07-06-2013 02:57 PM - edited 03-10-2019 08:37 PM
Hello all,
I need to upgrade our ACS 5.1 to 5.3 after I see this Dockment from cisco this Doc is more complex
I don`t understand any think Please help me to answer my question
1- we have 2 Server primary und secondary with which one should i start to upgrade?
- in the obove Doc began with
Upgrading an ACS Deployment from 5.1 to 5.3
2- sholud I start use this method ACS Deployments to upgrade or sholud i use only Upgrading an ACS Server from 5.1 to 5.3 ?
3- frist i must backup my Server how to Backup both Server from ACS Server web page or Should I use ony command Line?
- from this command
Step 1 Back up the ACS data from the ACS 5.2 server.
Step 2 Enter the following backup command in the EXEC mode to perform a backup and place the backup in a repository.
backup backup-name repository repository-name
4- what is A Repository-name and how can I find it
5 - Also
acs patch install patch-name.tar.gpg repository repository-name
- Idon`t know what that mean
Note
Before upgrading any secondary server, you need to deregister it from the primary server.
6 - what that Mean, what is deregister ?
7 - can I meake this Upgrade from ACS Administration Webpage
8 - If i need to upgrade our ACS should from CMD i must install FTP server ? how to install FTP Server in ACs or how to tell ACS server about this FTP
thank you all for help
AHA
Solved! Go to Solution.
07-08-2013 05:39 AM
Tarik, Very nice reply +5
Hello Abdullah Hashim
You need to start with secondary. If it's a log collector then move it to primary for a time being, once the upgrade is complete, move it back to secndary and upgrade the primary box.
It's recommended to apply latest patch on the current version (to avoid any known issues) before you upgrade the ACS to 5.3 or 5.4
You're already running the latest patch of ACS 5.1 (i.e patch 6) so you don't need to install any other patch. ACS patches are cumulative so no need to install the previous patches. The latest one should have fix for all defects.
Let me know if you still have any questions.
~BR
Jatin Katyal
**Do rate helpful posts**
07-09-2013 04:05 AM
You need issue "show application status acs". This would show you below listed processes. The view database shows that the box is acting as a log collector. On the other box, you'd see only 4 process running.
•Database
•Management (ACS management subsystem)
•Runtime (ACS runtime subsystem)
•View-alertmanager
•View-collector
•View-database
•View-jobmanager
•View-logprocessor
In order to change log collector, you need to go to Primary ACS || Monitoring and Reports || Monitoring Configuration || Log Collection || change log collector.
Yes, you should de-register them and upgrade your servers as a standalone server. Once upgrade is completed successfully, you may register again and replicate.
~BR
Jatin Katyal
**Do rate helpful posts**
07-06-2013 06:49 PM
Hi,
My answers are inline to your questions -
Hello all,
1- we have 2 Server primary und secondary with which one should i start to upgrade?
- Do you have one of the servers acting as both the log collector and as the primary acs server? The document states that you must first promote the non-log collecting server as the primary, this can be done through the deployment operations tab and the promote to primary should be present, please attempt to do this during a maintenance window.
- in the obove Doc began with
Upgrading an ACS Deployment from 5.1 to 5.3
2- sholud I start use this method ACS Deployments to upgrade or sholud i use only Upgrading an ACS Server from 5.1 to 5.3 ?
- The document prefers that you use the application upgrade file which must be placed on a repository (I have had the best luck with ftp), and the upgrade is done through the cli but issuing the "application upgrade" command.
3- frist i must backup my Server how to Backup both Server from ACS Server web page or Should I use ony command Line?
The backup can be run from both the gui and the cli *of the primary node* backup operations are disabled on the secondary acs. The command that runs the easiest is "acs backup..." you will have to visit the acs command line reference guide for the exact syntax or you can use the "?" to guide you through the command syntax.
- from this command Step 1 Back up the ACS data from the ACS 5.2 server.
Step 2 Enter the following backup command in the EXEC mode to perform a backup and place the backup in a repository.
backup backup-name repository repository-name4- what is A Repository-name and how can I find it
A repository is a file server that you would want to point acs too, my recommendations are ftp if this is ok with your security guidelines, you can also use sftp but i am sure in acs 5.1 there is a bug around large files and sftp but you may need to look at the open caveats section in the acs 5.1 release notes to be sure.
You should be able to consult the command reference guide (repository ...).
5 - Also
acs patch install patch-name.tar.gpg repository repository-name
- Idon`t know what that mean
-- This is the command that is used to install the patch on acs, the patch-name is the name of the file you download from cisco. the repository name is the server that has the file present for the acs to download.
Note
Before upgrading any secondary server, you need to deregister it from the primary server.
6 - what that Mean, what is deregister ?
- When you have a distributed setup this means that there is a primary server and a secondary server, when you make any changes to your acs environment that is done through the administration node which is then replicated to the secondary node. In order to do the upgrade, you have to deregister the node from the primary node in order to do the upgrade.
7 - can I meake this Upgrade from ACS Administration Webpage
--No you can not upgrade ACS through the web gui this is done through the cli, the same goes for patches.
