cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3425
Views
15
Helpful
18
Replies

CSPC upgrade timescales 2.10.0.1

david
Level 1
Level 1

Hi all,

 

just doing our first upgrade on the CSPC.  We have 2.10 installed and applying 2.10.0.1 which includes the patch for Log4j Vulnerability.  The CSPC upgrade guide implies the upgrade could take 60 - 90 minutes, but our upgrade has been going for almost 3 hours now (inc. download).  Release notes don't give any details on upgrade timescales.

 

We did have an issue with the GUI where the upgrade was available, but clicking install now didn't give the ability to agree to the EUA.  So we started the upgrade via the CLI.  It has rebooted once and I can see the JEOS has updated to the new version 30.3.0.1 but the SP is still Apply-in-progress.

 

Just wondering on others experience on time to complete the upgrade?

 

Many thanks

 

David

5 Accepted Solutions

Accepted Solutions

Hi David,

 

Could you please reboot the CSPC server once and reapply the SP patch?

 

Regards,

Gaurav Singh

View solution in original post

hi @gausing5 

CSPC Appliance restarted. After logging back on the Show Apply still output that the SP was apply-in-progress.  Reissued apply SP command and SP completed inside 2 minutes.  Show version verifies patch has been applied and same seen in GUI.

 

admin# apply sp-30.3.0-1-0-lnx64
After installation of package, Appliance will be rebooted.

Do you want to continue [y|n]? y

Started apply of package.
Depending on contents of the package, this may take a while.
admin#
admin#
admin#
admin#
admin#
admin# show apply
Version Number : sp-30.3.0-1-0-lnx64
Status : Apply-in-progress
Start Time : Dec/22/2021 09:43:12
End Time : -

admin#
admin#
admin#
admin#
admin#
admin#
admin# [root@localhost collectorlogin]#
[root@localhost collectorlogin]#
[root@localhost collectorlogin]#
[root@localhost collectorlogin]# su admin

===========================================================================
Cisco Network Appliance Administration
===========================================================================


To see the list of all the commands press '?'
admin# show apply
Version Number : sp-30.3.0-1-0-lnx64
Status : Applied
Start Time : Dec/22/2021 09:43:12
End Time : Dec/22/2021 09:44:29

admin# show version
Build-name : Collection Platform Software 2.10

Version : sp-30.3.0-0-0-lnx64
admin# show version -d
Build-name : Collection Platform Software 2.10

Package-type : ServicePack
Version : sp-30.3.0-0-0-lnx64
Component : CSPC Base
Version : 2.10
Package-type : JeOS
Version : jeos-30.3.0-1-lnx64
Component : AdminShell
Version : 1.9.5
Component : LCM
Version : 1.9.5
Component : CASP
Version : 2.10.0.1
Component : ConcsoTgw
Version : 1.8.1
Component : Hardened CentOS
Version : 7.9 patch#2009
admin#

 

Just to add that the GUI is still prompting that there is an update available even though it is showing that the patch has been applied.  The version number of the CSPC is still showing as 2.10 (see screenshot attached)

 

Thanks for your assistance with progressing this.

 

Regards


David

View solution in original post

david
Level 1
Level 1

So I've decided to reapply the patch via the CLI and this has completed in around 50 minutes and has now resolved the issue with the version number updating, and the new version issues I was seeing in the GUI.

 

These are the steps that I completed via the CLI:

admin# check update

Patch versions
------------------------------------------------------
Version Number: sp-30.3.0-1-0-lnx64
Description: Collector patch to upgrade to CSPC 2.10.0.1
Required Versions: sp-30.3.0-0-0-lnx64
Optimal JeOS: jeos-30.3.0-1-lnx64
Reboot Needed: No
Restart Needed: No
Package Size: 455676064 bytes
Contents:
Component Name: Rules Pack
Version: 4.15
Description: 4.15
Component Name: CSPC Base
Version: 2.10.0.1
Description: CSPC 2.10.0.1
Installable: Yes

 

admin# Update sp-30.3.0-1-0-lnx64

Confirmed I wanted to continue and this would reboot.

