cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

389
Views
5
Helpful
2
Replies
Truong.Hai
Beginner

Best practice when applying ACS Cumulative Patch

I will be applying a ACS 5.8.0.32.10 Cumulative Patch on both of our ACS devices. I wanted to know what is the best practice. Should I apply on the Secondary first or apply it on the Primary and let it do a failover to the Secondary. I am currently on version 5.8.1.4. I am needed to patch it because I have been getting some bugs. Cisco TAC suggested to apply patch to 5.8.0.32.10. Thoughts?

1 ACCEPTED SOLUTION

Accepted Solutions
Damien Miller
VIP Advisor

I couldn't find any documented recommendation for you, but I would treat it like ISE and follow the ISE best practice on patching. Patch the primary node, then choose the order that suits you after that, in your case that's just the second node. I wouldn't bother with failing over and promoting the other node unless something goes wrong and the primary breaks, it will just add time to the change window.

Since this is a TAC recommending the patch, you could also ask the TAC engineer if to provide guidance.

View solution in original post

2 REPLIES 2
Damien Miller
VIP Advisor

I couldn't find any documented recommendation for you, but I would treat it like ISE and follow the ISE best practice on patching. Patch the primary node, then choose the order that suits you after that, in your case that's just the second node. I wouldn't bother with failing over and promoting the other node unless something goes wrong and the primary breaks, it will just add time to the change window.

Since this is a TAC recommending the patch, you could also ask the TAC engineer if to provide guidance.

View solution in original post

I was able to patch the secondary node first then primary. Thanks!! 

 

I was able to do the steps below.

 

Create FTP Session

  1. Used Filezilla for FTP

Show Repository

  1. Log into Secondary

ACSxxxx/acsmgr# show repository BACKUP-FTP

5-8-0-32-10.tar.gpg                                                            

Show Version

ACS6440/acsmgr# show application version acs

Cisco ACS VERSION INFORMATION

-----------------------------

Version : 5.8.1.4

Internal Build ID : B.462

 

Patch Install Needs to be done BOTH – Primary and Secondary

  1. Log into Secondary

 

ACSxxxx /acsmgr# acs patch install 5-8-0-32-10.tar.gpg repository BACKUP-FTP

Installing ACS patch requires a restart of ACS Services Continue? (yes/no) yes

  1. Should take about 10 mins.

 

  1. Check services are running properly

ACSxxxx /acsmgr# show application status acs

ACS role: SECONDARY

 

Process 'database'                  running

Process 'management'                running

Process 'runtime'                   running

Process 'adclient'                  running

Process 'ntpd'                      running

Process 'view-database'             running

Process 'view-jobmanager'           running

Process 'view-alertmanager'         running

Process 'view-collector'            running

Process 'view-logprocessor'         running

 

  1. Show Version

ACSxxxx /acsmgr# show application version acs

 

Cisco ACS VERSION INFORMATION

-----------------------------

Version : 5.8.1.4

Internal Build ID : B.462

Patches :

5-8-0-32-10

 

  1. MAKE SURE Secondary IS PATCHED FIRST BEFORE PROCEEDING TO PRIMARY. Log into Primary repeat steps 1-5 above.

 

Content for Community-Ad