cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
627
Views
0
Helpful
1
Replies

Patching nodes

dgaikwad
Level 5
Level 5

Recently I was testing the application of patch 5 to 2.4. I chose to do the patching using CLI.

I applied patch 5 to the secondary PAN first, the patch got applied without any issues, and the node is still connected to the cluster there has been no error reported.

The questions it that, when I am creating a cluster ISE asks for every node to be on same version and patch level. But, when I chose to apply the patch to a node in a cluster there was no check made! Is this an acceptable behaviour or am I missing a crucial step here?

Any pointers?

1 Accepted Solution

Accepted Solutions

Damien Miller
VIP Alumni
VIP Alumni
This is the expected behavior. While registering a node there is a check done to ensure the version and patch level matches. If the same check was done following registration, you would end up with nodes that are paper weights during patching. When you patch from the CLI it warns you that the patch will only be installed on the node you are logged in to. They can run with mismatched patch levels but I would suggest limiting the exposure and finish patching in one change window if possible.

Another note, patching should begin with the primary admin node, then progress to the other nodes.

Other than that, patching from the CLI is very straight forward as you found out. A single command and you can run multiple nodes in parallel, I find it far superior to using the GUI when dealing with large environments because of this.

View solution in original post

1 Reply 1

Damien Miller
VIP Alumni
VIP Alumni
This is the expected behavior. While registering a node there is a check done to ensure the version and patch level matches. If the same check was done following registration, you would end up with nodes that are paper weights during patching. When you patch from the CLI it warns you that the patch will only be installed on the node you are logged in to. They can run with mismatched patch levels but I would suggest limiting the exposure and finish patching in one change window if possible.

Another note, patching should begin with the primary admin node, then progress to the other nodes.

Other than that, patching from the CLI is very straight forward as you found out. A single command and you can run multiple nodes in parallel, I find it far superior to using the GUI when dealing with large environments because of this.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: