suppose to if you did.  I'm no expert with this box, but I took the single file off Cisco web site and once I finally got to the ACS box the script runs to do the extraction.

-pat

mlangguth Wed, 08/18/2010 - 07:17

No, I left the files on the server as they were downloaded from cisco.com.

Thanks,

jrabinow Wed, 08/18/2010 - 10:19

One suggestion is to confirm the reporistory contents by issuing follow command from CLI:

show repository bltauth2

A second suggestion is to use the copy command you mentioned to copy the files to the local disk and the create a local repostory and perform the patch install from there

mlangguth Wed, 08/18/2010 - 10:32

Thanks.  I hadn't seen that command listed before.

The output is just as ambiguous as the other errors:

% Error opening directory on remote server

The "copy sftp://server/path/file" command works so I'm fairly certain I have the uid/pw/path correct in the repo.  Is there some caveat where sftp doesn't work for the software repository?

While the copying to the appliance works, it's not desireable.  We have 10 of these servers scattered acorss the country and having to copy each file down to a machine for this is going to take much more time than I want to spend on this and defeats the purpose of ever doing these in a centralized manner.

jrabinow Thu, 08/19/2010 - 11:55

Can you share the repository configuration. You can see it from the "show running-config" command

mlangguth Thu, 08/19/2010 - 13:09

That's the problem.

I have two test repositories set up on the web interface, one for sftp and one for ftp, neither of which show up in the running config on the CLI.  I can see both of them in the repository section of the web interface.

I had a TAC case open for this issue and they didn't know why that was happening either.  They showed me how to create a repo using the CLI, which I prefer anyway.

So I guess the mystery is why I can create a repository via the web interface and the CLI doesn't recognize that at all...and a repository created via the CLI doesn't show up on the web interface.

Is this some funky bug that's been fixed somewhere down the line?

jrabinow Thu, 08/19/2010 - 16:00

Yes. These do appear to be some funky bugs that were fixed later down the line

Cannot find a specific CDETS number but looking back at some 5.0 issues there was a limitation that "Repositories created in the GUI are only created at the time that a Upgrade/Patch is applied". That means if you create a repository from the GUI it would only get created at the CLI when it was used in patch installation also from the GUI and only at the server where the patch was run.

Bottom line is that for upgrade/patch from 5.0 it is best to perform all the operations from the CLI including creating the repository. Once you are upgraded to ACS 5.1 any repository created from the GUI is immediately created on the CLI for all servers in a distributed deployment. That is all repository information created from the GUI is reflected at the CLI

Actions

This Discussion

Related Content