Image Management

Image Management

Upgrading your devices to the latest software version manually might take a long time and prone to error, which requires a separate maintenance window. To ensure rapid and reliable software upgrades, image management automates the steps associated with upgrade planning, scheduling, downloading, and monitoring. Image management is supported only for Cisco Nexus switches.


Note

  • Before you upgrade, ensure that the POAP boot mode is disabled for Cisco Nexus 9000 Series switches and Cisco Nexus 3000 Series switches. To disable POAP, run the no boot poap enable command on the switch console. You can however, enable it after the upgrade.

  • In order to execute any ISSU operations, any new NDFC user must first set the necessary device credentials under the Credential Management page. You will not be able to execute ISSU operations without first setting the proper device credentials.

The Image Management window has the following tabs and you can perform the operations listed in the Actions column.

Tabs Actions

Overview

You can view dashlets for uploaded image and related information.
Images Upload
Image Policies

Create
Devices

Stage Image

Validate

Upgrade

Change the Mode

Modify Policy

Recalculate Compliance

Run Reports
History History

Ensure that your user role is network-admin or device-upg-admin and you didn’t freeze the Nexus Dashboard Fabric Controller to perform the following operations:

  • Upload or delete images.

  • Install, delete, or finish installation of an image.

  • Install or uninstall packages and patches.

  • Activate or deactivate packages and patches.

  • Add or delete image management policies (applicable only for network-admin user role).

  • View management policies.

You can view any of the image installations or device upgrade tasks if your user role is network-admin, network-stager, network-operator, or device-upg-admin. You can also view them if your Nexus Dashboard Fabric Controller is in freeze mode.

Here’s the process to upgrade the switch image:

  1. Discover the switches into Nexus Dashboard Fabric Controller.

  2. Upload images.

  3. Create image policies.

  4. Attach the image policies to the switches.

  5. Stage the images on switches.

  6. (Optional) Validate if the switches support non-disruptive upgrade.

  7. Upgrade the switches accordingly.

Overview

Image Management deploys Cisco software images to switches which allows network stability and feature consistency. The benefits of Image Management workflows include the following:

  • Comprehensive image management policies allow you to specify a version and patch level for a set of switches

  • Nexus Dashboard Fabric Controller (NDFC) validates compliance for the image policy associated with each switch

  • Image staging, validation, and in-service software upgrade (ISSU) operations are independent, allowing mass upgrades and downgrades


    Note

    Starting with Nexus Dashboard Fabric Controller release 12.1.3, NDFC provides the ability to perform staging and validation in a single step.

    • You can perform the following operations before the maintenance window:

      • Staging image files

        This copies the image files to the bootflash.

      • Validate Network Operating System (NOS) and EPLD compatibility where possible

        This checks if the image is complete, if the image is valid for the individual hardware, and if the upgrade can be non-disruptive.

      • Run pre-upgrade report

  • The ability to run reports pre/post-upgrade and compare the results

  • The ability to generate snapshots of the configuration pre/post-upgrade

  • The View Details column provides Live log status to monitor each operation

  • Allow users to make use of maintenance mode to minimize the impact of disruptive upgrades, especially for multi-reload upgrade situations

  • Upgrade groups allows bulk upgrades and downgrades. Upgrade groups have checks to avoid unnecessary downtime in redundant fabrics in the following cases:

    • All switches of a given role for a fabric will be in the same group

    • All route reflectors (RRs) in a fabric will be in the same group

    • All rendezvous points (RPs) in a fabric will be in the same group

    • Both Virtual Port Channel (vPC) peers will be in the same group

    • All In-Band Seed Devices will be in the same group

  • Give visibility into previous and current upgrade details as well as high level summarization

  • Visibility into current NOS, EPLD and patch consistency at a switch, fabric, and group level

Starting with Nexus Dashboard Fabric Controller release 12.1.2, the Overview tab has changed and displays the images, policies, fabric status, and switch upgrade group status.

The Image Management UI has the following functional areas:

  • Overview: This displays the images, policies, fabric status, and switch upgrade group status.

    • The Images card displays the number of images and the type of packages or patches.

    • The Policies card displays the number of polices, platforms and release versions.

    • The Fabric Status card displays the number of devices in the fabric and if the devices are in or out of sync and displaying in either red or green.

    • The Switch Upgrade Group Status card displays the number of groups and device status.

      • Green: Devices that are in sync.

      • Red: Devices that are out of sync.

      • Gray: Devices that are not available (N/A). An example is when a device does not have a policy set.

  • Images: This displays the images. You can upload or delete images.

