I did a upgrade of our ACI Lab Fabric last week and documented all the steps. The upgrade is really straightforward, but hopefully this guide still helps you 🙂
First you have to catch the desired Software, get them directly from cisco. You need APIC Release image for 1.0(3f) release (aci-apic-dk9.1.0.3f.iso) and the Cisco Nexus 9000 Series ACI Mode Switch Software Release 11.0(3f) (aci-n9000-dk9.11.0.3f.bin). Get them here:
Cisco ACI Version 1.0(3f)
I always check the MD5 sum, just to be sure that everything went right with my download.
$ md5 aci-apic-dk9.1.0.3f.iso MD5 (aci-apic-dk9.1.0.3f.iso) = 6e747378ec4225ead0f27cb23aa54f02
Cisco ACI 1.0(3f) MD5 Hash
The MD5 hash looks right. Check the same for the Nexus 9000 Image!
Upgrade of the APIC Controllers
We start with the upgrade of the APIC Controller, all APIC Controllers of your Fabric have to be upgraded first.
I did the whole upgrade through CLI, it’s also possible with the GUI but i prefer the CLI way.
- Copy the Software to the APIC Controller
admin@aci-lab-apic01:~> scp richy@10.32.32.179:Downloads/aci-apic-dk9.1.0.3f.iso . Password: aci-apic-dk9.1.0.3f.iso 100% 3175MB 102.4MB/s 00:31
Hint: Maybe you need an additional ‘/’ after the ‘:’ like ‘user@host:/path’
Thanks @Jonas Walker for the information!
- Add the new firmware to the repository
admin@aci-lab-apic01:~> firmware add aci-apic-dk9.1.0.3f.iso Firmware Image aci-apic-dk9.1.0.3f.iso is added to the repository
- After adding the new firmware, it’s “removed” from the upload directory
admin@aci-lab-apic01:~> ls aci debug mit
- Wait a couple of seconds and you can now see the new added firmware in the repository
admin@aci-lab-apic01:~> firmware list Name : aci-apic-dk9.1.0.3f.bin Type : controller Version : 1.0(3f) Size(Bytes) : 3329372160 Release-Date : 2015-02-10T03:46:53.000+02:00 Download-Date : 2015-02-18T16:37:29.580+02:00 Name : aci-catalog-dk9.1.0.3f.bin Type : catalog Version : 1.0(3f) Size(Bytes) : 18064 Release-Date : 2015-02-10T02:27:12.000+02:00 Download-Date : 2015-02-18T16:37:31.554+02:00 Name : aci-catalog-dk9.1.0.2j.bin Type : catalog Version : 1.0(2j) Size(Bytes) : 17493 Release-Date : 2014-11-11T18:58:18.000+02:00 Download-Date : 2015-01-31T05:57:47.354+02:00
- Now you can start the controller upgrade, it’s automatically done on all APIC Controllers, one at a time
admin@aci-lab-apic01:~> firmware upgrade controllers aci-apic-dk9.1.0.3f.bin Firmware Upgrade on Controllers has been scheduled. The upgrade will be performed on one controller at a time in the background. To check the upgrade status, use 'firmware upgrade status node <node-id>'
- Then you can check the status of the upgrade
admin@aci-lab-apic01:~> firmware upgrade status Node-Id Role Current-Firmware Target-Firmware Upgrade-Status Progress-Percent(if inprogress) ---------------------------------------------------------------------------------------------------------------------- <strong>1 controller 1.0(2j) apic-1.0(3f) inqueue 0</strong> 101 spine n9000-11.0(2j) notscheduled 0 111 leaf n9000-11.0(2j) notscheduled 0 112 leaf n9000-11.0(2j) notscheduled 0 Legend: notscheduled - Upgrade has NOT been scheduled scheduled - Upgrade has been scheduled at a future time queued - Node is waiting for token from scheduler(permission to upgrade) inprogress - Image installation is currently in progress on node completeok - Upgrade successful completenok - Upgrade failed unknown - Node unreachable
- After some minutes
admin@aci-lab-apic01:~> firmware upgrade status Node-Id Role Current-Firmware Target-Firmware Upgrade-Status Progress-Percent(if inprogress) ---------------------------------------------------------------------------------------------------------------------- <strong>1 controller 1.0(2j) apic-1.0(3f) inprogress 75 </strong>101 spine n9000-11.0(2j) notscheduled 0 111 leaf n9000-11.0(2j) notscheduled 0 112 leaf n9000-11.0(2j) notscheduled 0
- The Controllers do an automatic reboot, so if you just have one APIC in your Fabric, you definitely will be kicked off
admin@aci-lab-apic01:~> Broadcast message from root@aci-lab-apic01 (unknown) at 15:47 ... The system is going down for reboot NOW!
- As soon as the APIC Controller is back up you can check the firmware upgrade status
admin@aci-lab-apic01:~> firmware upgrade status node 1 Node-Id Role Current-Firmware Target-Firmware Upgrade-Status Progress-Percent(if inprogress) ---------------------------------------------------------------------------------------------------------------------- 1 controller apic-1.0(3f) apic-1.0(3f) completeok 100
Upgrade of the Nexus 9000 Spine and Leaf switches
After all the Fabric Controllers are updated, you can proceed to upgrade your Nexus 9000 Spine and Leaf Switches.
