cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16438
Views
34
Helpful
20
Replies

Creating a USB Boot disk for fresh ISE 2.4 install on SNS appliance

Arne Bier
VIP
VIP

Hello ISE (appliance) installation experts

 

I need to create a bootable USB to install ISE 2.4 on 6 SNS-3595 servers.

I have a 16GB USB, the ISE 2.4 .iso and the Fedora Write software for Windows.

I have read the ISE 2.4 Installation Guide which talks about the Fedora Writer etc.

 

I happen to run a Windows operating system, and when I follow this procedure, I am able to "burn" the .iso to the USB successfully, using the Fedora Writer application (in Windows).  But the Installation Guide fails to point out that the USB is only visible when mounted on a Linux operating system!  I eventually figured that out and proceeded to launch my trusty CentOS VM.  I use VMWare Workstation and the contents of the drive become visible in the GUI as soon as I plug the USB in. But since this is an iso9660 file system (CDROM), it's protected from being written to.  The Installation Guide talks about editing two files - but I am unable to edit these because I haven't figured out how to mount this USB as anything other than a CDROM!

 

Can someone please let me know the error of my ways?  I want this sorted out before I get to customer site.  And in fairness, this has to be documented a bit better.

 

I would consider myself having quite good unix/Linux skills, but I am surprised at how tricky this is - and it looks so innocently easy in the Cisco docs.

 

[root@centos /]# mount /dev/sdb /mnt/usb -o rw -t auto
mount: /dev/sdb is write-protected, mounting read-only


[root@centos /]# mount | grep sdb
/dev/sdb on /mnt/usb type iso9660 (ro,relatime)

 

[root@centos /]# mount /dev/sdb /mnt/usb -o remount,rw
mount: cannot remount /dev/sdb read-write, is write-protected
 

 

I have also tried mounting the USB as ext3 or ext4 instead of iso9660, but it refuses of course.

 

Apart from that, the documentation is wrong about one of the directory names - the syslinux reference is now called isolinux

 

ise-boot.png

 

1 Accepted Solution

Accepted Solutions

@Arne Bier

We are updating the doc as attached. Let us know if you have further question or inputs on it.image001.png

View solution in original post

20 Replies 20

hslai
Cisco Employee
Cisco Employee

CSCvi15283 clarifies that liveusb-creator 3.12.0 tested by our team and older/newer releases might not work. In fact, Fedora Writer 4.1 results a USB thumb drive not recognized by Windows so the files not editable.

Screen Shot 2018-08-05 at 7.17.42 PM.png

Please ignore my previous comment about the files not there, as my USB thumb drive at the time had some other Linux distro.

I believe you already know this so just as a reminder, Reimage the Cisco SNS 3500 Series Appliance shows three options to re-image it for an ISE release, 2.0.1 or later, and you might want to consider the other options.

Hi

 

I think the documentation is probably out of date.  In hindsight, I don't see how it's possible to edit an ISO filesystem which is supposed to be set in stone!

Hsing, if you could verify please whether the .iso from CCO can be used to boot a SNS-3595 appliance I would be most grateful.  And are there any hoops in the BIOS to go through to allow this to happen?  Theoretically it should be, right, just like any other iso9660 image!  I just don't want things like UEFI Secure Boot to get in the way of this, or any other BIOS features that can turn a simple task into a nightmare.

 

Regarding CIMC - I was hoping to avoid the CIMC method because the virtual cdrom is a great concept but it's slow over an Ethernet connection.  Not to mention that I will end up fighting with Java to get the right version of JRE to make that work in the first place.  I have wasted hours in the past getting this to work because the world has moved on since JRE 1.6/1.7 - I will use vKVM as a last resort.

 

The other option of hooking a CDROM to the USB port would be equivalent to what I am proposing already - except that I don't want to be seen handling a CDROM on a customer site :-)

 

regards

Arne

Instead of Java, use HTML based vKVM on SNS-3595. Easy to use.