  • Image Polices: This displays the image policies. You can create, delete, or edit image policies.

  • Devices: This displays the devices. You can stage image, upgrade, validate, change mode, attach group, detach group, attach policy, or detach policy.

  • History: This displays the history of all the operations performed on the switches.

Images

You can view the details of the images and the platform under this tab. You can upload or delete images to a device.

The following table describes the fields that appear on Operations > Image Management > Images.

Field

Description

Platform

Specifies the name of the platform. Images, RPMs, or SMUs are categorized as follows:

  • N9K/N3k

  • N6K

  • N7K

  • N77K

  • N5K

  • Other

  • Third Party

The images are the same for N9K and N3K platforms.

The platform is Other if the uploaded images are not mapped to any of the existing platforms.

The platform is N9K/N3K for RPMs.

Bits

Specifies the bits of the image

Image Name

Specifies the filename of the image, RPM, or SMU that you uploaded.

Image Type

Specifies the file type of the image, EPLD, RPM, or SMU.

Image Sub Type

Specifies the file type of the image, EPLD, RPM, or SMU.

The file type EPLDs are epld. The file types of images are nxos, system or kickstart. The file type for RPMs is feature and for SMUs the file type is patch.

NXOS Version

Specifies the NXOS image version for only Cisco switches.

Image Version

Specifies the image version for all devices, including the non-Cisco devices as well.

Size (Bytes)

Specifies the size of the image, RPM, or SMU files in bytes.

Checksum

Specifies the checksum of the image. The checksum checks if there’s any corruption in the file of the image, RPM, or SMU. You can validate the authenticity by verifying if the checksum value is same for the file you downloaded from the Cisco website and the file you upload in the Image Upload window.

The following table describes the action items, in the Actions menu drop‐down list, that appears on Operations > Image Management > Images.

Action Item

Description

Refresh

Refreshes the Images table.

Upload

Click to upload a new image. For instructions, see Uploading an Image.

Delete

Allows you to delete the image from the repository.

Choose an image, click Actions, and choose Delete. A confirmation window appears. Click Yes to delete the image.

Note

 

Before deleting an image, ensure that the policy attached to the image, is not attached to any switches.

Note

 

If you delete an image on a switch in switch console, allow maximum of 24 hours to refresh and view update on NDFC. Else, on NDFC UI, navigate LAN > Fabrics > Switches, choose switch for which image is deleted and click Actions > Discover > Rediscover to view updates.

Uploading an Image

You can upload 32-bit and 64-bit images. To upload different types of images to the server from the Cisco Nexus Dashboard Fabric Controller Web UI, perform the following steps:


Note

Devices use these images during POAP or image upgrade. All the images, RPMs, and SMUs are used in the Image Policies window.

Your user role should be network-admin, or device-upg-admin to upload an image. You can’t perform this operation with the network-stager user role.

Procedure

Step 1

Choose Operations > Image Management > Images.

Step 2

Click Actions and choose Upload.

The Upload Image dialog box appears.

Step 3

Click Choose file to choose a file from the local repository of your device.

Step 4

Choose the file and click OK.

You can upload a ZIP or TAR file as well. Cisco Nexus Dashboard Fabric Controller processes and validate the image file and categorize it under the existing platforms accordingly. If it doesn’t fall under N9K/N3K, N6K, N7K, N77K, or N5K platforms, the image file is categorized under Third Party or Other platform. The Third Party platform is applicable only for RPMs.

Step 5

Click OK.

The EPLD images, RPMs, and SMUs are uploaded to the repository in the following path: /var/lib/dcnm/upload/<platform_name>.

Note

 

If only EPLD files are uploaded, you cannot create policy as Release drop-down list is empty for EPLD images.

All NX-OS, kickstart and system images are uploaded to the repository in the following paths: /var/lib/dcnm/images and/var/lib/dcnm/upload/<platform_name>

The upload takes some time depending on the file size and network bandwidth.

Note

 

You can upload images for all Cisco Nexus Series Switches.

You can upload EPLD images only for Cisco Nexus 9000 Series Switches.

If your network speed is slow, increase the wait time of Cisco Nexus Dashboard Fabric Controller to 1 hour so that the image upload is complete. To increase the wait time from Cisco Nexus Dashboard Fabric Controller Web UI, perform the following steps:

  1. Choose Settings > Server Settings.

  2. Search for the csrf.refresh.time property, and set the value as 60.

    The value is in minutes.

