Solved: Re: Update firmware only if version doesn't match x.x.x

Comm4nd0 · ‎02-16-2018

Hi so i'm trying to create an EEM script that will check the firmware version on the switch, if it doesn't match the correct specified version it needs to update.

something like this:

event manager applet model
event none
action 1.0 cli command "enable"
action 2.0 cli command "show version | include (Version [0-9][0-9].[0-9].[0-9])"
action 3.0 if "16.6.2" not in "$_cli_result"
action 3.1 cli command "copy ftp://192.168.0.128/cat3k_caa-universalk9.16.06.02.SPA.bin flash:"
action 3.2 cli command "boot system switch all flash:cat3k_caa-universalk9.16.06.02.SPA.bin"
action 4.0 else:
action 4.1 continue
exit
do event manager run model

Any idea how i can make this work?

many thanks

brselzer · ‎02-16-2018

I think I got it. We were getting stuck on the copy ftp prompt because it wants you to confirm the dest file name. Try this:

event manager applet firmware
event none maxrun 5000000 <---You need to increase this or the script will timeout in 20 seconds
action 1.0 cli command "enable"
action 2.0 cli command "show version | include (Version [0-9]+.[0-9]+.[0-9]+)"
action 2.1 regexp "Version [0-9]+.[0-9]+.[0-9]+" "$_cli_result" fwversion
action 3.0 if "Version 16.6.2" ne "$fwversion"
action 3.1 syslog msg "Updating!"
action 3.2 cli command "conf t"
action 3.3 cli command "file prompt quiet" . <---This command will keep the copy command from prompting you
action 3.4 cli command "end"
action 3.5 cli command "copy ftp://192.168.0.128/cat3k_caa-universalk9.16.06.02.SPA.bin flash:" <----Get rid of the \n at the end
action 3.6 cli command "conf t"
action 3.7 cli command "no boot system"
action 3.8 cli command "boot system switch all flash:cat3k_caa-universalk9.16.06.02.SPA.bin"
action 4.0 else
action 4.1 syslog msg "Firmware version is good"
action 5.0 end
exit
do event manager run firmware

-Bradley Selzer
CCIE# 60833

View solution in original post

brselzer · ‎02-16-2018

Hello,

Depending on what version of code you are running, your regex might be off. For example:

3850-Stack-NOVA#show ver
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.06.08E RELEASE SOFTWARE (fc1)

There are two digits per set. You might want to try the following:

Version [0-9][0-9].[0-9]+.[0-9]+

This means there could be one or more digits for the second and third number

-Bradley Selzer
CCIE# 60833

Comm4nd0 · ‎02-16-2018

thanks i've added at in. i'm so close to getting this working but although i get the syslog message "updating"it doesn't seem to do the copy or boot commands.

event manager applet firmware
event none
action 1.0 cli command "enable"
action 2.0 cli command "show version | include (Version [0-9]+.[0-9]+.[0-9]+)"
action 2.1 regexp "Version [0-9]+.[0-9]+.[0-9]+" "$_cli_result" fwversion
action 3.0 if "Version 16.6.2" ne "$fwversion"
action 3.1 syslog msg "Updating!"
action 3.2 cli command "copy ftp://192.168.0.128/cat3k_caa-universalk9.16.06.02.SPA.bin flash:"
action 3.3 cli command "boot system switch all flash:cat3k_caa-universalk9.16.06.02.SPA.bin"
action 4.0 else
action 4.1 syslog msg "Firmware version is good"
action 5.0 end
exit
do event manager run firmware
!

brselzer · ‎02-16-2018

Hello,

I think you missed config t and removing the old boot statement. Try this:

event manager applet firmware
event none
action 1.0 cli command "enable"
action 2.0 cli command "show version | include (Version [0-9]+.[0-9]+.[0-9]+)"
action 2.1 regexp "Version [0-9]+.[0-9]+.[0-9]+" "$_cli_result" fwversion
action 3.0 if "Version 16.6.2" ne "$fwversion"
action 3.1 syslog msg "Updating!"
action 3.2 cli command "conf t"
action 3.3 cli command "no boot system"
action 3.4 cli command "copy ftp://192.168.0.128/cat3k_caa-universalk9.16.06.02.SPA.bin flash:"
action 3.5 cli command "boot system switch all flash:cat3k_caa-universalk9.16.06.02.SPA.bin"
action 4.0 else
action 4.1 syslog msg "Firmware version is good"
action 5.0 end
exit
do event manager run firmware

-Bradley Selzer
CCIE# 60833

Comm4nd0 · ‎02-16-2018

the copy command is a priv exec command tho isn't it?

brselzer · ‎02-16-2018

Hello,

Yea, my fault. Flip the conf t and removing the boot statement to after the copy command. Thanks!

-Bradley Selzer
CCIE# 60833

Comm4nd0 · ‎02-16-2018

still no good :(

this is the output:

netdevice(config)#no event manager applet firmware
netdevice(config)#event manager applet firmware
netdevice(config-applet)#event none
netdevice(config-applet)#action 1.0 cli command "enable"
netdevice(config-applet)#$rsion | include (Version [0-9]+.[0-9]+.[0-9]+)"
netdevice(config-applet)#$]+.[0-9]+.[0-9]+" "$_cli_result" fwversion
netdevice(config-applet)#action 3.0 if "Version 16.6.2" ne "$fwversion"
netdevice(config-applet)#action 3.1 syslog msg "Updating, please wait!"
netdevice(config-applet)#$iversalk9.16.06.02.SPA.bin flash:\ny\ny\ny"
netdevice(config-applet)#action 3.3 cli command "configure terminal"
netdevice(config-applet)#action 3.4 cli command "no boot system"
netdevice(config-applet)#$h all flash:cat3k_caa-universalk9.16.06.02.SPA.bin"
netdevice(config-applet)#action 4.0 else
netdevice(config-applet)#action 4.1 syslog msg "Firmware version is good"
netdevice(config-applet)#action 5.0 end
netdevice(config-applet)#exit
netdevice(config)#do event manager run firmware

*Feb 16 17:47:44.217: %HA_EM-6-LOG: firmware: Updating, please wait!
netdevice(config)#!
netdevice(config)#

brselzer · ‎02-16-2018

Strange, it worked for me but I am not actually doing the TFTP. Maybe it is timing out because the TFTP transfer is taking too long?

