Hi,
Another solution is to setup an OpenManage Essential server (or "OME", available for free on Dell website), let is scan your network and find all you iDRAC (no need to go further, like OS-level or with OMSA agents). It will then display you all the available updates for your machines, and you will be able to schedule them (or apply them immediately), through the iDRAC (and the LC). That is clearly, IMHO, the easiest way to go with dozens/hundreds of servers. But, these are some limitations I have with this solution : - OME is heavy, requiring a SQL server (embedded) and eating a lot of CPU/RAM when you have hundreds of machines ; - OME offers many features, such as managing iDRAC/BIOS/etc configurations, licenses, hardwares issues and so on, but it is not easy to handle, and to be honest I only use it to update my firmwares ; - 80% of my servers are pretty well detected, but for some of them the inventory task fail, and they are not listed (so I can't update them with OME, I still need to go with a Dell ISO or whatever) ; - As Rene Shuster said, BIOS and LC updates are (almost) the first to run. Personally, I first update all the iDRACs, as OME will go through it to push updates to the LC. So : iDRAC, then BIOS+LC, then everything else ; - I still have many iDRAC6, and the iDRAC update is strangely not "reboot-less" (if you upgrade through its webUI, no need to reboot the server, only the iDRAC). With OME, the update is loaded (into the LC ?), and waiting for server reboot to be applied... I was previously using the ISO solution, but having to connect to every single iDRAC, reboot and then go to PXE boot is time-consuming. And, most of the time, you have to reboot twice with the ISO, as some updates fail the first time because of some dependences (the Dell support teams are very insistent on this point). As we have various Linux/*BSD systems, we can't rely on DSU or such tools (Dell still doesn't support Debian 9...), and that is why I focus on out-of-band solutions. My 2cts. Logo <http://www.smile.fr/> 107 Boulevard de Stalingrad 69100 Lyon Villeurbanne www.smile.fr <http://www.smile.fr/> *Florian HALLER-CASAGRANDE* Ingénieur Infrastructures Email : [email protected] <mailto:[email protected]> Tel : +33 4 26 29 12 25 Facebook <https://www.facebook.com/smileopensource> Google%2B <https://plus.google.com/u/0/+SmileFrOpenSource/posts> LinkedIn <https://www.linkedin.com/in/florianhc> Twitter <https://twitter.com/GroupeSmile> ecoPour la planète, n'imprimez ce mail que si c'est nécessaire. On 04/18/2018 09:27 PM, R S wrote: > I recommend to apply BIOS update and LC update separately from all > other updates and do them first with whatever route you choose. They > go together is what DELL documentation says. BIOS first, then LC, then > reboot and hope for the best. > > Here are the pitfalls I encountered: > * updating the LC controller will result that all other updates > chained behind the LC update cannot be applied when using for example > an ISO that has been created with DELL Repo Manager. > * You might loose KVM capability when updating LC > * There is a high chance that a LC update will render your iDRAC/LC > into a brick > * replacing a bricked iDRAC used to be swapping out the iDRAC card > (available used for $60), starting with iDRAC7 DELL decided to solder > it on the mainboard. > * Check the warranty of all 3000 servers first as you will be opening > tickets with DELL to get your mainboard replaced due to bricked > iDRAC/LC if they are still under warranty. > * a lot of PSU updates are not listed in the catalog and you will need > to apply them in a different way. I do them last as they need up to 30 > minutes to apply to both PSU. Don't make the mistake and get impatient > and power the server on during the firmware update. The FW update will > fail and you will need to start over > * NIC updates sometimes fail to apply. Sometimes they need stepped > updates, for example to fix the underlying issue of not beeing able to > update to a more recent FW > * a lot of HDD/SSD updates are not listed in the catalog either and > need to be installed in a different way. > * iDSDM update is not listed in catalog. > > All of the above depends on a lot of factors. You could have two > servers with the same FW level and one fails and the other applies all > FW fine. Even heavily outdated servers might apply the latest FW > updates just fine, but then again a server just one month behind might > fail updating to the latest. > > > On Wed, Apr 18, 2018 at 2:10 PM, Prashant Sun > <[email protected] <mailto:[email protected]>> wrote: > > Greetings! > > I am taking up a project to consolidate the bios/LC/idrac/hw > firmware updates for powerEdge 12G+ servers and would appreciate > if you can answer few questions noted below. > > > Environment: 3000+ Linux servers(RHEL6, 7) all running in multiple > sites. Primarily PE R600 & 700 series with idrac enterprise 7,8,9. > > Update Plan: Create a local mirror of the upstream repo and use it > in some fashion. > > I narrowed down my update strategy to following options. > > A. Install using yum repo (os-independent & os-dependent) > > B. Install using DSU by passing catalog.xml(update > definitions) & location of .BIN files(using config.xml) > > C. Create an iso using DSU by passing Catalog.xml & > config.xml(pointing to local .BIN repo). Then PXE boot to this iso > to patch. > > D. Setup iDrac scheduled updates using local copy of repo > and use multiple Catalog.xml to roll-out in phased manner. > > __Questions__: > > Q1. I like option:D as it is OS agnostic and uses iDRAC/LC to > apply patches in a scheduled way. Has anyone encountered issues > where certain category of updates fail for some reason? Will > probably make windows server team happy too with this. :) > > Q2. I can also deal with option:C which involves creating iso and > pxe booting servers into it. This has historically worked well for > me using Dell Repo Mnager but the nv is too large and I'd like to > avoid manual work having to do this. So curious to know if folks > here prefer this over option:C. > > Q3. In order to go with option C or D ), is there a .BIN repo that > I can mirror locally? Sorry I may not have google'd hard enough. > If you have the link handy, please share. Thx. I found the > Catalog.xml file from 'https://downloads.dell.com/catalog/ > <https://downloads.dell.com/catalog/>' but don't see fw files there. > > Q4. I have never used RPM based updates(option A), but curious to > know your experiences? Are all updates available via DRM typically > also packaged into rpms or only a subset? > > Q5. Option B sounds like a custom tailored updates for each server > but I have heard from fellow admins that it is a hit or miss. Do > you agree with this? Do you recommend even looking at this? > > Any other ideas to fully automate bios/lc/idrac/hw firmware > updates is welcome. > > > Cheers > P > > > > > _______________________________________________ > Linux-PowerEdge mailing list > [email protected] <mailto:[email protected]> > https://lists.us.dell.com/mailman/listinfo/linux-poweredge > <https://lists.us.dell.com/mailman/listinfo/linux-poweredge> > > > > > -- > Tech III * AppControl * Endpoint Protection * Server Maintenance > Buncombe County Schools Technology Department Network Group > ComicSans Awareness Campaign <http://comicsanscriminal.com> > > > _______________________________________________ > Linux-PowerEdge mailing list > [email protected] > https://lists.us.dell.com/mailman/listinfo/linux-poweredge
_______________________________________________ Linux-PowerEdge mailing list [email protected] https://lists.us.dell.com/mailman/listinfo/linux-poweredge