Confirmed agreement with the EULA

 

Admin Shell restarted a number of times and dropped me back to root.  From root was able to review the install log, and the admin shell has restarted again:

[root@localhost collectorlogin]# tail -f /opt/LCM/logs/apply
[Wed Dec 22 12:53:37 GMT 2021] Inside existence of status db
[Wed Dec 22 12:53:40 GMT 2021] Parsing package info
[Wed Dec 22 12:53:41 GMT 2021] Validating package details
[Wed Dec 22 12:53:44 GMT 2021] Parsing Component info
[Wed Dec 22 12:53:44 GMT 2021] Validating Component info
[Wed Dec 22 12:53:44 GMT 2021] Checking component dependency
[Wed Dec 22 12:53:44 GMT 2021] Apply TCL returned 1
[Wed Dec 22 12:53:44 GMT 2021] Executing pre-install scripts
[Wed Dec 22 12:57:26 GMT 2021] Executed pre-install scripts
[Wed Dec 22 12:57:26 GMT 2021] Executing install script for "CSPC Base"
[Wed Dec 22 13:29:52 GMT 2021] else block of status update

[Wed Dec 22 13:29:52 GMT 2021] update version--sp-30.3.0-1-0-lnx64---SP---SP-------apply.sh - 0------exit status

inside

status_update.sh - Inside status_update script

status_update.sh - Status of package : Applied

status_update.sh - Timestamp : 1640176300783

status_update.sh - Updating updates db

status_update.sh - Deleting entry from orderedList db

 

And the version is now updated:

 

admin# show version -d
Build-name : Collection Platform Software 2.10.0.1

Package-type : ServicePack
Version : sp-30.3.0-1-0-lnx64
Component : CSPC Base
Version : 2.10.0.1
Package-type : JeOS
Version : jeos-30.3.0-1-lnx64
Component : AdminShell
Version : 1.9.5
Component : LCM
Version : 1.9.5
Component : CASP
Version : 2.10.0.1
Component : ConcsoTgw
Version : 1.8.1
Component : Hardened CentOS
Version : 7.9 patch#2009

 

View solution in original post

So upgrade via the GUI does not work it appears.

If I am on Version 2.9 will commands admin# check update admin# Update sp-30.3.0-1-0-lnx64 work for me and take me to the latest Version 2.10.0.1 ?

On the Cisco Download Portal there is ZIP file : Collector patch to upgrade to CSPC 2.10.0.1 collector_2.10.0.1_Build-06.zip .

What is this file and what are the instructions to apply the patch using this file ?

I take is there is more than one way to upgrade/patch.

 

 

View solution in original post

@rhallanCorrect, I couldn't get the upgrade via GUI to complete for the log4j patch.

 

I also think you need to check the release notes to confirm, but I didn't think there was a direct upgrade from 2.9 to 2.10.  This is due to the change in the OS versions between 2.9 and 2.10 due to supportability of the CentOS versions.  So you would need to deploy from OVA a 2.10 instance, and restore a backup from your current 2.9 instance.  You can apply the patch to 2.10 for Log4J as per the detail in this post.

 

Hope that helps


David

View solution in original post

18 Replies 18

gausing5
Cisco Employee
Cisco Employee

Hi David,

 

Let us check the details and will get back to you with the update.

 

Regards,

Gaurav Singh

Many thanks

david
Level 1
Level 1

So I left this running overnight and the upgrade has been in the Apply-in-progress state for around 18 hours now.  I've had a look at the log for the apply, using the command tail -f /opt/LCM/logs/apply, from root and this is showing the following:

 

[root@localhost collectorlogin]# tail -f /opt/LCM/logs/apply
[Mon Dec 20 18:40:49 GMT 2021] else block of status update
[Mon Dec 20 18:40:49 GMT 2021] update version--1.9.5---LCM---Component-------
[Mon Dec 20 18:40:50 GMT 2021] --Component--Hardened CentOS--Hardened CentOS |Component |JeOS |8.1 patch#0 |Hardened CentOS |1633005237--jeos-30.3.0-0-lnx64--
[Mon Dec 20 18:40:50 GMT 2021] else block of status update
[Mon Dec 20 18:40:50 GMT 2021] update version--7.9 patch#2009---Hardened CentOS---Component-------
[Mon Dec 20 18:40:50 GMT 2021] --JeOS--JeOS--JeOS |JeOS | |jeos-30.3.0-1-lnx64 |Appliance Base Package patch update |1640025412--jeos-30.3.0-0-lnx64--
[Mon Dec 20 18:40:50 GMT 2021] else block of status update
[Mon Dec 20 18:40:50 GMT 2021] update version--jeos-30.3.0-1-lnx64---JeOS---JeOS-------
[Mon Dec 20 18:40:51 GMT 2021] status db updation completed
apply.sh - 0------exit status

 

From the Admin Shell I can see that the apply is still in progress and that the JeOS has been updated. 

 

admin# show apply
Version Number : sp-30.3.0-1-0-lnx64
Status : Apply-in-progress
Start Time : Dec/20/2021 18:15:26
End Time : -

admin# show version -d
Build-name : Collection Platform Software 2.10

Package-type : ServicePack
Version : sp-30.3.0-0-0-lnx64
Component : CSPC Base
Version : 2.10
Package-type : JeOS
Version : jeos-30.3.0-1-lnx64
Component : AdminShell
Version : 1.9.5
Component : LCM
Version : 1.9.5
Component : CASP
Version : 2.10.0.1
Component : ConcsoTgw
Version : 1.8.1
Component : Hardened CentOS
Version : 7.9 patch#2009

 

Any further suggestions on progressing please?  Do I continue to leave it, reboot and check, etc..

 

Many thanks

 

David

So glad I found this post.  I noticed the GUI Upgrade button did not work either (multiple browsers and machines).  I am going to wait for Cisco to reply to this before trying to apply the patch.

 

Regards,

John

Hi John,

 

Could you please login as admin on CSPC CLI and run check update command and download the patch to initiate the upgrade.

Please let us know if you have any queries.

 

Regards,

Gaurav Singh

@gausing5 ,

I am more concerned that you help @david with his ridiculously long upgrade before I try to start mine and I end up in the same position right before the holidays.

 

Regards,

John

david
Level 1
Level 1

@jhodges125 Hoping that @gausing5 can get a quick answer as this is a 10 out of 10 CVE that is fixed by the patch so needs urgently applying.  My update is still running some 23 hours after starting, so to me something is seriously wrong with this update or with my CSPC.

Regards

 

David

Hi David,

 

Could you please reboot the CSPC server once and reapply the SP patch?

 

Regards,

Gaurav Singh

hi @gausing5 

CSPC Appliance restarted. After logging back on the Show Apply still output that the SP was apply-in-progress.  Reissued apply SP command and SP completed inside 2 minutes.  Show version verifies patch has been applied and same seen in GUI.

 

admin# apply sp-30.3.0-1-0-lnx64
After installation of package, Appliance will be rebooted.

Do you want to continue [y|n]? y

Started apply of package.
Depending on contents of the package, this may take a while.
admin#
admin#
admin#
admin#
admin#
admin# show apply
Version Number : sp-30.3.0-1-0-lnx64
Status : Apply-in-progress
Start Time : Dec/22/2021 09:43:12
End Time : -

admin#
admin#
admin#
admin#
admin#
admin#
admin# [root@localhost collectorlogin]#
[root@localhost collectorlogin]#
[root@localhost collectorlogin]#
[root@localhost collectorlogin]# su admin

===========================================================================
Cisco Network Appliance Administration
===========================================================================


To see the list of all the commands press '?'
admin# show apply
Version Number : sp-30.3.0-1-0-lnx64
Status : Applied
Start Time : Dec/22/2021 09:43:12
End Time : Dec/22/2021 09:44:29

admin# show version
Build-name : Collection Platform Software 2.10

Version : sp-30.3.0-0-0-lnx64
admin# show version -d
Build-name : Collection Platform Software 2.10

Package-type : ServicePack
Version : sp-30.3.0-0-0-lnx64
Component : CSPC Base
Version : 2.10
Package-type : JeOS
Version : jeos-30.3.0-1-lnx64
Component : AdminShell
Version : 1.9.5
Component : LCM
Version : 1.9.5
Component : CASP
Version : 2.10.0.1
Component : ConcsoTgw
Version : 1.8.1
Component : Hardened CentOS
Version : 7.9 patch#2009
admin#

 

Just to add that the GUI is still prompting that there is an update available even though it is showing that the patch has been applied.  The version number of the CSPC is still showing as 2.10 (see screenshot attached)

 

Thanks for your assistance with progressing this.

