cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
224
Views
0
Helpful
1
Replies
Contributor

Patching nodes

Recently I was testing the application of patch 5 to 2.4. I chose to do the patching using CLI.

I applied patch 5 to the secondary PAN first, the patch got applied without any issues, and the node is still connected to the cluster there has been no error reported.

The questions it that, when I am creating a cluster ISE asks for every node to be on same version and patch level. But, when I chose to apply the patch to a node in a cluster there was no check made! Is this an acceptable behaviour or am I missing a crucial step here?

Any pointers?

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advocate

Re: Patching nodes

This is the expected behavior. While registering a node there is a check done to ensure the version and patch level matches. If the same check was done following registration, you would end up with nodes that are paper weights during patching. When you patch from the CLI it warns you that the patch will only be installed on the node you are logged in to. They can run with mismatched patch levels but I would suggest limiting the exposure and finish patching in one change window if possible.

Another note, patching should begin with the primary admin node, then progress to the other nodes.

Other than that, patching from the CLI is very straight forward as you found out. A single command and you can run multiple nodes in parallel, I find it far superior to using the GUI when dealing with large environments because of this.
1 REPLY 1
Highlighted
VIP Advocate

Re: Patching nodes

This is the expected behavior. While registering a node there is a check done to ensure the version and patch level matches. If the same check was done following registration, you would end up with nodes that are paper weights during patching. When you patch from the CLI it warns you that the patch will only be installed on the node you are logged in to. They can run with mismatched patch levels but I would suggest limiting the exposure and finish patching in one change window if possible.

Another note, patching should begin with the primary admin node, then progress to the other nodes.

Other than that, patching from the CLI is very straight forward as you found out. A single command and you can run multiple nodes in parallel, I find it far superior to using the GUI when dealing with large environments because of this.