Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Upgrading two C370's in a cluster from 7.6.3-019 t0 8.5.6

Upgrading two C370's in a cluster from 7.6.3-019 t0 8.5.6 soon. Never did a upgrade on these since we got them or a Cisco appliance. Is it possible to revert back to original firmware if it was needed? I don't think I ever had to do this with any appliance but just wanted to know if it was possible. Anyone deploy this latest version that wants to share their experience?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Just like in the GUI you will

Just like in the GUI you will be presented with the possible upgrade options in the CLI process of performaing an upgrade.  Please make sure you choose the correct option as part of the process as both appliances will need to be brought to the same Async O/S version in order to reconnect as a cluster.  Following is the text file as it should appear when completing the upgrade thru the CLI.  Some questions and installation text may vary based on your current version installed but basically they will be similar.  

(Machine ESA1.user.com)> upgrade

Choose the operation you want to perform:
- DOWNLOADINSTALL - Downloads and installs the upgrade image (needs reboot).
- DOWNLOAD - Downloads the upgrade image.
[]> downloadinstall
 
You must disconnect all machines in the cluster in order to upgrade them. Do
you wish to disconnect all machines in the cluster now? [Y]> (This question will only be on the first appliance)
 
Upgrades available.
1. AsyncOS 8.5.6 build 073 upgrade For Email, 2014-05-12
2. AsyncOS 8.5.6 build 074 upgrade For Email, 2014-07-02
[2]> 
 
Would you like to save the current configuration to the configuration directory
before upgrading? [Y]>
 
Would you like to email the current configuration before upgrading? [N]>
 
Do you want to include passwords? Please be aware that a configuration without
passwords will fail when reloaded with loadconfig. [Y]>
 
Performing an upgrade may require a reboot of the system after the upgrade is
applied. You may log in again after this is done. Do you wish to proceed with
the upgrade? [Y]> (upgrade process auto starts after this question - no stopping now)
 
Downloading Reputation Engine... done.
Downloading application... done.
Downloading CASE... done.
Downloading Sophos Anti-Virus... done.
Downloading AsyncOS... done.
Downloading Scanners... done.
Downloading Brightmail Anti-Spam... done.
Downloading Enrollment Client... done.
Downloading Tracking Tools... done.
Preserving configuration ...
Finished preserving configuration
Cisco IronPort Email Security Appliance(tm) Upgrade
Finding partitions... done.
Setting next boot partition to current partition as a precaution... done.
Erasing new boot partition... done.
Extracting repengroot done.
Extracting eapp done.
Extracting scanerroot done.
Extracting splunkroot done.
Extracting bmroot done.
Extracting savroot done.
Extracting ipasroot done.
Extracting ecroot done.
Extracting distroot done.
Configuring AsyncOS disk partitions... done.
Configuring AsyncOS user passwords... done.
Configuring AsyncOS network interfaces... done.
Configuring AsyncOS timezone... done.
Moving new directories across partitions... done.
Installing pre-boot files...Dumping Postgres DB...
Syncing... done.
Reinstalling boot blocks... done.
Will now boot off new boot partition... done.
 
Upgrade complete.  It will be in effect after this mandatory reboot.
 
Upgrade installation finished.
Enter the number of seconds to wait before forcibly closing connections.
[30]>
 
System rebooting.  Please wait while the queue is being closed...
3 REPLIES
New Member

Yes, I have deployed 8.5.6

Yes, I have deployed 8.5.6-074 on a pilot cluster (2 node) with no issues.  We have 8.5.6-073 deployed on our 10 node production cluster, will be updating to 8.5.6-074 as soon as possible.

Make sure you go to 8.5.6-074 as it has the latest hotfix for memory leak as well as a couple other hotfixes.

It is very difficult to revert cluster nodes back to a version, if that is a requirement work with TAC to break your cluster and get individual node backups in order to revert.  This is more pre-work but your policies might require it.

If you do not take individual backups with cluster nodes you are presented an option to administratively disconnect the nodes for the upgrade process.  Note: I have never had to revert a Async O/S upgrade and I have done several - going back to 6.x.x days (before clustering)

I find performing upgrades using a CLI window better than using the GUI - I am more comfortable with the feedback during that process.

Following are the basic steps I take to upgrade a node: doing one node at a time 

1. use "delivernow" to deliver as many queue messages as possible

2. use "suspend" to stop all delivery during the upgrade of that node

3. type "upgrade" and follow instructions carefully (if you want I can send you text from the CLI process)

4. reboot - I have had issues with 8.1.x and 8.5.x releases where the system does not shutdown on the reboot process - I have had to recycle some appliances (especially virtual appliances)

5. after reboot you will need to type "resume" to restart email delivery

6. after all nodes are upgraded then you will need to run "clusterconfig" to restart cluster services and reconnect your cluster nodes.

Fairly easy process and TAC can be a great support tool if you need assistance.

New Member

Thanks for all that

Thanks for all that information!. It is very helpful. I just checked and I have about 5 versions available to me including -074. If I just type upgrade, will it give me a choice as to which version I want using the CLI or does it automatically pull down the latest?

New Member

Just like in the GUI you will

Just like in the GUI you will be presented with the possible upgrade options in the CLI process of performaing an upgrade.  Please make sure you choose the correct option as part of the process as both appliances will need to be brought to the same Async O/S version in order to reconnect as a cluster.  Following is the text file as it should appear when completing the upgrade thru the CLI.  Some questions and installation text may vary based on your current version installed but basically they will be similar.  

(Machine ESA1.user.com)> upgrade

Choose the operation you want to perform:
- DOWNLOADINSTALL - Downloads and installs the upgrade image (needs reboot).
- DOWNLOAD - Downloads the upgrade image.
[]> downloadinstall
 
You must disconnect all machines in the cluster in order to upgrade them. Do
you wish to disconnect all machines in the cluster now? [Y]> (This question will only be on the first appliance)
 
Upgrades available.
1. AsyncOS 8.5.6 build 073 upgrade For Email, 2014-05-12
2. AsyncOS 8.5.6 build 074 upgrade For Email, 2014-07-02
[2]> 
 
Would you like to save the current configuration to the configuration directory
before upgrading? [Y]>
 
Would you like to email the current configuration before upgrading? [N]>
 
Do you want to include passwords? Please be aware that a configuration without
passwords will fail when reloaded with loadconfig. [Y]>
 
Performing an upgrade may require a reboot of the system after the upgrade is
applied. You may log in again after this is done. Do you wish to proceed with
the upgrade? [Y]> (upgrade process auto starts after this question - no stopping now)
 
Downloading Reputation Engine... done.
Downloading application... done.
Downloading CASE... done.
Downloading Sophos Anti-Virus... done.
Downloading AsyncOS... done.
Downloading Scanners... done.
Downloading Brightmail Anti-Spam... done.
Downloading Enrollment Client... done.
Downloading Tracking Tools... done.
Preserving configuration ...
Finished preserving configuration
Cisco IronPort Email Security Appliance(tm) Upgrade
Finding partitions... done.
Setting next boot partition to current partition as a precaution... done.
Erasing new boot partition... done.
Extracting repengroot done.
Extracting eapp done.
Extracting scanerroot done.
Extracting splunkroot done.
Extracting bmroot done.
Extracting savroot done.
Extracting ipasroot done.
Extracting ecroot done.
Extracting distroot done.
Configuring AsyncOS disk partitions... done.
Configuring AsyncOS user passwords... done.
Configuring AsyncOS network interfaces... done.
Configuring AsyncOS timezone... done.
Moving new directories across partitions... done.
Installing pre-boot files...Dumping Postgres DB...
Syncing... done.
Reinstalling boot blocks... done.
Will now boot off new boot partition... done.
 
Upgrade complete.  It will be in effect after this mandatory reboot.
 
Upgrade installation finished.
Enter the number of seconds to wait before forcibly closing connections.
[30]>
 
System rebooting.  Please wait while the queue is being closed...
559
Views
0
Helpful
3
Replies
CreatePlease login to create content