F5 Logo MyF5
Search
  1. MyF5 Home
  2. F5 rSeries Systems: Installation and Upgrade
  3. Install or Upgrade Software
Manual Chapter : Install or Upgrade Software

Applies To:

Show Versions Show Versions

F5OS-A

  • 1.0.1, 1.0.0
Manual Chapter

Install or Upgrade Software

Installation and upgrade options

There are several types of installation and upgrade options for F5OS software:
  • System upgrade
  • Clean (or bare metal) installation

System upgrade

A system upgrade installs new Base OS software on the system and results in a service outage. This method preserves old image and configuration data, and includes these three sub-types:
ISO upgrade
Upgrades both the operating system (OS) and services for the Base OS software.
Partial upgrade
Upgrades os or services for Base OS software. The partial update OS file has a .os extension and service file has a .img extension. You import partial upgrade files by using either the
system import
 command or by using SCP to copy files to the system at the
images/import/os
 or
images/import/services
 directories respectively.
Patch upgrade
Upgrades or patches a subset of Base OS software. The patch file has a .patch extension. You import patch upgrade files by using either the
file import
 command or by using SCP to copy files to the system at the
images/import/services
 directory.
Note:
 Currently, the patch upgrade option is not supported on F5OS software. However, this option might be supported for all versions of F5OS-A.

Clean installation

A clean installation reformats the disk of specific components and restores the system to factory defaults.
Formatting erases all data on your system.
For information on configuring your
rSeries
 system after you complete a software installation or upgrade, see
F5 rSeries Systems: Administration and Configuration
 in the F5OS Knowledge Center at support.f5.com.

System
 upgrades

You perform a system upgrade of F5OS software when you want to upgrade the software on
the system
 with a point release or engineering hotfix. This installation method results in a service outage and reboots the
system
 automatically when installation completes.

Perform a system upgrade of F5OS software

Verify that you have downloaded and imported the F5OS-A image files from F5 before you attempt to upgrade.
You can upgrade F5OS software on a system from the CLI. This method results in a service outage.
  1. Connect to the system using a management console or console server.
    The default baud rate and serial port configuration is 19200/8-N-1.
  2. Log in to the command line interface (CLI) of the system using an account with admin access.
    When you log in to the system, you are in user (operational) mode.
  3. Verify that the Base OS image you want to install is listed, and the status is
    ready
    .
    show system image
    This verifies that the ISO is imported properly to the image server on the system, and the system can access these images when it reboots.
    A summary similar to this example displays: 
    appliance-1# show system image
				    IN
VERSION OS  STATUS  DATE        USE
--------------------------------------
1.0.0-1234  ready   2021-08-31  true

VERSION                         IN
SERVICE     STATUS  DATE        USE
--------------------------------------
1.0.0-1234  ready   2021-08-31  true

VERSION                         IN
ISO         STATUS  DATE        USE
---------------------------------------
1.0.0-1234  ready   2021-08-31  false
  4. Change to config mode.
    config
    The CLI prompt changes to include
    (config)
    .
  5. Set the ISO version to the new version and use the
    out-of-service
     option to update the software on the system.
    system image set-version iso-version <
    version
    > proceed [
    yes
     |
    no
     ]
    By default, you will be prompted to confirm the upgrade. To bypass the confirmation prompt, include
    proceed yes
     at the end of the command sequence.
    This example shows upgrading the ISO version: 
    appliance-1(config)# system image set-version iso-version 1.0.0-1234
    These examples show upgrading
    os-version
     and
    service-version
    :
    Upgrade OS version: 
    appliance-1(config)# system image set-version os-version 1.0.0-1234
    Upgrade service version: 
    appliance-1(config)# system image set-version service-version 1.0.0-1234
  6. When the compatibility check succeeds, type
    yes
     to proceed with the installation process.
    A summary similar to this excerpt displays:
    appliance-1(config)# system image set-version iso-version 1.0.0-1234
Changing software version will trigger system reboot and interrupt tenant operation. Proceed? [yes/no]: yes
response System iso version has been set
The system installs the upgrade and reboots to the new version. This results in a temporary service outage.

Clean installation

You perform a clean installation of F5OS software when you want to start from scratch or when the system is not recoverable. This installation method requires you to use either the built-in
rSeries
 PXE server or a USB flash drive.
Performing a clean installation destroys all information on your system.
Before performing a clean installation of F5OS software on your
rSeries
 system, you must meet these prerequisites:
  • Be able to access the system from a management console or console server
  • Have root account access
    If your system has appliance mode enabled, you must first disable appliance mode before you can perform a clean installation using a USB flash drive.

Clean installation using a USB flash drive

When you perform a clean installation of F5OS software on your system using a USB flash drive, you must first enable the front panel USB port on your system.
For security purposes, the USB port on the system is disabled by default. You can use Always-On Management (AOM) to enable the front panel USB port. For more information, see the platform guide for your appliance model at support.f5.com/csp/knowledge-center/hardware.

Enable the front-panel USB port

The front-panel USB port on the platform is disabled by default, but you can use Always-On Management (AOM) to enable the USB port.
  1. Connect to the system using a management console or console server.
    The default baud rate and serial port configuration is 19200/8-N-1.
  2. Open the AOM Command Menu.
    Esc (
    The system displays the AOM Command Menu: 
    [root@appliance-1 ~]# 

AOM Command Menu:

A --- Reset AOM
B --- Set baud rate
I --- Display platform information
P --- Power on/off host subsystem
R --- Reset host subsystem
U --- Front panel USB port
Q --- Quit menu and return to console

Enter Command:
  3. Type
    U
     to configure the USB port on the system.
    The system displays the current status of the USB port: 
    Front panel USB next boot setting: disabled
						
0 -- Disable front panel USB port
1 -- Enable front panel USB port
						
Note: Reboot is necessary for change to take effect.
						
Select Option:
  4. Type
    R
     to reset (restart) the host subsystem.

Create a bootable USB flash drive

Before you create a bootable USB flash drive, be sure that you have used Always-On Management (AOM) to enable the USB port on your system, as the USB port is disabled by default. Also, be sure that you have copied the ISO images to
images/staging/
 on your system.
You can use an existing F5 rSeries system to create a bootable USB flash drive that contains an F5OS-A software ISO image.
  1. Connect to the system using a management console or console server.
    The default baud rate and serial port configuration is 19200/8-N-1.
  2. Log in as the root user.
    The default login credentials are root/default. When logging in as root for the first time, the system prompts you to change the password.
  3. Create a bootable drive.
    dd if=<
    iso-image
    > of=/dev/sda bs=1M oflag=sync status=progress
    This example writes a specified software ISO to the flash drive:
    [root@appliance-1 ~]# dd if=/var/import/staging/F5OS-A-1.0.0 of=/dev/sda bs=1M
  oflag=sync status=progress
    This command sequence writes the ISO image to the flash drive. The flash drive creation process might take several minutes.
You can now use this USB flash drive to boot F5 rSeries systems, as needed.

Perform a clean installation of F5OS software

You can use a USB flash drive to perform a clean installation of F5OS software onto the system from the CLI.
  1. Plug the USB flash drive into the USB port for the system that you are installing onto.
  2. Connect to the system using a management console or console server.
    The default baud rate and serial port configuration is 19200/8-N-1.
  3. Log in as the root user.
    The default login credentials are root/default. When logging in as root for the first time, the system prompts you to change the password.
  4. Reboot the system.
    reboot
  5. Intercept the boot by typing
    b
     at the BIOS setup screen, and then select the USB flash drive that you created.
  6. From the Installer menu, select
    Install F5OS-A
    .
    The installation proceeds automatically.
After the installation completes and the system is fully rebooted to the Host OS, you can remove the USB flash drive.
It might take 10-15 minutes for the system to fully boot after a clean installation.

Clean installation using a PXE server

You can perform a clean installation of F5OS software on your system using an external PXE server.

Prerequisites

Before you use an external PXE server to do a clean installation of F5OS software on your system, verify that the external PXE server is configured as follows:
  • The PXE server must be on the same network segment as the
    rSeries
     platform
  • The PXE server must be configured with PXE technologies, including DHCP, TFTP, and HTTP
  • On the PXE server, the TFTP root directory is at
    /tftpboot
    , and within the
    /tftpboot
     directory, there is a directory named
    pxelinux.cfg
    .
  • The
    /tftpboot
     directory contains these UEFI files:
    • syslinux.efi
    • ldlinux.e64
  • An HTTP service is configured on a file server with
    /var/www/html
     as its root directory, and the
    /tftpboot
     directory is symlinked within the
    /var/www/html
     directory.
  • The DHCP server has the
    filename
     option configured as
    syslinux.efi
  • SELinux (or similar security measures) must be configured to allow TFTP to read and send the contents of the
    /tftpboot
     directory.
  • Any firewalls must allow network access to the HTTP and TFTP services on the PXE server.

Prepare for a PXE installation

Before you install using a PXE server, you must already have configured a PXE server in your network.
To prepare for a PXE installation, you must make an F5OS-A image file available on the PXE server, determine the MAC address for your
rSeries
 platform, and create a PXE configuration file.
  1. Download a software image file from the F5 downloads site (downloads.f5.com).
  2. Import the image file onto your PXE server.
  3. Mount the image file into the
    /mnt
     directory, and then copy the contents to
    /tftpboot
    .
     
    mount -o loop,ro /var/<
    filename
    >.iso /mnt/f5os-a
cp /mnt/f5os-a /tftpboot/f5os-a -R
    The image file is now available over TFTP and HTTP.
  4. Determine and make note of the MAC address for your
    rSeries
     platform
    show interfaces interface mgmt ethernet state
    An summary similar to this example displays: 
    appliance-1# show interfaces interface mgmt ethernet state
ethernet state auto-negotiate true
ethernet state duplex-mode FULL
ethernet state port-speed SPEED_1GB
ethernet state hw-mac-address 00:12:a1:34:56:02
ethernet state negotiated-duplex-mode FULL
ethernet state negotiated-port-speed SPEED_1GB
ethernet state counters in-mac-pause-frames 0
ethernet state counters in-oversize-frames 0
ethernet state counters in-jabber-frames 0
ethernet state counters in-fragment-frames 0
ethernet state counters in-crc-errors 0
ethernet state counters out-mac-pause-frames 0
  5. Create a PXE configuration file in the
    /tftpboot/pxelinux.cfg
     directory, where the name of the file is the MAC address of the platform, prefixed with "01".
    All double hex values in the file name should be delimited with a dash. For example, the configuration file for the MAC address identified above would be named 01-00-12-a1-34-56-02.
    The configuration file should contain this information: 
    SAY Now booting F5OS-A
						
DEFAULT F5OS-A
						
LABEL F5OS-A
						
KERNEL /f5os-a/images/pxeboot/vmlinuz edd=off
APPEND initrd=/f5os-a/images/pxeboot/initrd.img inst.stage2=http://<pxe-server-ip-address>/tftpboot/f5os-a ks=http://<pxe-server-ip-address>/tftpboot/f5os-a/ks.cfg console=ttyS0 inst.sshd=1
Next, you can reboot the system and initiate a clean installation from the PXE server.

Install F5OS-A software on a system using a PXE server

Before you install using a PXE server, you must have copied an F5OS-A image file (.iso) to the PXE server and created a PXE configuration file on the server.
You can use an external PXE server to perform a clean installation of F5OS software onto the system from the CLI.
  1. Connect to the system using a management console or console server.
    The default baud rate and serial port configuration is 19200/8-N-1.
  2. Log in to the command line interface (CLI) of the system using an account with root access.
  3. Reboot the system.
    reboot
  4. Intercept the boot by typing
    p
     at the BIOS setup screen.
    The system automatically resets, goes into PXE boot mode, and the installation proceeds automatically. When the installation completes, the system restarts automatically.
    It might take 10-15 minutes for the system to fully boot after a clean installation.
  5. After the system is fully booted, copy the F5OS-A image file (.iso) to the
    /var/export/chassis/import/iso
     directory on the system.
    The F5OS-A image must be the same version that you used when booting the system from a PXE server.

