Patch Upgrade Process for Avi Vantage release 18.2.6 and later versions

Overview

Avi Vantage supports patch upgrades by which hotfixes are placed into effect. Avi Vantage patches are designed not to interrupt active services. In cases where an interruption is expected, the patch package will be released with related documents and details. To ensure configuration integrity, changes to the configuration are locked out during a patch upgrade.

Note: This article is only applicable to Avi Vantage release 18.2.6 and later versions.

Patch Process

  • Download a patch package from the Avi Customer Portal.
  • For every patch release there can be as many as 3 packages from now onwards. Earlier we had 4 of them, the ui_patch has been deprecated and clubbed inside controller_patch . The first two in the list below provide the administrator an option to patch some, but not all aspects of the Avi Vantage Platform. In applying the Service Engine patch one has the flexibility to upgrade just some SE groups. The avi-patch applies to all the other patches.
    • controller_patch
    • se_patch
    • Avi_patch (system patch)

Use the patch shell command to apply a desired patch. Details are discussed under the Patch Upgrade Options section.

Preparing for the Patch

Finding the Version

One or more patch packages may be applicable to a specific Avi Vantage version. Therefore, it is essential to know the version that the Avi Vantage is currently on. Check the Avi Controller or SE version(s) using the following commands:

  • show version controller
  • show version serviceengine

Prerequisites and Restrictions

  • Based on the Avi Controller and SE versions, choose the required patch package.
  • All patches from a maintenance release are incorporated into successive maintenance releases. For instance, all patches associated with 18.2.6 are incorporated into 18.2.7.
  • Once a Avi Controller is upgraded to a new maintenance release, i.e., from 18.2.6 to 18.2.6, all underlying SE groups must be upgraded to 18.2.6.
  • A patch family is the one in which the leading digit is the same, for instance, 1p1, 1p2, and 1p3 are patches in the 1px family.
  • Fixes accumulate within a patch family. For instance, the 1p2 patch contains new fixes unique to it, plus all the fixes from 1p1. The 1p3 patch includes fixes from both the 1p1 and 1p2 patches. Additionally, the 2p1 patch is the first in a new patch family and does not contain 1px fixes.

  • A given fix may appear in more than one patch family.

  • The following options are allowed when selecting a patch version.
    • Choose any patch applicable to a particular maintenance release as the first patch to be applied to that base version.
      For example, in a patch family comprised of 1p1, 1p2 and 1p3, any one of the three can be the first applied.
    • Apply any subsequent patch, as long as it is within the same patch family. For instance, you can apply 1p5 to 1p1.
  • The following options are not advisable while choosing a patch version.
    • Applying a patch from a patch family other than the one already chosen.
      For instance, you cannot apply patch 2p1 once any 1px patch has been applied.
    • Apply a patch that would imply an upgrade to some different Avi Vantage maintenance release.
      For example, it is not possible to patch-upgrade from 17.2.3 to 17.2.4-1p3.
  • .pkg is same for both container and non-container.
  • For Controllers on BareMetal/LSC or legacy GCP, upgrade package is available in docker.tgz.

Uploading the Patch Package

Use WinSCP or any similar tool to upload the patch package to the Controller.

The following are the ways to upload patch image to the Avi Controller.

  • Copy and downloaded patch image to Avi Controller /tmp directory and then upload it on Avi Controller using image API.

  • Use the curl command to upload the respective patch packages.

Note: The leader Controller ensures that the follower Controllers are on the same version. The Controller machine on the base version of Avi Vantage might be previously patched. Upload patch package by using image the API /api/image/.

Images should be uploaded before starting the upgrade process.

  1. Use the upload image filename <file path> command to start uploading the image.

    
 [admin:controller]: > upload image filename /tmp/se_patch.pkg
 Starting image upload...
   +-------------------+------------------------------------------------------+
   | Field         	| Value                                            	|
   +-------------------+------------------------------------------------------+
   | status        	| SYSERR_SUCCESS                                   	|
   | se_info       	|                                                  	|
   |   path        	| image://20.1.1-5000-2p2-20200217.063645/se_patch.pkg |
   |   hash        	| e337b2024fe8b1647128af9da3c66c83                 	|
   |   build       	|                                                  	|
   | 	min_version   | 15.2                                             	|
   | 	tag       	| 20.1.1-5000-20200217.063645                      	|
   | 	build_no  	| 5000                                             	|
   | 	patch_version | 2p2                                              	|
   | 	version   	| 20.1.1                                           	|
   | 	date      	| 2020-02-17 06:36:45 UTC                          	|
   |   patch       	|                                                  	|
   | 	patch_type	| se                                               	|
   | 	reboot    	| False                                            	|
   | uuid          	| image-b26182c2-92d9-4523-9c5e-676371664038       	|
   | type          	| IMAGE_TYPE_PATCH                                 	|
   | tenant_uuid   	| admin                                            	|
   | name          	| 20.1.1-5000-2p2-20200217.063645                  	|
   +-------------------+------------------------------------------------------+
   Time Taken: 2.15626502037

    Note: Image upload is supported only on the Cluster Leader.

  2. Use the show image command to view the image. 
    
        [admin:10-50-54-123]: > show  image
        +-----------------------------+--------------------------------------------+-------------------+---------------------+
        | Name                        | UUID                                       | Type              | State               |
        +-----------------------------+--------------------------------------------+-------------------+---------------------+
        | 20.1.7-9154-20210916.210140 | image-e4ffa292-be4e-45e0-b6f4-c4a5ee66fc66 | IMAGE_TYPE_SYSTEM | IMAGE_FSM_COMPLETED |
        | 21.1.3-9003-20211202.115243 | image-f2325e62-cae2-47af-bfb0-7fd9ab00d5b4 | IMAGE_TYPE_SYSTEM | IMAGE_FSM_COMPLETED |
        | 21.1.3-9007-20211204.000303 | image-d7764ab0-8ac3-4e58-8484-6ae5c77142f6 | IMAGE_TYPE_SYSTEM | IMAGE_FSM_COMPLETED |
        +-----------------------------+--------------------------------------------+-------------------+---------------------+

  3. Login to the Avi shell using Avi credentials. Use the show upgrade status and show upgrade status detail commands to check the upgrade status.

    
      
   [admin:controller]: > show upgrade status
     +---------------+---------------+-----------------------+-----------+-----------------------------+-------+
   | Name      	| Cloud     	| State             	| Operation | Image                   	| Patch |
     +---------------+---------------+-----------------------+-----------+-----------------------------+-------+
   | cluster-0-1   | -         	| UPGRADE_FSM_COMPLETED | UPGRADE   | 18.2.8-9000-20200212.075158 | - 	|
   | Default-Group | Default-Cloud | UPGRADE_FSM_COMPLETED | UPGRADE   | 18.2.8-9000-20200212.075158 | - 	|
   | se1 | Default-Cloud | UPGRADE_FSM_COMPLETED | UPGRADE   | 18.2.8-9000-20200212.075158 | - 	|
    +---------------+---------------+-----------------------+-----------+-----------------------------+-------+
  4. Show upgrade status detail

Patch Upgrade Options

Version Upgrade and Patch

Avi Controller can be upgraded to a more recent version along with the required patch by using a single command as follows:

  1. Use the upgrade controller image_ref <image> controller_patch_ref <patch> as shown below to upgrade the Avi Controller along with a patch.

    
[admin:controller]: > upgrade controller image_ref 18.2.7-5000-20200213.181331 controller_patch_ref 18.2.7-5000-2p1-20200213.182111

  2. Use the upgrade segroup image_ref <image> se_patch_ref <patch> command to upgrade a SE group with a patch.

    
[admin:controller]: > upgrade segroup image_ref 18.2.7-5000-20200213.181331 se_group_refs Default-Group se_patch_ref 18.2.7-5000-2p1-20200213.182905

  3. Use the upgrade system image_ref <image> controller_patch_ref <patch> se_patch_ref <se_path> command to upgrade the Avi System (Controller and SE groups) to the desired patch.

    
[admin:controller]: > upgrade system image_ref 18.2.7-5000-20200213.181331 controller_patch_ref 18.2.7-5000-2p3-20200213.183402 se_patch_ref 18.2.7-5000-2p3-20200213.183402

This ensures that the Avi Controller is upgraded and the desired patch is applied, at the same instance.

Notes:

  • The patch should be of the same version as that of the Controller upgrade.
  • se_group_options and se_group_resume options are not available in Avi CLI on version 18.2.7. Both options are available starting with Avi Vantage release 18.2.8.

Additional Options for Patch Upgrade

Apart from this, the following are the three options for the patch command:

  • Disruptive patch
  • Controller patch
  • SE Group patch
  • System patch

Disruptive Patch

The disruptive patch option is set to False by default. The se_group_refs attribute governs the scope of the upgrade. If the non-disruptive rolling upgrade of Service Engines are not required, this flag can be set to True to go through the upgrade process quickly. This flag can be set to true, when the require

The below command initiates an upgrade with the disruptive flag set to True.

For Avi Vantage release 18.2.7


[admin:controller]: > patch segroup                                                                                                       
se_group_refs 	SE Groups subjected to patch operations.                                                                                                 
se_patch_ref  	Image name for identifying SE patch image.                                                                                               
skip_warnings 	This is a flag when set as true skips few optional must    checks.

For Avi Vantage release 18.2.8


[admin:controller]: > patch segroup 
action_on_error   The error recovery action configured for a SE Group.                                                                                           
disruptive        Disable non-disruptive mechanism.                                                                                                              
se_group_refs     SE Groups subjected to patch operations.                                                                                                       
se_patch_ref      Image name for identifying SE patch image.                                                                                                     
skip_warnings     This is flag when set as true skips few optional must checks.

Starting with Avi Vantage release 18.2.8, the action_on_error option is supported for SE group upgrade.

Controller Patch


[admin:10-50-54-122]: > patch  controller controller_patch_ref 18.2.12-9110-2p1-20210220.231845

SE Group Patch

If the se_group_refs option is not enabled, all SE groups are upgraded. When enabled, it identifies a specific SE group for patching. If more than one SE group require patching, each will require a separate patch command.


[admin:controller]: > patch segroup se_group_refs Default-Group se_patch_ref 18.2.8-9000-1p2-20200219.121101


[admin:controller]: > patch segroup se_group_refs Default-Group se_group_refs Default-Group abc-group se_patch_ref 18.2.8-9000-1p2-20200219.121101

Note: If the se_group_refs option is not enabled, all SE groups are upgraded.

System Patch

Use the following command to patch the Avi Controller along with system patch.


[admin:controller]: > patch system controller_patch_ref 18.2.8-9000-1p3-20200219.121643 se_patch_ref 18.2.8-9000-1p3-20200219.121643


action_on_error   The error recovery action configured for a SE Group.                                                                                      
disruptive    	Disable non-disruptive mechanism.                                                                                                        
skip_warnings 	This is flag when set as true skips few optional must checks.

Notes:

  • SEs check for the version present on the Controller. In the event of a mismatch, the SE is rebooted and upgraded with the new patch available on the Controller.
  • If a patch 18.2.6-5p1 is applied to the SE group, then all the entities in the system (SEs and Controller) — can only be upgraded to 5p1 or some member of the 5px patch series. For example, a different patch series 6p1 can be applied to the Avi Controller and 5p1 to the SE group.