Deploying an OS image
A Deploy OS Image action loads an OS image binary or binaries to one or more devices. You can load an image from the following locations:
- A disk file on your local desktop
- The OS Image Library
- A device's previously active image
- A disk file on a remote file server
For the first three cases, the OS image is stored in the BMC Network Automation database, and the file is copied from the device agent to the device; this configuration is referred to as a local image. In the fourth case, the image is located only on the remote file server, and the file is copied from the file server to the device; this configuration is referred to as a remote image.
OS images included as files in the Deploy OS Image span actions must be <= 1GB.
This section contains the following topics:
Deploy OS Image tips and tricks
- It is critical to ensure the Admin > System Parameters > Timeout for Image File Transfers value is set to accommodate the transfer of your largest image size and slowest WAN connection between the device agent and the device, and between the remote file server and the device.
- Perform a Snapshot OS Image span action if the current device's OS binary is not currently stored in the local or remote OS Image Library (optional, but recommended). This action ensures that the image is available if a rollback is required, and will ensure optimum performance during the deploy action (because the system will skip taking a snapshot of the current binary when it detects that the image is already stored in the library). It also gives you the opportunity to troubleshoot failed snapshots separately (such as a too-short file transfer timeout) because the deploy action will ignore such failures.
- Determine the location from where the OS image will be loaded:
- OS Image Library: OS image must be added to the library in advance.
- Image file: File or files must already be downloaded onto your client workstation.
- Prior image installed at a specific date/time
- Remote file server: File or files must already be downloaded onto the remote file server.
Ensure that the image to be deployed and the existing image in the device are of the same type. BMC Network Automation cannot deploy an OS image if the image types are different. For example, in case of Cisco IOS device types, it cannot deploy a bin if the archive type is detected on the device and vice-versa.
- BMC Network Automation cannot deploy an image if existing image in a device is of archive type or if existing image in device in non-archive style i.e .bin file.
- When loading a vendor's OS image file, follow these steps:
- Verify from the vendor that the OS image is compatible with the device model. Some devices (such as Cisco IOS) do not verify that a file declared to be an image actually is one; ensure that you do not mix up your image files.
- Get the device memory requirements (for example, 32MB) for the image and verify that sufficient memory is available on the target devices. For Cisco IOS, IOS XR, and Nexus, the total, used and free memory is available in the Device View and Device Inventory report.
- Get the Message Digest (MD5) from the vendor for the image. BMC Network Automation verifies the MD5 when loading the image to the library and after loading the image to the device.
- If needed, get the activation key for the image (for example, Cisco ASA/PIXOS).
- Determine the device's target file system for loading the image. Based on the device file system size, decide whether you need to delete the current OS image. For Cisco IOS Switch/Routers, the total, used, and free flash is available in the Device View and Device Inventory report. If you select the option to never delete the current OS image, BMC Network Automation loads the OS image only when sufficient space is available.
- When loading to a Cisco Nexus device, you can specify one, two, or three image files, to allow you to load the system, kickstart, or policy agent images or all three. You can choose any combination of images depending on what the vendor has updated. Each file will be transferred to the device individually, so the Timeout for Image File Transfers system parameter needs to be long enough to account for the largest single file transfer (not for all three file transfers combined).
BMC Network Automation performs the following checks before loading an OS image:
- When the user selects an image from the OS Image Library, the system verifies the image compatibility with the device's model and device type.
- For devices that support discovery of memory sizing, the system compares the entered memory footprint against the amount of total memory in the device. If the image memory footprint exceeds the device's total memory, the image load is aborted.
- The system discovers the total and available size of the existing image file systems within the device. The user has the option to delete the current OS image to make room for the new image. If the size of the image file that the system is attempting to load is greater than the target file system's available space, the image load is not attempted.
- For a local image, if the device's current OS image is not in the OS Image Library, the system automatically takes a snapshot of the device's current OS Image and puts it into the library before deploying the new image. If for some reason the image deploy attempt fails or you want to rollback in the future, the prior image is available to recover.
BMC Network Automation performs the following checks after loading the OS image:
- When supported by the device, performs a MD5 checksum on the new image file loaded to the device's file system to ensure that the image has not been corrupted during the transfer.
- Updates the configuration file for the new boot sequence. For example:
For Cisco IOS:
no boot system oldImageFileSystem:oldImageFilename boot system newImageFileSystem:newImageFilename
For Cisco CatOS
If the old image was deleted:
clear boot system flash oldImageFileSystem:oldImageFilename set boot system flash newImageFileSystem:newImageFilename
If the old image was not deleted:
set boot system flash newImageFileSystem:newImageFilename prepend
- If the user specifies a reboot on the Deploy OS Image action, BMC Network Automation checks the OS update execution by restarting the device to the new OS and performing a configuration snapshot. The snapshot does a discovery, so it performs the following actions:
- Backs up the configuration (to force a snapshot because of a new OS)
- Updates the OS version and OS release data for the device
- Updates the OS image history for the device
Additional notes for Cisco 6500 Hybrid Mode (CatOS on the Supervisor Engine and Cisco IOS Software on the MSFC)
The OS Image Deploy and Snapshot operations rely on the following conditions:
- The Multilayer Switch Feature Card (MSFC) must be an independent node on the network that can be accessed like any other device, that is, log on, snapshots, and so forth.
- The MSFC can have its current system image on its local bootflash or on the Supervisor Engine Personal Computer Memory Card International Association (PCMCIA) card (sup-slot0:-).
- BMC Network Automation supports loading the MSFC boot system image only; BMC Network Automation does not support loading the boot loader image.
- When the MSFC stores its image on its own bootflash, it behaves like any other IOS device during OS Image Snapshot or Deploy.
- When the MSFC stores its image on the Supervisor Engine:
- The user name, password, and privileged password used to log on to the MSFC must be the same as that on the CatOS Supervisor Engine.
- The Supervisor Engine must be running in slot 1 so that the MSFC command
session slot 1 processor 1reaches it.
- The Supervisor Engine's CatOS must prompt for login user name, login password, and privileged password (that is, must not skip any prompts).
To run a Deploy OS Image action
- On the Add Job page, select Add Action > Span Actions > Deploy OS Image.
Enter information in the following fields:
(Optional) Assign an annotation to the configurations created by the action.
Select a realm, group, multiple devices, or a single device for the Deploy OS Image action. When the Network Span is Realm or Group, you can use Filter Devices to select which devices to include in the action.
When the action is triggered in an event-based policy, additional options include: Same as Triggering Realm, Same as Triggering Group, and Same as Triggering Device.
Specify where to find the image binary data:
- From OS Image Library: Load the specified image stored in the OS Image Library. BMC Network Automation displays compatible images only.
- From Image Active on Date: Load the OS image active on the device on the specified date.
- From File: Browse to select the OS binary image files to load from your local disk.
From Remote File Server: Load the OS image from files stored on the remote file server associated with each device. See details below.
Note: If a device is configured to use a remote file server and the device is using a device agent which is configured to use a proxy file server, and while performing Deploy OS Image and Snapshot OS Image actions you choose the From Remote File Server option, the remote file server is used to perform the actions.
If you selected to load from From File, enter information in the following fields; you may specify one, two, or three files:
Image File Type Choose the type of image this file contains; for most devices, System is the one and only type of image that is supported. Cisco Nexus also supports Kickstart and Policy Agent. By specifying the right image file type, the system can build the appropriate image installation command line. File Name Choose the local file containing the binary data.
Message Digest (MD5)
Enter the vendor-supplied MD5. The system verifies that the MD5 matches the data in the file, and verifies that it matches the image file's contents after it is transferred to the device.
Memory Footprint (KB)
Enter the vendor-required device memory in kilobytes to run the image binary (for example, for 16MB enter 16384, for 32 MB enter 32768). Before loading the image, the system verifies that the device has sufficient memory.
Enter the activation key supplied by the vendor if the device requires an activation key to enable the OS image.
If you selected to load From Remote File Server, enter information in the following fields; you may specify one, two, or three files:
Field Description Image File Type Choose the type of image that this file contains; for most devices, System is the one and only type of image that is supported. Cisco Nexus also supports Kickstart and Policy Agent. By specifying the correct image file type, the system can build the appropriate image installation command line. Remote File Name Enter the name of the file on the remote file server. This file must be stored where the file transfer server and the associated user can access it. Message Digest (MD5) Enter the vendor-supplied MD5. The system verifies that the MD5 matches the data in the file, and verifies that it matches the image file's contents after it is transferred to the device. File Size (bytes) Enter the size of the file in bytes, because the system has no access to the file data to calculate this value automatically. The system verifies that sufficient space is available on the device to store the file. Remote File Transfer Mode Specify how the file is to be transferred from the remote file server to the device. The remote file server must be running the correct file transfer service or daemon for the selected transfer mode. For FTP and SCP, the logon credentials are included in the remote file server definition.
Select any of the following options:
Restore Associated Startup Configuration
Restore the Startup configuration associated with the image.
Mark as Trusted
Mark the resulting Running and Startup configurations as trusted after loading the OS image.
Run In Parallel
For improved efficiency, BMC Network Automation can execute the Deploy OS Image action for multiple devices in the network span concurrently. By default, BMC Network Automation runs up to 20 span actions concurrently. Contact your system administrator if you want to change this default. Deploying different images in parallel consumes more memory; deploying images serially takes longer but conserves memory.
Use Auxiliary Interface When the selected network span is a device, this option selects the auxiliary interface for connecting to the device. When this option is not selected or when the span is not a device, the primary interface is used.
- In the Reboot Options field, specify a reboot option for the Deploy OS Image action:
- Commit Changes Prior to Reboot: Default. Execute a Commit action before the reboot to save the Running configuration to the Startup configuration.
- Do Not Reboot: Only load the new OS image file or files; do not reboot to activate the image.
- Ignore Uncommitted Changes and Reboot: Force the Startup configuration to overwrite the Running configuration. Running configuration changes are not saved.
- In the Delete Current OS Image field, specify what must be done with the current OS image binary installed on the device.
For all the options, BMC Network Automation first checks to see whether the image being loaded is larger than the entire target file system. If so, the load is terminated with an error. Also, current image deletion occurs only when you select to load the new image to the same file system (that is, choose Default as the target file system).
- Only When Free Space Required: BMC Network Automation checks to see whether there is sufficient space for the new image. If sufficient space is available, the current image is not deleted. Otherwise, BMC Network Automation checks to determine if deleting the current image results in sufficient space for the new image. If not, and if the device supports erase file system (for example, Cisco IOS), BMC Network Automation erases the file system and loads the new image; otherwise, the load is terminated with an error.
- Never: If the size of the image being loaded is more than the available file system space, the load is terminated with an error.
- Always: BMC Network Automation checks to determine whether deleting the current image results in sufficient space for the new image. If not, and if the device supports erase files system (for example, Cisco IOS), BMC Network Automation erases the file system and loads the new image; otherwise, the load is terminated with an error.
- If the current image has been deleted and there is an error loading the new image, the current image is reloaded along with the configuration file before the load attempt is abandoned on the device, so that the device is in its original state.
- If the current image has not been deleted, its reference is retained in the configuration file so that the device is booted with the current image, in case the new image is corrupted.
- In the Target Image Filesystem field, select where to store the new OS image on the device. Default means to store it on the same file system where the current image is stored.
- Click OK to add the action to the job.