 

You can directly connect to the appliance M interface, it will take about 4 and half hours to image it with ISE 2.4. 

Thanks - I will give it a try.

Gosh!  4 hours!  In another customer's VMWare platform the .iso installs in 15 minutes.  The post setup stuff takes another half hour or so.  It's definitely faster than 4 hours. 

I avoid appliances like the plague.  The next thing you know you'll be swapping out faulty hard drives, upgrading the CIMC or dealing with a dodgy GLT-T transceiver. 

Welcome to the 80's!

During the ISO install, we may use the virtual consoles to check the progress (See Table 9.1, “Console, Keystrokes, and Contents”). After started on setup and after the network up, it's possible to SSH to the box and check the system file ade/ADE.log file for more info.

4 hours is quite long but we've seen some of our setups taking that long due to IO contention, etc.

Thanks.

 

I would like to learn the way if anyone can get it done in less than 4 hours for one SNS 3595 appliance via vKVM. I just finished reimagining five appliances two weeks ago, using HTML vKVM with the 2.4 ISO from CCO. These are brand new 3595 appliances for ISE with the latest CIMC and BIOS firmware version (confirmed with TAC). I have three more 3595 appliances to install. Much appreciated. 

If you have a TAC case on this, please ask TAC to try it. My last attempts were about 20 months ago but I remembered each install via the vKVM virtual medium took about 1 or 2 hours with the CIMC and the Windows workstation in the same local network. I can also check with our test teams.

okay will do. 

Hey Ping, in terms of the time break down, do you recall how long the.iso installation took, from BIOS boot completion,  up to the point where you see the 'setup' prompt?

And then how long does it take from the last setup prompt for the node to complete the initial setup?

 

I suspect that a slow vKVM could also be due to slow network e.g. if the interface didn't negotiate 1000Mbps full duplex. 

 

I verified 1Gbps was shown on my laptop side, as well as on the M interface ( via CIMC ). I also tried with top-of-rack FEX switch in the middle between my laptop and M interface ... same results. My laptop and M interface were on the same VLAN / Subnet. I turned off all other network connections on my laptop except the one I used to reach the M interface. NTP, DNS, IP gateway are all checked out fine. 

 

The ISO installation via HTML vKVM from start to the point of seeing the setup wizard prompt took about 4 hours. The most time consuming parts are “oraclesw” installation parts (4 parts) and “CARSisePkg” installation parts (2 parts). 

 

Then it was about half an hour to get the setup wizard done...Then application server took some time to turn “running”. 

 

HTH. 

 

Below are from our engineering team:

No. This is not expected. Normally will take ~ 1.5 hours to install.

Would like to know the below information,

  1. Customer is using virtual DVD ISO mounting using HTML vKVM?
  2. If yes, Desktop machine and appliance are in the same subnet? And having ISO on local desktop or any remote NFS?
  3. What is the behaviour for JAVA vKVM?

Note: USB boot installation will be faster than vKVM ISO mounting installation.

 

As you already answered (1) and (2), could you try (3), please?

CSCvd39706 shows an issue with media shared via HTML5/Javascript vKVM.

Thanks a lot for the follow up!  

 

I tried to to use Java vKVM before the HTML one. I could not get it to work on my corporate software standardized laptop running Windows 10. It complained “Application error, unable to load resource...” If time permits, I’ll try it again on Windows 7 and report back here with one of the other three SNS-3595 appliances that I need to install. 

 

 

I have no access to a SNS-3515/-3595 normally so I can't test this for you. However, I am positive that our teams have covered this before FCS to boot the appliances using the ISO files from CCO. I did use the vKVM virtual medium method about 1 year ago for a customer. For the external USB DVD method, we would need a dual layer DVD medium big enough to hold all the files from the ISO.

If this appliance previously imaged with ACS, then CIMC/BIOS needs updated with the one enabled for Secure Boot. Also, we might need to check the boot order setting in the BIOS.

@Arne Bier

We are updating the doc as attached. Let us know if you have further question or inputs on it.image001.png

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: