Manual Chapter :
Software Installation and Upgrade Overview
Applies To:
Show VersionsF5OS-C
- 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0
Software Installation and Upgrade Overview
Overview: VELOS software installation and
upgrade
The VELOS platform is a modular (chassis and blade) form
factor, designed to meet the needs of large enterprise networking environments that
require the ability to scale and process a large volume of increasing application workloads.
VELOS introduces a new platform layer called F5OS, which is
made up of a system controller component and a chassis partition component.
Your VELOS system comes with a default version of the F5OS pre-installed. To
use new features and software fixes, you will want to periodically upgrade the
software on your system.
F5OS software image layers
There are three layers of software images for VELOS
systems.
- System controller layer
- This software runs on the system controllers only. It is subdivided into operating system (os) and platform services components.
- Chassis partition layer
- This software does not run exclusively on the blades; it runs on the controllers as well. It is subdivided into operating system (os) and platform services components.
- Tenant layer
- This software runs on blades only. Tenants are guest systems running software in a chassis partition (for example, a Classic BIG-IP system). F5 provides different tenant images for different uses.
Installation and upgrade types
There are four types of F5OS software installation/upgrades for VELOS
systems.
- Full system release
- Contains everything needed for the platform layer (that is, the system controllers and the chassis partitions) for a chassis/system.
- Full component release
- Contains the full installation for a specific platform layer (controller.iso and partition.iso), including both host and service components.
- Partial component release
- Contains sub-components of a specific platform layer (host.os or services.img). Partial component releases contain all containers for that release.
- Patch/Hotfix release
- Contains a subset of services/container packages specific for a component (specific os patches or service containers).
Note about appliance mode
The VELOS system can be run in
appliance
mode
. Appliance mode adds a layer of security by restricting user access to root and the
bash shell. When enabled, the root user cannot log in to the device by any means, including from
the serial console. For greater security, it is highly recommended that you
configure the system controllers and chassis partitions to run in appliance mode.
For more information on configuring appliance mode, see
VELOS Systems: Administration and Configuration
in the F5OS
Knowledge Center at support.f5.com. Download and import image files from F5
It is recommended that you have a web server in your
infrastructure which supports HTTPS, has PUT/POST enabled, and has a valid CA signed
certificate. Then you can securely download the tenant image files to the web server,
and import the image files onto your VELOS system.
F5 recommends that you download the
latest F5OS software image files from the F5 downloads site (downloads.f5.com).
- On your management workstation, log in to downloads.f5.com and clickFind a Download.
- In theF5OSarea, clickF5OS (for VELOS).
- Select a software version from the list.
- Click the name of the release with the most recent date.You must accept the software terms and conditions before you can proceed.
- Click the file name <file-name>.<extension>to start the download.Thefile-nameconsists of the platform family and the build number. Theextensiondepends on the file image type (for example, .iso, .os, .img).
- Transfer the image files to a web server in your infrastructure that supports HTTPS.If you download a tar file containing multiple images (rather than an iso, os, or img file), you need to extract the images first before you can import them onto the VELOS system.
- Log in to the command line interface (CLI) of the system controller using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Import the image file to either the system controller or chassis partition that you want to update.The remote host should be an HTTPS server with PUT/POST enabled, and having a valid CA signed certificate is recommended. You can use the insecure option to ignore certificate warnings.Import a file to the system controllerSyntax:Example:file import local-file /var/import/staging/ remote-file <remote-file-path> username <user> password <password> remote-host <ip-address-or-fqdn> remote-port <port-number> [insecure]file import local-file /var/import/staging/ remote-file artifactory/velocity-os-generic-dev/candidate-testing/1.1.0-3354.F5OS-C-1.1.0-Candidate.6599f8d0/results/partition/images/F5OS-C-1.1.0-3354.PARTITION.CANDIDATE.iso remote-host artifactory.f5net.com remote-port 443Import a file to the chassis partitionSyntax:Example:file import [ remote-port <port-number> ] username <user> password <password> remote-host <ip-address-or-fqdn> remote-file <remote-file-path> local-file /var/import/staging [insecure]file import username admin password Vx#28439 remote-host artifactory.company.com remote-file /tmp/BIGIP-bigip14.1.x-miro-14.1.x.x-x.x.xxx.ALL-VELOS.qcow2.zip local-file /var/F5/partition/IMAGES
- To check the file transfer status:file transfer-status file-namelocal-file-path
Download and import tenant image files
It is recommended that you have a web server in your
infrastructure which supports HTTPS, has PUT/POST enabled, and has a valid CA signed
certificate. Then you can securely download the tenant image files to the web server,
and import the image files onto your VELOS system.
F5 recommends that you download the latest tenant
software image files from the F5 downloads site (downloads.f5.com).
- On your management workstation, log in to downloads.f5.com and clickFind a Download.
- Select the F5 tenant software that you want to download.For Classic BIG-IPIn theBIG-IParea, clickBIG-IP v14.1.x TMOS F5OS
- From the list, select the product container that includes VELOS tenant images.F5OS software version 1.1.0 on VELOS supports only BIG-IP software version 14.1.4.
- Click the name of the release with the most recent date.You must accept the software terms and conditions before you can proceed.
- Click the file nameBIGIP-to start the download.1x.x.x-x.x.x.<disk-size-tag>-VELOS.qcow2.zip.bundleThe file name consists of the platform family, build number, and disk size tag (ALL, T1, T2, T3, or T4).
- Transfer the image file to a web server that supports HTTPS.
- Log in to the command line interface (CLI) of the chassis partition using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Import the tenant image file to the chassis partition.The remote host should be an HTTPS server with PUT/POST enabled, and have a valid CA signed certificate. To ignore the certificate warnings, you can use the insecure option.file import [ port <port-number> ] username <user> password <password>remote-host <ip-address-or-fqdn> remote-file <remote-file-path> local-file /var/F5/partition<partition-id>/IMAGES/ [ insecure ]You can use the downloaded image file when deploying a tenant in this partition.If the file import doesn't work, you can alternatively use secure copy (SCP) to copy the tenant image file to the IMAGES directory of the chassis partition. For example:scp BIGIP-1x.x.x-x.x.x.-VELOS.qcow2.zip.bundle admin@<partition-management-ip>:IMAGESYou can log in using admin or any other user with admin privileges.
- Optionally, you can check the status of the file import command.file transfer-status <image-file> <local-file-path>
Overview: VELOS image server
The VELOS system controllers include a built-in image server/PXE
server that stores imported software images. You use this server when you
update a system controller or blade using PXE boot. This enables you to
install an upgrade to a system controller or blade when those components
either do not have an image or need to have software completely
re-installed.
View a list of available images on the system using the
CLI
You can view a list of available images
on the system using the command-line interface (CLI).
- Connect to the system using a management console or console server.The default baud rate and serial port configuration is 19200/8-N-1.
- Log in to the command line interface (CLI) of the system controller or chassis partition using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Show a list of available images.show image [[ partition | controller ] [state [ controllers controller <sys-controller-num> ]] [iso|os|service]]
Show the currently running image on system controllers using
the CLI
You can see which image is
currently running on the system controllers using the command-line interface
(CLI).
- Connect to the system using a management console or console server.The default baud rate and serial port configuration is 19200/8-N-1.
- Log in to the command line interface (CLI) of the system controller or chassis partition using an account with admin access.When you log in to the system, you are in user (operational) mode.
- View the currently-running image on system controllers.You can use the optional arguments to limit the output of the command to software on a specific system controller (that is, controller 1 or 2). In a properly-functioning chassis, both controllers will have the same images running on them. You can also limit the output to image components (that is, iso, os, or services versions).show system image state
Change the image version running on system controllers
using the CLI
You can change which image version is
running on the system controllers using the command-line interface (CLI).