  3. Click Apply Changes.

  4. Restart the Nexus Dashboard Fabric Controller server.

Image Policies

The image management policies will have the information of intent of NX-OS images along with RPMs or SMUs. The policies can belong to a specific platform. Based on the policy applied on a switch, Cisco Nexus Dashboard Fabric Controller checks if the required NXOS and RPMs or SMUs are present on the switch. If there is any mismatch between the policy and images on the switch, a fabric warning is generated.

The following table describes the action items, in the Actions menu drop-down list, that appear on Operations > Image Management > Image Policies.

Action Item

Description

Create

Allows you to create a policy that can be applied to images. See Creating an Image Policy section.

Delete

Allows you to delete the policy.

Choose a policy, click Actions, and choose Delete. A confirmation window appears. Click Confirm to delete the policy.

Note

 

An error message appears if you try to delete a policy that is attached to a device.

Edit

Allows you to edit the policy.

Creating an Image Policy

To create an image policy from the Cisco Nexus Dashboard Fabric Controller Web UI, perform the following steps:

Before you begin

Upload the images under the Images tab before creating an image policy. See the Uploading an Image for more information about uploading images.

Procedure

Step 1

Choose Operations > Image Management > Image Policies.

Step 2

Click Actions > Create.

The Create Image Management Policy dialog box appears.

Step 3

Enter information for the required fields.

The following fields appear in the Create Image Management Policy dialog box.

Fields Actions
Policy Name Enter the policy name.
Platform Choose a platform from the Platform drop-down list. The options will be populated based on the images you upload in the Images window. The options for the Release drop-down list will be autopopulated based on the platform you choose.
Release

Choose the NX-OS version from the Release drop-down list.

The release versions of 64-bit images are appended with 64bit in the image name.

Note

 

If only EPLD files are uploaded, you cannot create policy as Release drop-down list is empty for EPLD images.
Image Name Displays the image name for the policy. If the policy is not associated with image, None is displayed in the column.
Package Name (Optional) Choose the packages. before choose Packages, View All Packages check box to display all uploaded packages for a given platform (its version agnostic).
Policy Description (Optional) Enter a policy description.
EPLD (Optional) Check the EPLD check box if the policy is for an EPLD image.
Select EPLD (Optional) Choose the EPLD image.
RPM Disable (Optional) Check this check box to uninstall the packages.
RPMs To Be Uninstalled (Optional) Enter the packages to be uninstalled separated by commas. You can enter the package names only if you check the RPM Disable checkbox.

Step 4

Click Save.

What to do next

  • Attach the policy to a device. See Modifying a Policy section for more information.

  • To edit an image policy after you've created it, click Actions > Edit.

  • To delete an image policy, click Actions > Delete.

Devices

The Devices window displays all the switches that you discover in the Cisco Nexus Dashboard Fabric Controller. You can view information like the current version of the switch, policy attached to it, status, and other image-related information. You can filter and sort the entries.

You can click on Policy column to view associated policy information for the switch. Similarly, click on View details column for required switch to view details. The view details columns can have either Validate, or Upgrade, or None.

You can perform the following actions in the Devices window:

Staging an Image

After attaching an image policy to a switch, stage the image. When you stage an image, the files are copied into the bootflash.

To stage an image from the Cisco Nexus Dashboard Fabric Controller Web UI, perform the following steps:

Before you begin

  • Attach a policy to the selected devices before staging an image on the device.

  • The minimum supported NX-OS image version in Fabric Controller is 7.0(3)I7(9).

    To stage an image on Cisco Nexus 9000 or Nexus 3000 switches running NX-OS version earlier than the version mentioned above, you must set Use KSTACK to SCP on N9K, N3K value to False. On the Web UI, choose Settings > Server Settings > SSH tab. Uncheck the Use KSTACK to SCP on N9K, N3K check box. If you're staging supported image versions, check this check box.

Procedure

Step 1

Choose Operations > Image Management > Devices.

Step 2

Choose a switch by checking the check box.

Note

 

You can choose more than one switch to stage an image.

Step 3

Click Actions and choose Stage Image.

The Select Images to Install window appears.

In this window, you can view how much space is available on the switch and how much space is required.

Step 4

(Optional) Click the hyperlink under the Files For Staging column to view the files that are getting copied to the bootflash.

Step 5

Click Stage.

You will be diverted to the Devices tab under the Image Management window.

Step 6

(Optional) You can view the status under the Image Staged column.

Step 7

(Optional) Click the hyperlink under the Reason column to view the log.

Validating an Image

Before you upgrade the switches, you can validate if they support non-disruptive upgrade. To validate an image from the Cisco Nexus Dashboard Fabric Controller Web UI, perform the following steps:

Procedure

Step 1

Choose Operations > Image Management > Devices.