8 - If i need to upgrade our ACS should from CMD i must install FTP server ? how to install FTP Server in ACs or how to tell ACS server about this FTP
Here is the command reference guide for you version of ACS - http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/command/reference/cli_app_a.html
Also it is best to install the latest patch on the acs before upgrade to a different version. What is the patch level of your acs? You can find this out by issuing a "show version" that should give you the output of any installed patches.
Upgrading acs is a delicate process if you are not comfortable with upgrading acs you should open a tac case and have the experts guide you through the upgrade process.
Thanks,
Tarik Admani
Sent from Cisco Technical Support iPad App
07-08-2013 02:25 AM
hallo all again
thank you tarik for you answer but i still have A problem with the frist question
should I start with Prim oer with Sec Server to upgrade
what did you Mean with
#######
Also it is best to install the latest patch on the acs before upgrade to a different version. What is the patch level of your acs? You can find this out by issuing a "show version" that should give you the output of any installed patches.
##########.
did you Mean that we have now ACS 5.1.0.44.6 should I install all patch for ACS 5.1 and that upgrade to 5.3
07-08-2013 05:39 AM
Tarik, Very nice reply +5
Hello Abdullah Hashim
You need to start with secondary. If it's a log collector then move it to primary for a time being, once the upgrade is complete, move it back to secndary and upgrade the primary box.
It's recommended to apply latest patch on the current version (to avoid any known issues) before you upgrade the ACS to 5.3 or 5.4
You're already running the latest patch of ACS 5.1 (i.e patch 6) so you don't need to install any other patch. ACS patches are cumulative so no need to install the previous patches. The latest one should have fix for all defects.
Let me know if you still have any questions.
~BR
Jatin Katyal
**Do rate helpful posts**
07-09-2013 03:03 AM
thank you Traik and thank you Jatin for help
how to know if the Secondary Server is the log collector Server from command line
and how to change this from command line also (we have a problem with our server from all Browser (firefox and IE and chrome)
know i understand that: we upgrade first the log collector Server
- start to upgrade with Secondary Server (Upgrading the Log Collector Server)
- move the log Collector to Primary Server and than upgrade it
- after upgrade is complete move again the log collector to Secondary Server
- but we must first make a Deregister from Primary Server to make every Server as standalone
Serve
- than register the Secondary Server again to Primary Server after i move the log collector to him
- I mean we upgrade every Server as standalone Server after we move the log collector to this Server
thank you for help again
07-09-2013 04:05 AM
You need issue "show application status acs". This would show you below listed processes. The view database shows that the box is acting as a log collector. On the other box, you'd see only 4 process running.
•Database
•Management (ACS management subsystem)
•Runtime (ACS runtime subsystem)
•View-alertmanager
•View-collector
•View-database
•View-jobmanager
•View-logprocessor
In order to change log collector, you need to go to Primary ACS || Monitoring and Reports || Monitoring Configuration || Log Collection || change log collector.
Yes, you should de-register them and upgrade your servers as a standalone server. Once upgrade is completed successfully, you may register again and replicate.
~BR
Jatin Katyal
**Do rate helpful posts**
07-09-2013 05:02 AM
Thank thank man for this Info
my last question
- must i do this( Upgrading the Log Collector Server )
- or i can direct Upgrading an AC'S Server Using Application Upgrade Bundle
# application upgrade ACS_5.3.tar.gz repository-name
what happen if i upgrade ACS Server Using Application Upgrade Bundle without using
Upgrading the Log Collector Server method
thank you again
07-09-2013 05:09 AM
I didn't understand your question completely. what you mean by upgrading the log collector server?
yes, we need to use application upgrade bundle one by one on both servers once they are in standalone mode.
~BR
Jatin Katyal
**Do rate helpful posts**
07-22-2013 05:49 AM
hallo all again,
Please again answer my question
from ACS Primary ::
ISMACS02/admin#
ISMACS02/admin# show application status acs
ACS role: PRIMARY
Process 'database' running
Process 'management' running
Process 'runtime' running
Process 'adclient' running
Process 'view-database' running
Process 'view-jobmanager' running
Process 'view-alertmanager' running
Process 'view-collector' running
Process 'view-logprocessor' running
from Sec Server I see only : #
ISMACS01/admin# show application status acs
ACS role: SECONDARY
Process 'database' running
Process 'management' running
Process 'runtime' running
Process 'adclient' running
----------------------
know I know that the Primary ACS is the Log Collector Server <<< is that true
Q: during the upgrade what i understand is I must upgrade a standalone if this Server as a Log Collector Server
I mean I upgrade every Server when this Server have the Log Collector file
thank you again
07-22-2013 06:09 AM
Yes that is true, your primary server is acting as a log collector because we can see the view-database services running on primary server.
~BR
Jatin Katyal
**Do rate helpful posts**
07-23-2013 01:14 AM
hallo,
thank you Jatin for confirm
so that Mean my Step to upgrade is:
- BAckup my system to tftp : backup-file-name repository repository-name
- Promoting a Secondary Server to Primary
- Deregister both Server
- Upgrading the Log Collector Server (primary server) the Sec Server work now as Primary
- Install all Patchs file
- again register both Server
- change the log Collector to Sec Server
- Deregister both Server
- Process again the upgrade for Sec Server and install Patchs
- again register both Server
thank you again for confirm
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide