Manual Chapter : Software Installation and Upgrade Overview

Applies To:

Show Versions Show Versions

F5OS

  • 1.1.1, 1.1.0
Manual Chapter

Software Installation and Upgrade Overview

Overview: VELOS software installation and upgrade

The VELOS platform is a modular (chassis and blade) form factor, designed to meet the needs of large enterprise networking environments that require the ability to scale and process a large volume of increasing application workloads.
VELOS introduces a new platform layer called F5OS, which is made up of a system controller component and a chassis partition component. Your VELOS system comes with a default version of the F5OS pre-installed. To use new features and software fixes, you will want to periodically upgrade the software on your system.

F5OS software image layers

There are three layers of software images for VELOS systems.
System controller layer
This software runs on the system controllers only. It is subdivided into operating system (os) and platform services components.
Chassis partition layer
This software does not run exclusively on the blades; it runs on the controllers as well. It is subdivided into operating system (os) and platform services components.
Tenant layer
This software runs on blades only. Tenants are guest systems running software in a chassis partition (for example, a Classic BIG-IP system). F5 provides different tenant images for different uses.

Installation and upgrade types

There are four types of F5OS software installation/upgrades for VELOS systems.
Full system release
Contains everything needed for the platform layer (that is, the system controllers and the chassis partitions) for a chassis/system.
Full component release
Contains the full installation for a specific platform layer (controller.iso and partition.iso), including both host and service components.
Partial component release
Contains sub-components of a specific platform layer (host.os or services.img). Partial component releases contain all containers for that release.
Patch/Hotfix release
Contains a subset of services/container packages specific for a component (specific os patches or service containers).

Note about appliance mode

The VELOS system can be run in
appliance mode
. Appliance mode adds a layer of security by restricting user access to root and the bash shell. When enabled, the root user cannot log in to the device by any means, including from the serial console.
For greater security, it is highly recommended that you configure the system controllers and chassis partitions to run in appliance mode.
For more information on configuring appliance mode, see
VELOS Systems: Administration and Configuration
in the F5OS Knowledge Center at support.f5.com.

Download and import image files from F5

It is recommended that you have a web server in your infrastructure which supports HTTPS, has PUT/POST enabled, and has a valid CA signed certificate. Then you can securely download the tenant image files to the web server, and import the image files onto your VELOS system.
F5 recommends that you download the latest F5OS software image files from the F5 downloads site (downloads.f5.com).
  1. On your management workstation, log in to downloads.f5.com and click
    Find a Download
    .
  2. In the
    F5OS
    area, click
    F5OS (for VELOS)
    .
  3. Select a software version from the list.
  4. Click the name of the release with the most recent date.
    You must accept the software terms and conditions before you can proceed.
  5. Click the file name <
    file-name
    >.<
    extension>
    to start the download.
    The
    file-name
    consists of the platform family and the build number. The
    extension
    depends on the file image type (for example, .iso, .os, .img).
  6. Transfer the image files to a web server in your infrastructure that supports HTTPS.
    If you download a tar file containing multiple images (rather than an iso, os, or img file), you need to extract the images first before you can import them onto the VELOS system.
  7. Log in to the command line interface (CLI) of the system controller using an account with admin access.
    When you log in to the system, you are in user (operational) mode.
  8. Import the image file to either the system controller or chassis partition that you want to update.
    The remote host should be an HTTPS server with PUT/POST enabled, and having a valid CA signed certificate is recommended. You can use the insecure option to ignore certificate warnings.
    Import a file to the system controller
    Syntax:
    file import local-file /var/import/staging/ remote-file <
    remote-file-path
    > username <
    user
    > password <
    password
    > remote-host <
    ip-address-or-fqdn
    > remote-port <
    port-number
    > [insecure]
    Example:
    file import local-file /var/import/staging/ remote-file artifactory/velocity-os-generic-dev/candidate-testing/1.1.0-3354.F5OS-C-1.1.0-Candidate.6599f8d0/results/partition/images/F5OS-C-1.1.0-3354.PARTITION.CANDIDATE.iso remote-host artifactory.f5net.com remote-port 443
    Import a file to the chassis partition
    Syntax:
    file import [ remote-port <
    port-number
    > ] username <
    user
    > password <
    password
    > remote-host <
    ip-address-or-fqdn
    > remote-file <
    remote-file-path
    > local-file /var/import/staging [insecure]
    Example:
    file import username admin password Vx#28439 remote-host artifactory.company.com remote-file /tmp/BIGIP-bigip14.1.x-miro-14.1.x.x-x.x.xxx.ALL-VELOS.qcow2.zip local-file /var/F5/partition/IMAGES
  9. To check the file transfer status:
    file transfer-status file-name
    local-file-path

Download and import tenant image files

It is recommended that you have a web server in your infrastructure which supports HTTPS, has PUT/POST enabled, and has a valid CA signed certificate. Then you can securely download the tenant image files to the web server, and import the image files onto your VELOS system.
F5 recommends that you download the latest tenant software image files from the F5 downloads site (downloads.f5.com).
  1. On your management workstation, log in to downloads.f5.com and click
    Find a Download
    .
  2. Select the F5 tenant software that you want to download.
    For Classic BIG-IP
    In the
    BIG-IP
    area, click
    BIG-IP v14.1.x TMOS F5OS
  3. From the list, select the product container that includes VELOS tenant images.
    F5OS software version 1.1.0 on VELOS supports only BIG-IP software version 14.1.4.
  4. Click the name of the release with the most recent date.
    You must accept the software terms and conditions before you can proceed.
  5. Click the file name
    BIGIP-
    1x.x.x-x.x.x
    .<
    disk-size-tag
    >-VELOS.qcow2.zip.bundle
    to start the download.
    The file name consists of the platform family, build number, and disk size tag (ALL, T1, T2, T3, or T4).
  6. Transfer the image file to a web server that supports HTTPS.
  7. Log in to the command line interface (CLI) of the chassis partition using an account with admin access.
    When you log in to the system, you are in user (operational) mode.
  8. Import the tenant image file to the chassis partition.
    The remote host should be an HTTPS server with PUT/POST enabled, and have a valid CA signed certificate. To ignore the certificate warnings, you can use the insecure option.
    file import [ port <
    port-number
    > ] username <
    user
    > password <
    password
    >remote-host <
    ip-address-or-fqdn
    > remote-file <
    remote-file-path
    > local-file /var/F5/partition<
    partition-id
    >/IMAGES/ [ insecure ]
    You can use the downloaded image file when deploying a tenant in this partition.
    If, for any reason, the file import doesn't work, you can alternatively use secure copy (SCP) to copy the tenant image file to the IMAGES directory of the chassis partition. For example:
    scp BIGIP-1x.x.x-x.x.x.-VELOS.qcow2.zip.bundle admin@<partition-management-ip>:IMAGES
    You can log in using admin or any other user with admin privileges.
  9. Optionally, you can check the status of the file import command.
    file transfer-status <image-file> <local-file-path>

Overview: VELOS image server

The VELOS system controllers include a built-in image server/PXE server that stores imported software images. You use this server when you update a system controller or blade using PXE boot. This enables you to install an upgrade to a system controller or blade when those components either do not have an image or need to have software completely re-installed.

View a list of available images on the system using the CLI

You can view a list of available images on the system using the command-line interface (CLI).
  1. Connect to a management console or console server.
    The default baud rate and serial port configuration is 19200/8-N-1.
  2. Log in to the command line interface (CLI) of the system controller or chassis partition using an account with admin access.
    When you log in to the system, you are in user (operational) mode.
  3. Show a list of available images.
    show image [[ partition | controller ] [state [ controllers controller <
    sys-controller-num
    > ]] [
    iso
    |
    os
    |
    service
    ]]

Show the currently running image on system controllers using the CLI

You can see which image is currently running on the system controllers using the command-line interface (CLI).
  1. Connect to a management console or console server.
    The default baud rate and serial port configuration is 19200/8-N-1.
  2. Log in to the command line interface (CLI) of the system controller or chassis partition using an account with admin access.
    When you log in to the system, you are in user (operational) mode.
  3. View the currently-running image on system controllers.
    You can use the optional arguments to limit the output of the command to software on a specific system controller (that is, controller 1 or 2). In a properly-functioning chassis, both controllers will have the same images running on them. You can also limit the output to image components (that is, iso, os, or services versions).
    show system image state

Change the image version running on system controllers using the CLI

You can change which image version is running on the system controllers using the command-line interface (CLI).
Changing the system controller software reboots both system controllers and disrupts all network traffic to the system.
  1. Connect to a management console or console server.
    The default baud rate and serial port configuration is 19200/8-N-1.
  2. Log in to the command line interface (CLI) of the system controller using an account with admin access.
    When you log in to the system, you are in user (operational) mode.
  3. Change to config mode.
    config
    The CLI prompt changes to include
    (config)
    .
  4. Change the image version running on system controllers to a specified iso or os/service version. (For updates from F5OS 1.1.0 or later.)
    system image set-version < iso-version
    <version-string>
    | os-version
    <version-string>
    service-version
    <version-string>
    | service-version
    <version-string>
    | os-version
    <version-string>
    >
    In this example, you select an iso-version only:
    system image set-version iso-version <
    version
    >
    In this example, you select os-version and service-version only:
    system image set-version os-version <
    version
    > service-version <
    version
    >
    If upgrading from F5OS 1.0 to version 1.1, you need to use the following command instead:
    controller-2(config)# system image config iso-version
    <iso-version>
    controller-2(config)# commit
  5. Verify that the new image version is running on your system.
    show system image state
    A summary similar to this example displays:
    SERVICE ISO NUMBER OS VERSION VERSION VERSION ----------------------------------------- 1 1.2.3-4567 1.2.3-4567 - 2 1.2.3-4567 1.2.3-4567 -

Show the image currently running on partitions using the CLI

You can see which image is currently running on the chassis partitions using the command-line interface (CLI).
  1. Connect to a management console or console server.
    The default baud rate and serial port configuration is 19200/8-N-1.
  2. Log in to the command line interface (CLI) of the system controller using an account with admin access.
    When you log in to the system, you are in user (operational) mode.
  3. View the image currently running on chassis partitions.
    This command sequence displays, for every image type (ISO, OS, and Service), the chassis partitions with which the image is referenced.
    show running-config partitions partition <
    partition-name
    >

Change the image version running on a chassis partition using the CLI

You can change which image version is running on a specified partition using the command-line interface (CLI).
Changing the chassis partition software impacts production traffic until all blades and partition software load the new software.
  1. Connect to a management console or console server.
    The default baud rate and serial port configuration is 19200/8-N-1.
  2. Log in to the command line interface (CLI) of the system controller using an account with admin access.
    When you log in to the system, you are in user (operational) mode.
  3. Change to config mode.
    config
    The CLI prompt changes to include
    (config)
    .
  4. Change the image version running on a chassis partition to a specified version (F5OS 1.1 or later).
    A valid partition image configuration has either the iso version specified, or both the os and service versions specified. No other combination results in a valid partition image configuration. Chassis partitions that do not have a valid image configuration cannot be enabled. Enabled partitions cannot have invalid image configurations committed.
    partitions partition
    <partition-name>
    set-version < iso-version
    <version-string>
    | os-version
    <version-string>
    service-version
    <version-string>
    | service-version
    <version-string>
    | os-version
    <version-string>
    >
    In this example, you set the service version to version 1.2.0-1903:
    syscon-1-active(config)# partitions partition default set-version service-version 1.2.0-1903 result Version update successful.
The system shuts down and restarts partition software components immediately, as applicable. This also reboots all blades that are a part of this partition.

Prerequisites for installation/upgrade

This lists a high-level overview of tasks that you should complete before you install or upgrade the F5OS software on your VELOS system.
Task
Action
Configure the front-panel management port on the system controller.
For more information, see the platform guide for your VELOS platform at support.f5.com/csp/knowledge-center/hardware.
Connect the system controller to a serial console server.
Use these default serial port settings:
  • Baud rate: 19200
  • Data bits: 8
  • Stop bits: 1
  • Parity: None
  • Flow control: None
Configure basic management settings
For more information, see the "Network Settings" section.
Verify that rsync is installed on the remote server where installation images are stored; this is required to import images onto the system controller.
For more information, see the rsync documentation (rsync.samba.org).
Update/reactivate your system license, if needed, to ensure that you have a valid service check date.
For more information, see "K7727: License activation may be required before a software upgrade for the BIG-IP or Enterprise Manager system" (support.f5.com/csp/article/K7727).
Save the system controller user configuration.
Create a backup of the system controller configuration:
system database config-backup name ccs_backup
Configuration file backups are at
/mnt/var/confd/configs
.
Export the configuration file:
file export
Save the chassis partition user configuration.
Create a backup of the chassis partition configuration:
system database config-backup name default-partition-backup
Configuration file backups are here:
/var/F5/partition/configs/
Export the configuration file:
file export
Save the tenant user configuration.
For BIG-IP tenants:
Create a backup for each running tenant:
save sys ucs <filename>
Move these backup files to a safe location off of the tenant, since the tenant will be formatted:
  • /config/bigip.conf
  • /config/bigip_base.conf
  • /config/bigip_user.conf (optional)
Consider naming the files to associate them with the appropriate tenants.
For information about saving a BIG-IP system UCS file, see support.f5.com/csp/article/K9420.
Move backup configuration files to a safe location off of the unit.
Copy all backup files to your preferred external storage device.
Get a USB flash drive (minimum 8GB); only needed if using the USB method for performing a clean installation.
Verify that the drive is fully seated and flush in the USB port.
For security purposes, the USB port on the system controller is disabled by default. You can use Always-On Management (AOM) to enable the front panel USB port. For more information, see the platform guide for your VELOS platform at support.f5.com/csp/knowledge-center/hardware.

Network settings

Before you perform a software installation/upgrade, verify that you have configured network settings by logging in to the system controller from a management console using an admin account and running these commands on the command-line interface (CLI). When you log in to the system, you are in user mode. Before you can complete configuration tasks, you must first change to config mode by typing
config
. You can type a question mark (
?
) or press the Tab key to see possible command completions in the CLI.
Be sure to commit all changes.
Task
Configure
Verify
Enable DHCP
If you do not enable DHCP, you must manually configure the system controllers' fixed IP addresses, prefix, gateway, and DNS.
system mgmt-ip config dhcp-enabled true
show running-config system mgmt-ip config dhcp-enabled
Configure a static management IP address for controller-1
system mgmt-ip config ipv4 controller-1 address 192.0.2.10
show running-config system mgmt-ip
Configure a static management IP address for controller-2
system mgmt-ip config ipv4 controller-2 address 192.0.2.11
Configure a static floating management IP address
system mgmt-ip config ipv4 floating address 192.0.2.15
Configure a prefix length for a static floating IP address
system mgmt-ip config ipv4 prefix-length 20
Configure a gateway for a static floating IP address
system mgmt-ip config ipv4 gateway 192.0.2.254
Configure a DNS server
system dns servers server 192.0.2.1 config address 192.0.2.1
show running-config system dns
Configure an NTP server
system ntp servers servers <
server_name
> config address <
server_address
>
show running-config system ntp

Licensing the system automatically using the CLI

For automatic VELOS system licensing, the system needs to be able to connect to the F5 licensing server either through the Internet or another means of networking. You need to have the Base Registration Key (five sets of characters separated by hyphens) provided by F5, and any add-on keys (two sets of 7 characters separated by a hyphen) that you have purchased. The Base Registration Key with associated add-on keys are pre-installed on a new VELOS system.
You can activate the VELOS system license automatically using the command-line interface (CLI).
  1. Connect using SSH to the system controller floating management IP address.
  2. Log in to the command line interface (CLI) of the system controller using an account with admin access.
    When you log in to the system, you are in user (operational) mode.
  3. Change to config mode.
    config
    The CLI prompt changes to include
    (config)
    .
  4. Apply a license to the chassis.
    system licensing install [registration-key <
    key
    >]
    The registration key is optional. If it is not included, the system uses the one already pre-installed. If no registration key is found, you receive an error.
    Example:
    syscon-1-active(config)# system licensing install registration-key I1234-12345-12345-12345-1234567 result License installed successfully. syscon-1-active(config)#
  5. Apply any add-on keys.
    system licensing install add-on-keys <
    add-on-keys
    >
    Example:
    syscon-1-active(config)# system licensing install add-on-keys [1234567-1234567 2345678-2345678 3456789-3456789] result License installed successfully. syscon-1-active(config)#
    This example enables the additional features associated with the 3 add-on-keys along with the entitlements of the base registration key.
The VELOS system is licensed. The license and any add-on keys apply to all partitions and classic BIG-IP tenants.