Changing the system controller
software reboots both system controllers and disrupts all network traffic
to the system.
- Connect to the system using a management console or console server.The default baud rate and serial port configuration is 19200/8-N-1.
- Log in to the command line interface (CLI) of the system controller using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Change the image version running on system controllers to a specified iso or os/service version. (For updates from F5OS 1.1.0 or later.)system image set-version < iso-version<version-string>| os-version<version-string>service-version<version-string>| service-version<version-string>| os-version<version-string>>In this example, you select an iso-version only:system image set-version iso-version <version>In this example, you select os-version and service-version only:system image set-version os-version <version> service-version <version>If upgrading from F5OS 1.0 to version 1.1, you need to use this command instead and commit your changes:controller-1(config)# system image config iso-version<iso-version>
- Verify that the new image version is running on your system.show system image stateA summary similar to this example displays:SERVICE ISO NUMBER OS VERSION VERSION VERSION ----------------------------------------- 1 1.2.3-4567 1.2.3-4567 - 2 1.2.3-4567 1.2.3-4567 -
Show the image currently running on partitions using the CLI
You can see which image is currently running on the
chassis partitions using the command-line interface (CLI).
- Connect to the system using a management console or console server.The default baud rate and serial port configuration is 19200/8-N-1.
- Log in to the command line interface (CLI) of the system controller using an account with admin access.When you log in to the system, you are in user (operational) mode.
- View the image currently running on chassis partitions.This command sequence displays, for every image type (ISO, OS, and Service), the chassis partitions with which the image is referenced.show running-config partitions partition <partition-name>
Change the image version running on a chassis partition using
the CLI
You can change which image version
is running on a specified partition using the command-line interface
(CLI).
Changing the chassis partition
software impacts production traffic until all blades and partition
software load the new software.
- Connect to the system using a management console or console server.The default baud rate and serial port configuration is 19200/8-N-1.
- Log in to the command line interface (CLI) of the system controller using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Change the image version running on a chassis partition to a specified version (F5OS 1.1 or later).A valid partition image configuration has either the iso version specified, or both the os and service versions specified. No other combination results in a valid partition image configuration. Chassis partitions that do not have a valid image configuration cannot be enabled. Enabled partitions cannot have invalid image configurations committed.partitions partition<partition-name>set-version < iso-version<version-string>| os-version<version-string>service-version<version-string>| service-version<version-string>| os-version<version-string>>In this example, you set the service version to version 1.2.0-1903:syscon-1-active(config)# partitions partition default set-version service-version 1.2.0-1903 result Version update successful.
The system shuts down and restarts
partition software components immediately, as applicable. This also reboots
all blades that are a part of this partition.
Prerequisites for installation/upgrade
This lists a high-level overview of tasks that
you should complete before you install or upgrade the F5OS software on your VELOS
system.