Tenant software upgrade installation

To upgrade tenant software, you must log in to the tenant using the tenant's web-based management interface or command-line interface (CLI), upload the updated software version, and then perform the upgrade inside the tenant.
F5
rSeries
 systems support running these tenants, for which the installation files are available as .bundle images:
  • BIG-IP software
For information on F5OS software compatibility with F5 hardware, see K9476: The F5 hardware/software compatibility matrix.
For documentation about installing and configuring BIG-IP software, see the BIG-IP LTM Knowledge Center for your specific BIG-IP software version.

Tenant image overview

These BIG-IP tenant images are available to deploy on
F5
rSeries
 systems:
  • ALL-F5OS
  • T4-F5OS
  • T2-F5OS
  • T1-F5OS
T1-F5OS has limitations so using the other images is recommended. Other images must be downloaded from the F5 downloads site.
Each image type has different uses so you need to be sure to use the correct type for your tenant needs. For additional information about tenant image types, see K45191957: Overview of the BIG-IP tenant image types.

Tenant resource allocation considerations

These are recommended resource considerations for determining the amount of memory (RAM) to allocate when planning tenant deployments on
rSeries
 systems:
  • Most systems have up to 128 GB of memory that can be allocated to tenants. Larger r10000 Series systems have up to 256 GB. Not all of that memory is available for tenants.
  • 95 GB is available for tenants, the rest (~33 GB) is for use by the OS/Platform layer.
  • There are recommended minimum memory allocations for each tenant based on the number of vCPUs assigned.
  • There is an advanced setting where additional memory can be assigned out of the pool to a tenant.
  • This formula is used for default memory allocation:
    min-memory = (3.5 * 1024 * vcpu-cores-per-node) + 512
  • You can specify more than the minimum amount of memory when configuring a tenant, if needed.
These are some of the resource considerations for disk space when planning tenant deployments on
rSeries
 systems:
  • Each system has approximately 1300 GB of disk storage available for tenants.
  • The amount of disk space that a tenant actually needs is dependent on the number of modules provisioned and its use.
  • As the aggregate disk usage within deployed tenants increases, the host disk can start to reach capacity on systems with many large tenants. The administrator will need to monitor disk usage to make sure there is sufficient space for the tenants.

