FMC upgrade from CLI

Florin Barhala · ‎06-19-2018

Hello,

I am running/having FMC 6.2.1 on a VM.

I want/need to update to 6.2.3 ; I went to Cisco's website and downloaded on my PC

Sourcefire_3D_Defense_Center_S3_Upgrade-6.2.3-88.sh.REL.tar

I went into Dashboard aka GUI, System\Update and manually added the package. I can see in the browser below the upload process increment then I am left with browser tabs rolling until my session times out.

I see no other progress bar or anything (see the attachment).

SSH into the box shows in \var\tmp the file being fully uploaded but obviously I am stuck.

Box has Internet access and obviously I have SSH admin on it.

Does anyone have any hint?

My idea would be to do the whole upgrade process from CLI, after all it's a Linux. Trouble is I COULD not find any CLI procedure.

Thanks in advance,

Florin.

Mohammed al Baqari · ‎06-19-2018

How long you waited after the upgrade? When you go to update page again do you see the package listed? If yes, did you try to hit install for this package.

Florin Barhala · ‎06-19-2018

That's the issue I could not see package listed (yesterday).
Today I rebooted the appliance - and redid the process. The difference was that I changed GUI timeout from 8' to 90'. Finally after some time I could see package listed. Now I am at Readiness Status Check and this time I can see a progress bar - fingers crossed.

Now back to the original thread's question: can I update to a specific version through CLI?
I could find a CLI command for status check:

sudo install_update.pl --readiness-check /var/sf/updates/updatefilename

Thanks,
Florin.

Florin Barhala · ‎06-20-2018

I managed to update (through GUI) to 6.2.3 after getting WebGui timeout from 6 to 60'.

Now I am left with two questions on this thread:

- "System processes are starting, please wait." After each update, appliance reboots and then I am left with this message for a while: several minutes. What's the "documentation" timeout/interval for all services to start?

- Is there any CLI procedure to upgrade FMC?

Thanks!

Marvin Rhoads · ‎06-21-2018

There's no documented time for FMC to start fully. As you noticed, it will give you the "...starting" message in the GUI until it's fully up.

You can initiate upgrades from the cli although it's not documented, recommended or supported. If you examine the upgrade files, they are generally .sh files or shell scripts. Actually they are scripts that bundle scripts and even more scripts further down. If you monitor the log files in /var/log/sf during an upgrade you will see all of the subscripts executing in sequence.

Florin Barhala · ‎06-26-2018

What about this post: https://ciscoskills.net/2017/07/12/update-firepower-devices-manually/
Can this be used for FMC and sensors, too?

Thanks!

Marvin Rhoads · ‎06-26-2018

It can be done but as I noted Cisco TAC does not recommend it be performed by customers.

You are bypassing the intended behavior of the system (possibly including the ability to recover from failure) by using that method. It may work 99 times out of 100 but you don't want to be that 100th case.