Step 2

Choose a switch by checking the check box.

Note

 

You can choose more than one switch to stage an image.

Step 3

Click Actions and choose Validate.

The Validate dialog box appears.

Step 4

Check the Confirm non disruptive upgrade check box.

Step 5

Click Validate.

You’ll return to the Overview tab under the Image Management window.

Step 6

(Optional) You can view the status under the Validated column.

Step 7

(Optional) Click the hyperlink under the Reason column to view the log.

Upgrading an Image

You can upgrade or uninstall a switch. Upgrade Groups option allows you to trigger image upgrade on multiple switches at an instant. This option can be selected for upgrade/downgrade options.


Note

It is recommended to perform upgrade for maximum of twelve switches at once. If you choose more than twelve switches, the upgrade happens sequentially.

Upgrade Options for NX-OS Switches

  • Disruptive: Choose this option for disruptive upgrades.

  • Allow Non-disruptive: Choose this option to allow non-disruptive upgrades. When you choose Allow Non Disruptive option and if the switch does not support non-disruptive upgrade, then it will go through a disruptive upgrade. When you choose Force Non Disruptive and if the switches you choose do not support non-disruptive upgrade, a warning message appears asking you to review the switch selection. Use the check boxes to choose or remove switches.

  • When you select multiple switches with different roles to upgrade, a warning message appears to review the switch selection, click Confirm to upgrade or click Cancel.

    Ensure that the below limitation is applicable while adding devices in a same group, else a warning message is displayed to review the switch selection:

    • For all Peers, Spines, Borders, Border Gateways, RPs, or RRs in a fabric, if more than one switch is with same role in a fabric.

  • Each FPGA has two memory regions to store its firmware – the Primary region, and the Golden region. In a rare event when one of the regions is corrupted, the FPGA continues to boot firmware from the other operational region. In such a scenario, NDFC shows as 'out of sync'. This is after the EPLD upgrade. Therefore, we need to upgrade the EPLD again with Golden option).


Note

The upgrade groups are automatically deleted, if the attached devices are detached from the created or upgrade or modify group.

To upgrade a switch image from the Cisco Nexus Dashboard Fabric Controller Web UI, perform the following steps:

Procedure

Step 1

Choose Operations > Image Management > Devices.

Step 2

Choose a switch by checking the check box.

Step 3

Click Actions and choose Upgrade.

The Upgrade/Uninstall window appears.

Step 4

Choose the type of upgrade by checking the check box.

The valid options are NXOS, EPLD, and Packages (RPM/SMU).

Step 5

Choose NXOS, EPLD, or Packages:

  1. Choose an upgrade option from the drop-down list based on how you want to upgrade.

  2. (Optional) Check the BIOS Force check box.

    You can view thee validation status of all the devices.

  3. Check the Golden check box to perform a golden upgrade.

  4. Enter the module number in the Module Number field.

    You can view the module status below this field.

    Note

     

    • If you choose Packages, you can view the package details too.

    • You can uninstall the packages by selecting the Uninstall radio button.

Step 6

Click Upgrade.

Note

 

Upgrade status takes 30 - 40 minutes to update, if multiple switches are upgraded.

For EPLD image, NDFC shows as 'out-of-sync', indicating that one of the regions is corrupted or not modified. You must perform the upgrade procedure again using the Golden option to resolve this issue.

Change the Mode

You can change the mode of the device. To change the mode of a device from the Cisco Nexus Dashboard Fabric Controller Web UI, perform the following steps:

Procedure

Step 1

Choose Operations > Image Management > Devices.

Step 2

Choose the switch for which you want to change the mode by checking the check box.

Note

 

You can choose more than one switch.

Step 3

Click Actions > Change Mode.

The Change Mode dialog box appears.

Step 4

Choose a mode from the drop-down list.

Valid options are Normal and Maintenance.

Step 5

Click Save and Deploy Now or Save and Deploy Later

You will return to the Overview tab under the Image Management window.

Modifying the Groups

From Cisco NDFC Release 12.1.1e, you can attach or detach in modify group designation per switch on the Overview page.

Modify Group allows you to select a set of arbitrary switches to perform image management operations at same instance. NDFC admin role can configure upgrade groups. The admin role can add required switches to an upgrade group. These upgrade groups can be used to perform image management.

You can either attach or detach in modify groups. You can attach all switches to a group or only required switches to the group.

If you choose multiple switches with different roles such as Spines, Borders, Border Gateways, RPs, or RRs to attach to a group, a warning message appears to review the switch selection, click Confirm to attach to the group, or click Cancel.

We recommend that you create upgrade groups based on the switch roles. For example, if a fabric has multiple switches with different roles, such as Leaf, Spine, Border, and more, creating groups based on different roles is recommended. This clearly separates roles and responsibilities during switch image management operations. Switches with different roles perform critical functionality and respond differently based on the control plane, data plane, and system-level convergence. For example, a user with the admin role can create multiple groups as follows:

  • Group-Leaf-Even for Leaf switches that have even numbers or VPC role of primary

  • Group-Leaf-Odd for Leaf switches that have odd numbers or VPC role of secondary

Typically, Spine and Border devices are limited to fabric, while the role of the Leaf is the most common one. Therefore, users with the admin role can upgrade individual Spines followed by Individual Borders, or create different groups for Spines and Borders. Users with the admin role can still leverage groups to divide the Leaf role switches and perform bulk actions.

To attach or detach a device from the group, perform the following steps:

Procedure

Step 1

Choose Operations > Image Management > Devices.

Step 2

Choose the device name for which you want to upgrade the group by checking the check box.

Note

 

You can choose more than one device name to add in a same group.

Step 3

Click Actions > Modify Groups.

The Modify Groups dialog box appears.

Step 4

To attach a group for the selected device name:

  1. Choose Attach Group radio button, from Group drop-down list choose Create Group.

    The New Group Name text field is displayed.

  2. Enter a required name in the text field and click Save.

    You can attach all switches or required switches to a group, a warning message appears asking you to review the switch selection. click Confirm to attach, or click Cancel.

    Warning message appears when the devices are added to group for below instances:

    • If all devices for a given role for a fabric in the same group

    • If all RRs in a fabric in the same group

    • If all RPs in a fabric in the same group

    • If both vPC Peers in the same group

    • All In-band Seed devices in the same group

    You can view the attached group name in the Upgrade Group column in the Overview tab.

Step 5

To detach the device name from the group:

  1. Choose the required device name, click Actions > Modify Groups.

    The Modify Groups dialog box appears.

  1. Choose Detach Group radio button, click Detach.

    A confirmation window appears.

  2. Click OK.

Modifying a Policy

You can update the image policy that you have attached to a switch. You can change an image policy for multiple switches at the same time.

To attach or change an image policy attached to a switch from the Cisco Nexus Dashboard Fabric Controller Web UI, perform the following steps:

Procedure

Step 1

Choose Operations > Image Management > Devices.

Step 2

Choose a switch by checking the check box.

Step 3

Click Actions and choose Modify Policy.

The dialog box appears.

Step 4

You can either attach or detach a policy, choose required check box.

Step 5

Choose a policy from the Policy drop-down list.

Step 6

Click required Attach or Detach.

Step 7

(Optional) Click the hyperlink under the Reason column to view the changes.

Step 8

(Optional) Click the hyperlink under thee Status column to view the current and expected image versions.

If the switch is in Out-Of-Sync status, view the expected image versions and upgrade the switch accordingly.

Recalculating Compliance

To recalculate the configuration compliance of a switch from the Cisco Nexus Dashboard Fabric Controller Web UI, perform the following steps:

Procedure

Step 1

Choose Operations > Image Management > Devices.

Step 2

Choose a switch by checking the check box.

Step 3

Click Actions and choose Recalculate Compliance.

Step 4

Click the hyperlink under the Reason column to view the changes.

Run Reports

  1. Choose Operations > Image Management > Devices.

  2. Click the box next to the device that you want to run the report on to select that device.

  3. Attach a policy to that device.

    1. Click Actions > Modify Policy, then select Attach Policy.

    2. In the Policy field, select the policy that you want to attach.

    3. Click Attach.

  4. Click Actions > Run Report.

    Select the checkbox next to the report that has to be generated again. From the Actions drop-down list, select Report to run a report job again. A pop-up window is displayed indicating that the report job has been run again.

You can use the Re-run Report to generate a report before the scheduled execution time. In case of an Ondemand job, click Re-run Report to generate the report.

History

You can view the history of all the Image Management operations from Operations > Image Management > History tab.

The following table describes the fields that appear on this screen.

Field

Description

ID

Specifies the ID number.

Device Name

Specifies the device name.

Version

Specifies the version of the image on the device.

Policy Name

Specifies the policy name attached to the image.

Status

Displays if the operation was a success or failure.

Reason

Specifies the reason for the operation to fail.

Operation Type

Specifies the type of operation performed.

Fabric Name

Specifies the name of the Fabric.

Created By

Specifies the user name who performed the operation.

Timestamp

Specifies the time when the operation was performed.