Create and deploy tenants from the CLI

Before you get started, import the tenant images you want to use for the tenant deployments. You must already have created VLANs on the system. Before you can create and deploy tenants, you also need to estimate resource requirements so you know how many vCPUs, memory, and other options to assign to the tenant.
You can create and deploy tenants from the CLI.
  1. Log in to the command line interface (CLI) of the system using an account with admin access.
    When you log in to the system, you are in user (operational) mode.
  2. Change to config mode.
    config
    The CLI prompt changes to include
    (config)
    .
  3. Create and deploy the tenant.
    tenants tenant <
    name
    > config <
    options
    >
    These options are available:
    Option
    Description
    appliance-mode
    Enable or disable root and bash access for the tenant.
    cryptos
    Enable or disable crypto device support for the tenant.
    gateway
    User-specified gateway for the tenant management IP address.
    image
    User-specified image for tenant.
    memory
    User-specified memory in MBs for the tenant.
    mgmt-ip
    User-specified management IP address for tenant management access.
    name
    User-specified name for the tenant.
    nodes
    User-specified node numbers to schedule the tenant.
    prefix-length
    User-specified prefix length for the tenant management IP address.
    running-state
    User-specified state for the tenant: configured, provisioned, or deployed.
    storage
    Storage quota for the tenant.
    type
    Tenant type. The default value is BIG-IP.
    vcpu-cores-per-node
    User-specified number of logical CPU cores for the tenant.
    vlans
    User-specified vlan-id from VLAN table for the tenant.
    This example creates a BIG-IP tenant called
    bigip-vm
     that spans four nodes and is in the Configured running state, by default: 
    appliance-1# tenants tenant bigip-vm config type BIG-IP 
  image BIGIP-15.x.x-0.0.x.ALL-F5OS.qcow2.zip.bundle mgmt-ip 192.0.2.200
  prefix-length 24 gateway 192.0.2.254 nodes [ 1 2 3 4 ]
  4. Commit the configuration changes.
    commit
  5. You can monitor the operational state of the tenant and move the tenant into the provisioned state.
    tenants tenant bigip-vm config running-state provisioned
    This causes the system to assign the tenant to nodes and create virtual disks for the tenant on those nodes.
  6. Show the current status for the tenant:
    show tenants tenant bigip-vm
    When the system is creating the virtual disk and installing the image on a disk, the operational state of the tenant shows this information:
    • PHASE – Allocating resources to the tenant is in progress
    • status – Provisioning
    A summary similar to this example displays:
    tenants tenant bigip-vm
state name          bigip-vm
state type          BIG-IP
state mgmt-ip       192.0.2.200
state prefix-length 24
state gateway       192.0.2.254
state cryptos       disabled
state vcpu-cores-per-node 2
state memory        7680
state running-state deployed
state mac-data mgmt-mac 00:0a:49:ff:20:0c
state mac-data base-mac 00:0a:49:ff:20:0d
state mac-data mac-pool-size 1
state appliance-mode disabled
state status        Provisioning
INSTANCE                                                    
NODE  ID        PHASE                                          
1     1         Allocating resources to tenant is in progress ...                        
2     2         Allocating resources to tenant is in progress ...                   
3     3         Allocating resources to tenant is in progress ... 
4     4         Allocating resources to tenant is in progress ...
    When the system completes the virtual disk creation, the operational state shows this information:
    • PHASE – Ready to deploy
    • status – Provisioned
    A summary similar to this example displays:
    tenants tenant bigip-vm
state name          bigip-vm
state type          BIG-IP
state mgmt-ip       192.0.2.200
state prefix-length 24
state gateway       192.0.2.254
state cryptos       disabled
state vcpu-cores-per-node 2
state memory        7680
state running-state deployed
state mac-data mgmt-mac 00:0a:49:ff:20:0c
state mac-data base-mac 00:0a:49:ff:20:0d
state mac-data mac-pool-size 1
state appliance-mode disabled
state status        Provisioned

INSTANCE               
NODE  ID        PHASE             
---------------------------------
1     1         Ready to deploy  ...
2     2         Ready to deploy  ...
3     3         Ready to deploy  ...
4     4         Ready to deploy  ...
  7. You can then deploy the tenant.
    tenants tenant bigip-vm config running-state deployed
    This example moves the tenant into the deployed state, which causes the system to start and maintain VMs on each node to which the tenant is assigned.
  8. Commit the configuration changes.
    commit
  9. You can check the status of the tenant.
    show tenants tenant bigip-vm state instances
    A summary similar to this example displays: 
          INSTANCE 
NODE  ID        PHASE    IMAGE NAME      ... STATUS 
--------------------------------------------------------------------
1     1         Running  BIGIP-bigip15.1.... Started tenant instance
2     2         Running  BIGIP-bigip15.1.... Started tenant instance
Once you configure and deploy the tenant, and the Status is updated to Running, then you can use the management IP address to access the tenant system using SSH, the web-based interface, or TMOS Shell (
tmsh
).
Once a tenant is Deployed (and is up and running), changing its state back to Configured or Provisioned stops the tenant. You will receive a warning message before this occurs.

Create and deploy tenants from the webUI

You must have imported the tenant images that you want to use for the tenant deployments into the system. You must also have previously created any required VLANs. Before you can create and deploy tenants, you also need to estimate resource requirements so you know how many vCPUs, memory, and other options to assign to the tenant.
An administrator can deploy tenants from the webUI.
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    TENANT MANAGEMENT
    Tenant Deployments
    .
    The Tenant Deployment screen displays showing the existing tenant deployments and associated details.
  3. To add a tenant deployment, click
    Add
    .
    The Add Tenant Deployment screen displays.
  4. For
    Name
    , type a name for the tenant deployment (up to 49 characters).
    The first character in the name cannot be a number. After that, only lowercase alphanumeric characters and hyphens are allowed.
  5. For
    Type
    , keep the default setting of
    BIG-IP
    .
  6. For
    Image
    , select the software image that was previously imported onto the system.
    Ensure that the image you selected meets your tenant deployment needs.
  7. For
    IP Address
    , type the IPv4 address, IPv6 address, or Fully Qualified Domain Name (FQDN) for the tenant.
  8. For
    Prefix Length
    , type a number from 1-32 for the length of the prefix.
  9. For
    Gateway
    , type the IPv4 address or IPv6 address of the gateway.
  10. For
    VLANs
    , select one or more VLANs that are available to the tenant.
    You can assign VLANs to more than one tenant.
  11. For
    Resource Provisioning
    , select one of these options:
    Option
    Description
    Recommended
    Recommended values for vCPUs and memory for the tenant.
    Advanced
    Enables you to configure custom values for vCPUs and memory on the tenant. For example, if you want to configure a single vCPU tenant, or a tenant that uses more than the recommended amount of memory.
  12. For
    vCPUs
    , select the number of vCPUs to provide to the tenant.
    The minimum recommended number of vCPUs per typical tenant is two (one vCPU is sufficient only for lightweight tenants that cannot be updated). Each blade has up to 22 vCPUs. The number of vCPUs needed depends on the amount of traffic the tenant will be handling. More vCPUs provide faster throughput.
  13. For
    Memory
    , specify the amount of RAM, in MB, to allocate to the tenant.
    The amount of memory needed depends on the number of vCPUs assigned. The minimum amount of memory needed is determined by the formula
    [(3.5 * 1024 * #ofvCPUs) + 512]
    , so a two vCPU tenant needs a minimum of 7680 MB, and a four vCPU tenant needs a minimum of 14,848MB.
    If you do not allocate sufficient memory, you receive a warning message.
  14. For
    Virtual Disk Size
    , specify the storage quota, in GB, for the tenant virtual disk.
    The default size is 76 GB, and the disk size range is from 22 GB to 700 GB.
  15. For
    State
    , choose one of these options:
    Options
    Description
    Configured
    The tenant configuration exists on the system, but the tenant is not running, and no hardware resources (CPU, memory) are allocated to it. This is the initial state and the default.
    Provisioned
    Moves the tenant into the Provisioned state, which causes the system to install the software, assign the tenant to nodes, and create virtual disks for the tenant on those nodes. If you choose this option, it takes a few minutes to complete the provisioning. The tenant does not run while in this state.
    Deployed
    Changes the tenant to the Deployed state. The tenant is set up, resources are allocated to the tenant, the image is moved onto the system, the software is installed, and after those tasks are complete, the tenant is fully deployed and running. If you choose this option, it takes a few minutes to complete the deployment and bring up the system.
    Once a tenant is Deployed (and is up and running), changing its state back to Configured or Provisioned stops the tenant. You will receive a warning message before this occurs.
  16. For
    Crypto/Compression Acceleration
    , select
    Enabled
     if the tenant requires high-performance crypto processing and compression.
    When this option is enabled, the tenant receives dedicated crypto devices proportional to number of vCPU cores. Crypto processing and compression are off-loaded to the hardware. When the option is disabled, the tenant receives no crypto devices.
  17. To restrict usage of the Bash shell for tenant administrators, set
    Appliance Mode
     to
    Enabled
     (this is
    Disabled
     by default.)
  18. Click
    Save & Close
    .
The tenant is now configured and in the Deployed state. When the status says Running, the tenant administrator can log in to the tenant webUI or CLI using the management IP address (with HTTPS or SSH) and continue configuring the tenant system.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information