Try to run this debug and see where it gets stuck:

debug event manager action cli

-Bradley Selzer
CCIE# 60833

Comm4nd0 · ‎02-16-2018

ah nice, this is what i get:

netdevice(config)#no event manager applet firmware
netdevice(config)#file prompt quiet
netdevice(config)#event manager applet firmware
netdevice(config-applet)#event none
netdevice(config-applet)#action 1.0 cli command "enable"
netdevice(config-applet)#$rsion | include (Version [0-9]+.[0-9]+.[0-9]+)"
netdevice(config-applet)#$]+.[0-9]+.[0-9]+" "$_cli_result" fwversion
netdevice(config-applet)#action 3.0 if "Version 16.6.2" ne "$fwversion"
netdevice(config-applet)#action 3.1 syslog msg "Updating, please wait!"
netdevice(config-applet)#$t3k_caa-universalk9.16.06.02.SPA.bin flash:\n"
netdevice(config-applet)#$h all flash:cat3k_caa-universalk9.16.06.02.SPA.bin"
netdevice(config-applet)#action 4.0 else
netdevice(config-applet)#action 4.1 syslog msg "Firmware version is good"
netdevice(config-applet)#action 5.0 end
netdevice(config-applet)#exit
netdevice(config)#do event manager run firmware

*Feb 16 18:11:52.744: %HA_EM-6-LOG: firmware : DEBUG(cli_lib) : : CTL : cli_open called.
*Feb 16 18:11:52.745: %HA_EM-6-LOG: firmware : DEBUG(cli_lib) : : OUT : netdevice>
*Feb 16 18:11:52.745: %HA_EM-6-LOG: firmware : DEBUG(cli_lib) : : IN  : netdevice>enable
*Feb 16 18:11:52.851: %HA_EM-6-LOG: firmware : DEBUG(cli_lib) : : OUT : netdevice#
*Feb 16 18:11:52.851: %HA_EM-6-LOG: firmware : DEBUG(cli_lib) : : IN  : netdevice#show version | include (Version [0-9]+.[0-9]+.[0-9]+)
*Feb 16 18:11:53.244: %HA_EM-6-LOG: firmware : DEBUG(cli_lib) : : OUT : Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.07.04E RELEASE SOFTWARE (fc1)
*Feb 16 18:11:53.244: %HA_EM-6-LOG: firmware : DEBUG(cli_lib) : : OUT : netdevice#
*Feb 16 18:11:53.245: %HA_EM-6-LOG: firmware: Updating, please wait!
*Feb 16 18:11:53.245: %HA_EM-6-LOG: firmware : DEBUG(cli_lib) : : IN  : netdevice#copy ftp://192.168.0.128/cat3k_caa-universalk9.16.06.02.SPA.bin flash:\n
netdevice(config)#!
netdevice(config)#
*Feb 16 18:12:12.760: %HA_EM-6-LOG: firmware : DEBUG(cli_lib) : : CTL : cli_close called.
*Feb 16 18:12:14.040:
*Feb 16 18:12:14.040: tty is now going through its death sequence
netdevice(config)#

I also tried to put a \n at the end of the line but that didn't work either.

brselzer · ‎02-16-2018

I think I got it. We were getting stuck on the copy ftp prompt because it wants you to confirm the dest file name. Try this:

event manager applet firmware
event none maxrun 5000000 <---You need to increase this or the script will timeout in 20 seconds
action 1.0 cli command "enable"
action 2.0 cli command "show version | include (Version [0-9]+.[0-9]+.[0-9]+)"
action 2.1 regexp "Version [0-9]+.[0-9]+.[0-9]+" "$_cli_result" fwversion
action 3.0 if "Version 16.6.2" ne "$fwversion"
action 3.1 syslog msg "Updating!"
action 3.2 cli command "conf t"
action 3.3 cli command "file prompt quiet" . <---This command will keep the copy command from prompting you
action 3.4 cli command "end"
action 3.5 cli command "copy ftp://192.168.0.128/cat3k_caa-universalk9.16.06.02.SPA.bin flash:" <----Get rid of the \n at the end
action 3.6 cli command "conf t"
action 3.7 cli command "no boot system"
action 3.8 cli command "boot system switch all flash:cat3k_caa-universalk9.16.06.02.SPA.bin"
action 4.0 else
action 4.1 syslog msg "Firmware version is good"
action 5.0 end
exit
do event manager run firmware

-Bradley Selzer
CCIE# 60833

Comm4nd0 · ‎02-17-2018

Thanks i'll give this a go as soon as i'm back to work on Tuesday morning. Although i did try try the "file prompt quiet" line already but it didn't work. However, i didn't try increasing the timeout.

I think if all else fails i'll put the copy command outside(before) of the eem script so that it downloads either way. a bit annoying but at least it will still work.

Comm4nd0 · ‎02-20-2018

Looks like you've cracked it! thanks so much.

Although, it's interesting. after it runs the copy command it appears to simply go back to the terminal like it has failed like before. However, it does seem to be downloading in the background just it doesn't send anything to stdout so i can't see anything, but it does download! i'm just running it again now but with a reload command after the copy. will see how this goes.

thanks again for you help!