Task |
Action |
---|---|
Configure the front-panel management port on the
system controller. |
For more information, see the
platform guide for your VELOS platform at support.f5.com/csp/knowledge-center/hardware. |
Connect the system controller to a serial console
server. |
Use these default serial port
settings:
|
Configure basic management
settings |
For more information, see the
"Network Settings" section. |
Verify that rsync is installed on the remote server where installation images
are stored; this is required to import images onto the system
controller. |
For more information, see the rsync documentation (rsync.samba.org). |
Update/reactivate your system license, if needed, to
ensure that you have a valid service check date. |
For more information, see "K7727:
License activation may be required before a software upgrade
for the BIG-IP or Enterprise Manager system" (support.f5.com/csp/article/K7727). |
Save the system controller user configuration. |
Create a backup of the system
controller configuration: system database
config-backup name ccs_backup Configuration file backups are at
/mnt/var/confd/configs .Export the configuration file: file export |
Save the chassis partition user configuration. |
Create a backup of the chassis partition configuration: system database
config-backup name
default-partition-backup Configuration file backups are
here: /var/F5/partition/configs/ Export the configuration file: file export |
Save the tenant user configuration. |
For BIG-IP tenants: Create a
backup for each running tenant: save sys ucs <filename> Move these backup files to a safe
location off of the tenant, since the tenant will be
formatted:
Consider naming the files to
associate them with the appropriate tenants. For information about saving a BIG-IP
system UCS file, see support.f5.com/csp/article/K9420. |
Move backup configuration files to a safe location off
of the unit. |
Copy all backup files to your
preferred external storage device. |
Get a USB flash drive (minimum 8GB); only needed if
using the USB method for performing a clean
installation. |
Verify that the drive is fully
seated and flush in the USB port. For security purposes, the USB port on the system
controller is disabled by default. You can use Always-On
Management (AOM) to enable the front panel USB port. For
more information, see the platform guide for your VELOS
platform at support.f5.com/csp/knowledge-center/hardware. |
Network settings
Before you perform a software
installation/upgrade, verify that you have configured network settings by logging
in to the system controller from a management console using an admin account and
running these commands on the command-line interface (CLI). When you log in to the
system, you are in user mode. Before you can complete configuration tasks, you
must first change to config mode by typing
config
. You can type a
question mark (?
) or
press the Tab key to see possible command completions in the CLI.Be sure to commit all
changes.
Task |
Configure |
Verify |
---|---|---|
Enable DHCP If you do not
enable DHCP, you must manually configure the system
controllers' fixed IP addresses, prefix, gateway, and
DNS. |
system mgmt-ip config
dhcp-enabled true |
show running-config
system mgmt-ip config dhcp-enabled |
Configure a static management IP
address for controller-1 |
system mgmt-ip config
ipv4 controller-1 address 192.0.2.10 |
show
running-config system mgmt-ip |
Configure a static management IP
address for controller-2 |
system mgmt-ip config
ipv4 controller-2 address 192.0.2.11 |
|
Configure a static floating
management IP address |
system mgmt-ip config
ipv4 floating address 192.0.2.15
|
|
Configure a prefix length for a
static floating IP address |
system mgmt-ip config
ipv4 prefix-length 20 |
|
Configure a gateway for a static
floating IP address |
system mgmt-ip config
ipv4 gateway 192.0.2.254 |
|
Configure a DNS server |
system dns servers
server 192.0.2.1 config address
192.0.2.1 |
show running-config
system dns |
Configure an NTP server |
system ntp servers
servers < server_name > config address
<server_address > |
show running-config
system ntp |
Licensing the system automatically using the CLI
For automatic VELOS system licensing, the system
needs to be able to connect to the F5 licensing server either through the Internet or
another means of networking. You need to have the Base Registration Key (five sets of
characters separated by hyphens) provided by F5, and any add-on keys (two sets of 7
characters separated by a hyphen) that you have purchased. The Base Registration Key
with associated add-on keys are pre-installed on a new VELOS system.
You can activate the VELOS system license
automatically using the command-line interface (CLI).
- Connect using SSH to the system controller floating management IP address.
- Log in to the command line interface (CLI) of the system controller using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Apply a license to the chassis.system licensing install [registration-key <key>]The registration key is optional. If it is not included, the system uses the one already pre-installed. If no registration key is found, you receive an error.Example:syscon-1-active(config)# system licensing install registration-key I1234-12345-12345-12345-1234567 result License installed successfully. syscon-1-active(config)#
- Apply any add-on keys.system licensing install add-on-keys <add-on-keys>Example:syscon-1-active(config)# system licensing install add-on-keys [1234567-1234567 2345678-2345678 3456789-3456789] result License installed successfully. syscon-1-active(config)#This example enables the additional features associated with the 3 add-on-keys along with the entitlements of the base registration key.
The VELOS system is licensed. The license and any
add-on keys apply to all partitions and classic BIG-IP tenants.