 

Regards


David

One other thing I've noticed is the release notes advise of the following:

 

This section provides information about what’s new in the Common Services Platform Collector
(CSPC) 2.10.0.1
• Key security vulnerability fixes that would benefit all customers
• New Rules Package RP 4.15

 

Yet the SNTC locked collection is advising of Rules Package 4.14 still.  I can't see where this is changed, not that I suspect I can make changes to a locked collection profile.

Hi David,

 

Lets schedule a WebEx to check a few things.

Please let me know your availability along with your email address and I will send the invite.

 

Regards,

Gaurav Singh

Please see the last comment that I posted.  I've reapplied the update again from the CLI and this time it has completed and updated successfully.

Hi David,

 

Please disregard my previous response.

It looks like you were able to upgrade your CSPC successfully.

Please do let us know if you face any further issues.

 

Regards,

Gaurav Singh

david
Level 1
Level 1

So I've decided to reapply the patch via the CLI and this has completed in around 50 minutes and has now resolved the issue with the version number updating, and the new version issues I was seeing in the GUI.

 

These are the steps that I completed via the CLI:

admin# check update

Patch versions
------------------------------------------------------
Version Number: sp-30.3.0-1-0-lnx64
Description: Collector patch to upgrade to CSPC 2.10.0.1
Required Versions: sp-30.3.0-0-0-lnx64
Optimal JeOS: jeos-30.3.0-1-lnx64
Reboot Needed: No
Restart Needed: No
Package Size: 455676064 bytes
Contents:
Component Name: Rules Pack
Version: 4.15
Description: 4.15
Component Name: CSPC Base
Version: 2.10.0.1
Description: CSPC 2.10.0.1
Installable: Yes

 

admin# Update sp-30.3.0-1-0-lnx64

Confirmed I wanted to continue and this would reboot.

Confirmed agreement with the EULA

 

Admin Shell restarted a number of times and dropped me back to root.  From root was able to review the install log, and the admin shell has restarted again:

[root@localhost collectorlogin]# tail -f /opt/LCM/logs/apply
[Wed Dec 22 12:53:37 GMT 2021] Inside existence of status db
[Wed Dec 22 12:53:40 GMT 2021] Parsing package info
[Wed Dec 22 12:53:41 GMT 2021] Validating package details
[Wed Dec 22 12:53:44 GMT 2021] Parsing Component info
[Wed Dec 22 12:53:44 GMT 2021] Validating Component info
[Wed Dec 22 12:53:44 GMT 2021] Checking component dependency
[Wed Dec 22 12:53:44 GMT 2021] Apply TCL returned 1
[Wed Dec 22 12:53:44 GMT 2021] Executing pre-install scripts
[Wed Dec 22 12:57:26 GMT 2021] Executed pre-install scripts
[Wed Dec 22 12:57:26 GMT 2021] Executing install script for "CSPC Base"
[Wed Dec 22 13:29:52 GMT 2021] else block of status update

[Wed Dec 22 13:29:52 GMT 2021] update version--sp-30.3.0-1-0-lnx64---SP---SP-------apply.sh - 0------exit status

inside

status_update.sh - Inside status_update script

status_update.sh - Status of package : Applied

status_update.sh - Timestamp : 1640176300783

status_update.sh - Updating updates db

status_update.sh - Deleting entry from orderedList db

 

And the version is now updated:

 

admin# show version -d
Build-name : Collection Platform Software 2.10.0.1

Package-type : ServicePack
Version : sp-30.3.0-1-0-lnx64
Component : CSPC Base
Version : 2.10.0.1
Package-type : JeOS
Version : jeos-30.3.0-1-lnx64
Component : AdminShell
Version : 1.9.5
Component : LCM
Version : 1.9.5
Component : CASP
Version : 2.10.0.1
Component : ConcsoTgw
Version : 1.8.1
Component : Hardened CentOS
Version : 7.9 patch#2009