- Copy the Nexus 9000 Software to the APIC Controller
admin@aci-lab-apic01:~> scp richy@10.32.32.179:Downloads/aci-n9000-dk9.11.0.3f.bin . Password: aci-n9000-dk9.11.0.3f.bin 100% 495MB 99.1MB/s 00:05
- Also add the Nexus 9000 Software to the Firmware Repository
admin@aci-lab-apic01:~> firmware add aci-n9000-dk9.11.0.3f.bin Firmware Image aci-n9000-dk9.11.0.3f.bin is added to the repository
- Check that the software was added succesfully to the repository
admin@aci-lab-apic01:~> firmware list Name : aci-n9000-dk9.11.0.3f.bin Type : switch Version : 11.0(3f) Size(Bytes) : 519376842 Release-Date : 2015-02-10T02:47:47.000+01:00 Download-Date : 2015-02-18T15:53:28.874+01:00
- You now can start the upgrade on the switches, in a production environment you should split the upgrade to make it undisruptive. As this is just my lab, i booted all the switches at the same time
admin@aci-lab-apic01:~> firmware upgrade switch node 101 aci-n9000-dk9.11.0.3f.bin Firmware Installation on Switch Scheduled To check the upgrade status, use 'firmware upgrade status node <node-id>' admin@aci-lab-apic01:~> firmware upgrade switch node 111 aci-n9000-dk9.11.0.3f.bin Firmware Installation on Switch Scheduled To check the upgrade status, use 'firmware upgrade status node <node-id>' admin@aci-lab-apic01:~> firmware upgrade switch node 112 aci-n9000-dk9.11.0.3f.bin Firmware Installation on Switch Scheduled To check the upgrade status, use 'firmware upgrade status node <node-id>'
- You can check the upgrade status with the same command here
admin@aci-lab-apic01:~> firmware upgrade status Node-Id Role Current-Firmware Target-Firmware Upgrade-Status Progress-Percent(if inprogress) ---------------------------------------------------------------------------------------------------------------------- 1 controller apic-1.0(3f) apic-1.0(3f) completeok 100 101 spine n9000-11.0(2j) n9000-11.0(3f) inprogress 5 111 leaf n9000-11.0(2j) n9000-11.0(3f) inprogress 5 112 leaf n9000-11.0(2j) n9000-11.0(3f) inprogress 5
- The switches also do an automatic reboot after the upgrade
admin@aci-lab-apic01:~> firmware upgrade status Node-Id Role Current-Firmware Target-Firmware Upgrade-Status Progress-Percent(if inprogress) ---------------------------------------------------------------------------------------------------------------------- 1 controller apic-1.0(3f) apic-1.0(3f) completeok 100 101 spine unknown unknown unknown unknown 111 leaf unknown unknown unknown unknown 112 leaf unknown unknown unknown unknown
- After all the switches booted, you should see them all with a status of “completeok”
admin@aci-lab-apic01:~> firmware upgrade status Node-Id Role Current-Firmware Target-Firmware Upgrade-Status Progress-Percent(if inprogress) ---------------------------------------------------------------------------------------------------------------------- 1 controller apic-1.0(3f) apic-1.0(3f) completeok 100 101 spine n9000-11.0(3f) n9000-11.0(3f) completeok 100 111 leaf n9000-11.0(3f) n9000-11.0(3f) completeok 100 112 leaf n9000-11.0(3f) n9000-11.0(3f) completeok 100
- Final check of the current software version
admin@aci-lab-apic01:~> show version # Executing command: 'version' node type node id node name version ---------- ------- --------------- -------------- controller 1 aci-lab-apic01 1.0(3f) spine 101 aci-lab-spine01 n9000-11.0(3f) leaf 111 aci-lab-leaf01 n9000-11.0(3f) leaf 112 aci-lab-leaf02 n9000-11.0(3f)
Great tutorial. Worked perfect.
FYI: there is ” / ” missing after the “:” in the first command:
“scp richy@10.32.32.179:Downloads/aci-apic-dk9.1.0.3f.iso “
Hi Jonas,
Awesome to see someone from cisco reading the blog 🙂
Thanks for your input, i just double checked it on my setup, and for me it works only without the slash.
I think this is related to your home directory, and ‘Downloads’ is a subdirectory of my ‘~’. Maybe this is different in your setup?
Regards
Richard
We are trying to download the exact same image, but are getting a “stalled” result.
What SCP server are you using?
Hi Daniel,
I used my Mac as SCP, worked without a problem.
Where you able to find a solution?
Cheers
Richard
Hi Richard,
I am getting the below error.
admin@APIC1:~> firmware upgrade status node 101
Node-Id Role Current-Firmware Target-Firmware Upgrade-Status Progress-Percent(if inprogress)
———————————————————————————————————————-
101 leaf n9000-11.0(2j) n9000-11.0(4h) inretryqueue 0
Hi Subash,
Does the switch stuck in this state?
Did the APIC Upgrade itself work without a problem?
Regards
Richard