cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
45631
Views
147
Helpful
22
Replies

Cisco CSSM || Smart Satellite upgrade process Version 8 Release 202102

James Hawkins
Level 8
Level 8

Has anyone had any luck upgrading CSSM On_Premise to the latest version?

In previous versions I think you were able to upload the required files to the /var/files/patches directory using WinSCP or similar.

Now when you try that you get a permission denied response.

 

The install guide says the process is to go into onprem-console mode and then copy the files off an SCP server using the command below:

 

copy <your username>@<your remote host>.com:/path/SSM_On-Prem-8-202102_upgrade.sh patches:

 

I tried this using a Windows SCP server (BitVise) and got a failure message saying the following:

 

Operating in CiscoSSL FIPS mode
FIPS mode initialized
Unable to negotiate with 10.0.4.245 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

 

I tried a different Windows SCP server (Solarwinds) and am now getting the failure message below:

 

Operating in CiscoSSL FIPS mode
FIPS mode initialized
Warning: Permanently added '10.0.4.245' (RSA) to the list of known hosts.
ssh_dispatch_run_fatal: Connection to 10.0.4.245 port 22: incorrect signature

 

It looks like the server has saved the SSH key used by the first SCP server software I tried and will not allow the second server to be used because the key is different.

There do not seem to be any commands to clear the cached keys available - I guess I could boot from a CentOS ISO and try to work out how to do that but I am very angry that Cisco have made this whole process so unnecessarily difficult - how this software made it through testing baffles me.

 

If anyone has any recommendations for an SCP server that might work to upload the patches please let me know and, if anyone can give guidance on how to clear cached SSH keys please share that too.

 

Thanks

1 Accepted Solution

Accepted Solutions

FYI this is the process that we use to update our on-prem SSM.

  1. Login to SSMS system via CLI.
  2. Enter management console with command
    onprem-console
  3. Backup system with command
    database_backup
  4. Connect to SSMS system with SCP client. !!See note!!
  5. Copy backup from backup folder /var/files/backups to an off system storage with a SCP client.
  6. Copy update files stored on off system storage to the system with a SCP client to patch folder /var/files/patches
  7. Update system with the command
    upgrade patches:SSM_On-Prem_upgrade-8-202105-2106091157.sh
  8. Verify system functionality.

Note: From experience it seems to be working best to use WinSCP and have the protocol set to SCP.



Response Signature


View solution in original post

22 Replies 22

Before upgrading to 8 2020102 have a look on below bug ID.

 

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy48103

 



Response Signature


Thanks,

So if I managed to upgrade it would break my CUCM licensing!

I appreciate the warning. On premise CSSM just does not seem to be ready for operational use.

The reason that I was trying to upgrade was to support CUBE v14 licenses which use the License by Policy model.

I am spending more time battling license issues than actually doing anything productive at the moment. It is so disheartening watching Cisco make such a mess of this. I have been a CCIE for nearly 20 years and have worked with Cisco products for more than 25 years and am losing faith in both their products and their ability to deliver services.

Nice of Cisco to label this defect as fixed and still there is no workaround listed. Amazing! Just got to love them for doing something so hard. No such thing as an easy stretch with Cisco and licensing.



Response Signature


The fix is on version 8-202105, posted just 5 days ago, the bug should have been updated to show fixed releases.

 

Version 8 Release 20210includes these important fixes from previous releases

UC Applications and Prime infrastructure registrations fails after upgrading to SSM On-Prem version 8-202102

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy48103

HTH

java

if this helps, please rate

Good to hear Java.

FYI the link part in your answer is incomplete and the defect lists zero fixed releases.



Response Signature


8-202105 Release note confirm its fixed. 

 

 

Screenshot 2021-06-15 at 9.59.44 PM.png



Response Signature


FYI this is the process that we use to update our on-prem SSM.

  1. Login to SSMS system via CLI.
  2. Enter management console with command
    onprem-console
  3. Backup system with command
    database_backup
  4. Connect to SSMS system with SCP client. !!See note!!
  5. Copy backup from backup folder /var/files/backups to an off system storage with a SCP client.
  6. Copy update files stored on off system storage to the system with a SCP client to patch folder /var/files/patches
  7. Update system with the command
    upgrade patches:SSM_On-Prem_upgrade-8-202105-2106091157.sh
  8. Verify system functionality.

Note: From experience it seems to be working best to use WinSCP and have the protocol set to SCP.



Response Signature


Thanks Roger,

I managed to get the system upgraded yesterday after a lot of trial and error and followed a similar process to what you shared but with a few extra steps.

I used WinSCP to upload the patch files to the server. I was unable to upload to the var/files/patches directory due to a permissions error.

I was able to upload to the /tmp directory but the files were truncated.

 

Using sudo -s to enter root mode I ran df -h and saw that the /tmp directory was limited to 2GB so the files were not fully transferred.

I saw that /var had plenty of space and so used WinSCP to upload the files to /var/tmp. I was then able to move the files to the /var/files/patches directory.

 

Having done that I went in onprem-console mode and was able to upgrade the server.

 

One other gotcha I encountered was that WinSCP uploads files with a .part file extension and then renames them once fully uploaded. This renaming failed so I turned it off as detailed in the article linked below.

https://kb.globalscape.com/KnowledgebaseArticle11342.aspx 

 

It would be interesting to know if other people see the same issues that I did with file permissions. If they do hopefully what I have shared will be of use.

Thanks everyone for responding to the thread.

 

I am having the exact same issues. I was able to get the files into the /var/tmp directory, but I receive the same access denied error when I tried to move them into the patches directory.

 

It seems that no matter what I try, I can't get the files into the patches directory. 

If you use the same procedure as I’ve outlined you would not put any file(s) in the tmp folder. Please try to follow it and see how it goes.

What user do you use to connect with the system in WinSCP? I’ve always used “admin” that was created during initial setup of the system. Please note that there seems to actually be two users that is named “admin”, one of them have access to the CLI and the other have access to the webUI.



Response Signature


Thank you for the reply. No matter how I try to copy the upgrade files to the Patches directory, the admin account does not appear to have write privileges and the copy operation fails.

 

Edit to add: The server is in the DISA STIG mode and WinSCP will only connect via SFTP, SCP protocol is not allowed evidentially. 

Hi,

If you have the files on the server you should be able to move them to going into sudo mode by typing "sudo -s", changing directory to the directory to where you have uploaded the files and then using the Linux mv command to move the files as shown in the example below.

 

mv SSM_On-Prem_upgrade-8-202105-2106091157.sh /var/files/patches/

mv SSM_On-Prem_upgrade-8-202105-2106091157.sh.sha256 /var/files/patches/

 

This worked ok for me when I did it last month - good luck!

Thank you Roger. This provided very helpful!

Gerry

Accessing to CSSMonPrem with WINSCP (using user admin) , it seems then I do not have the permissions to copy the files to the var/files/patches directory , any idea how to come arround that ?