ACS 5.x (VMware-based) patching and upgrading

StevenThomas42 · ‎02-21-2020

When I took over management of our Integration Testing Facility, there was a pre-existing ACS instance that was functioning as required, but a prior admin had set the CLI password and no one knew it. I finally was able to do a recovery and get CLI access, and I wanted to get it patched and upgraded. We will be transitioning to ISE eventually, but we have some interconnectivity issues that cannot be resolved with ISE yet, so the ACS has to stay in place.

The ACS is currently running 5.5.0.46, so the first step is to upgrade to 5.5.0.46.11.

I was able to configure a TFTP repository and start the patching process yesterday, however, once it copied the files over and extracted it, the installation did not appear to move any further. I could watch the memory and CPU usage in VMware so I know there was activity, but I finally left it overnight and when I came in this morning, I hit CTRL-C. I had to start ACS again, and then deal with the HTTP not responding, but once I got the GUI up, I saw it was still on 5.5.0.46.

I checked and there is plenty of disk space available.

Are there any steps I should take to "clean up" the ACS before I re-attempt the patch?
Would it benefit from having more RAM allocated in VMware?
If I start the patch again, how long should it reasonably take to complete?

Thanks,

Steve

Damien Miller · ‎02-21-2020

Have you considered deploying ACS 5.8 in VMware, and restoring the configuration on to that. At least 5.8 has a bit of support left, august 2020 will be the EOL. I know this statement over simplifies the process, but it would probably be a better use of time if you really can't migrate to ISE.

StevenThomas42 · ‎02-24-2020

I actually have a fresh install of 5.8.1.4 ACS standing by, but side-by-side comparison for configuration shows extra fields in 5.8 that did not exist in 5.5 so I have to have a more experienced engineer looking over my shoulder to fill in the new blanks. The security standards we are attempting to emulate in the ITF call for redundancy of our ACS solution so I'm trying to bring the original ACS up to the same level.

I'm not sure how your response was marked as a solution. I hadn't even seen your reply until now since it came in after close of business Friday.

thomas · ‎02-24-2020

> I'm not sure how your response was marked as a solution.

> I hadn't even seen your reply until now since it came in after close of business Friday.

90+% of people asking questions in these forums fail to take the time to mark any answers to their questions as the Accepted Solution.

Moderators have the ability to Accept as Solution any response that is appropriate so that is most likely what happened. We typically wait a few days before doing that to ensure you had time to review and Accept it.

We want to be sure people coming to these forums in search of answers get them when they see their same questions which is why we like to ensure there are answers when appropriate. Sometimes people don't provide enough information or are simply asking opinions so there are no Accepted Solutions to those.

StevenThomas42 · ‎02-24-2020

OK, I re-attempted the patch install for 5.5.0.46.11 and the result was that the CLI reported that the patch was already installed.

When I go into the web interface and click "about", it only reports 5.5.0.46. Is Patch 11 not supposed to be reported there? How can I list the full patch level of the ACS from the CLI?