Login
- Table of Contents
-
- 01-Fundamentals Configuration Guide
- 00-Preface
- 01-CLI configuration
- 02-FTP and TFTP configuration
- 03-RBAC configuration
- 04-File system management configuration
- 05-Login management configuration
- 06-Device management configuration
- 07-Software upgrade configuration
- 08-Configuration file management configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-Software upgrade configuration | 184.90 KB |
Contents
Digitally signed software images
Restrictions and guidelines: Software upgrade
Upgrading device software by using the boot loader method
Software upgrade tasks at a glance
Preloading the BootWare image to BootWare
Specifying startup images and completing the upgrade
Installing or uninstalling features and patches
About installing or uninstalling features and patches
Installing or upgrading features
Uninstalling features or patches
Upgrading device software by using install commands
Installing and upgrading software images
Rolling back the running software images
Aborting a software activate or deactivate operation
Deleting inactive software images
Display and maintenance commands for software image settings
Upgrading software
About software upgrade
Software upgrade enables you to upgrade a software version, add new features, and fix software bugs. This chapter describes software types and release forms, compares software upgrade methods, and provides the procedures for upgrading software from the CLI.
Software types
The following software types are available:
· BootWare image—Also called the Boot ROM image. This image contains a basic segment and an extended segment.
¡ The basic segment is the minimum code that bootstraps the system.
¡ The extended segment enables hardware initialization and provides system management menus. When the device cannot start up correctly, you can use the menus to load software and the startup configuration file or manage files.
Typically, the BootWare image is integrated into the Boot image to avoid software compatibility errors.
· Comware image—Includes the following image subcategories:
¡ Boot image—A .bin file that contains the Linux operating system kernel. It provides process management, memory management, file system management, and the emergency shell.
¡ System image—A .bin file that contains the Comware kernel and standard features, including device management, interface management, configuration management, and routing.
¡ Feature image—A .bin file that contains advanced or customized software features. You can purchase feature images as needed.
¡ Patch image—A .bin file that is irregularly released for fixing bugs without rebooting the device. A patch image does not add or remove features.
Patch images have the following types:
- Incremental patch images—A new patch image can cover all, part, or none of the functions provided by an old patch image. A new patch image can coexist with an old patch image on the device only when the former covers none of the functions provided by the latter.
- Non-incremental patch images—A new non-incremental patch image covers all functions provided by an old non-incremental patch image. Each boot, system, or feature image can have one non-incremental patch image, and these patch images can coexist on the device. The device uninstalls the old non-incremental patch image before installing a new non-incremental patch image.
An incremental patch image and a non-incremental patch image can coexist on the device.
Comware images that have been loaded are called current software images. Comware images specified to load at the next startup are called startup software images.
BootWare image, boot image, and system image are required for the device to operate.
You can install up to 32 .bin files on the device, including one boot image file, one system image file, and up to 30 feature and patch image files.
Software release forms
Software images are released in one of the following forms:
· Separate .bin files. You must verify compatibility between software images.
· As a whole in one .ipe package file. The images in an .ipe package file are compatible. The system decompresses the file automatically, loads the .bin images and sets them as startup software images.
|
|
NOTE: Software image file names use the model-comware version-image type-release format. This document uses boot.bin and system.bin as boot and system image file names. |
Upgrade methods
|
Upgrade method |
Software types |
Remarks |
|
Upgrading from the CLI by using the boot loader method |
· BootWare image · Comware images |
This method is disruptive. You must reboot the entire device to complete the upgrade. |
|
Upgrading from the BootWare menu |
· BootWare image · Comware images |
Use this method when the device cannot start up correctly. To use this method, first connect to the console port and power cycle the device. Then, press Ctrl+B at prompt to access the BootWare menu. For more information about upgrading software from the BootWare menu, see the release notes for the software version.
Use this method only when you do not have any other choice. |
This chapter covers only upgrading software from the CLI by using the boot loader method.
Software image loading
Startup software images
To upgrade software, you must specify the upgrade files as the startup software images for the device to load at next startup. You can specify two lists of software images: one main and one backup. The device first loads the main startup software images. If the main startup software images are not available, the devices loads the backup startup software images.
Image loading process at startup
At startup, the device performs the following operations after loading and initializing BootWare:
1. Loads main images.
2. If any main image does not exist or is invalid, loads the backup images.
3. If any backup image does not exist or is invalid, checks the main or backup boot image.
4. If the main or backup boot image exist and is valid, enters the emergency shell.
5. If both the main and backup boot images do not exist or are invalid, the device cannot start up.
Handling the emergency shell process or image loading failure
After the device enters the emergency shell, connect to the console port and load a system image so you can access the Comware system. For more information about using the emergency shell, see "Using the emergency shell."
If the device fails to load the images, connect to the console port, power cycle the device, and use the BootWare menu to load new startup images.
Application scenarios
Software upgrade
When the current software cannot meet the requirements of network operation or user services, you can upgrade the software to optimize device performance to meet the requirements.
Feature and patch package installation
To fix software defects without upgrading the software version, you can install patch packages compatible with the software version. To expand service features on the device, you can install the corresponding feature packages.
Digitally signed software images
The software images for the device are digitally signed for authenticity and integrity verification. This mechanism ensures that the software installed on the system is from a trusted source and has not been tampered with in the transfer, storage, or installation phase.
The system performs software digital signature verification for authenticity and integrity in the following situations:
· Before the system loads a software image during startup. If the digital signature verification fails, the system will not load the image and you will receive a digital signature verification failure message.
· When you specify a software image to upgrade the device from the BootWare menu. If the digital signature verification fails, the system will not set the image for upgrade and you will receive a digital signature verification failure message.
· Before the system loads a BootWare image to the Normal area of BootWare. If the digital signature verification fails, the system will not load the image and you will receive a digital signature verification failure message.
· When you specify a software image as a startup image through the boot loader. The system verifies the digital signature of the image before it updates the startup image list with the specified image. If the digital signature verification fails, the system will not update the startup image list and you will receive a digital signature verification failure message.
· Before the system activates a feature or patch image. If the digital signature verification fails, the system will not activate the image and you will receive a digital signature verification failure message.
Restrictions and guidelines: Software upgrade
Do not execute the install or boot-loader command before the current upgrade action completes.
As a best practice, store the startup images in a fixed storage medium. If you store the startup images in a hot swappable storage medium, do not remove the hot swappable storage medium during the startup process.
Upgrading device software by using the boot loader method
Software upgrade tasks at a glance
To upgrade software, perform the following tasks:
1. (Optional.) Preloading the BootWare image to BootWare
If a BootWare upgrade is required, you can perform this task to shorten the subsequent upgrade time. This task helps reduce upgrade problems caused by unexpected power failure. If you skip this task, the device upgrades the BootWare automatically when it upgrades the startup software images.
3. Specifying startup images and completing the upgrade
Prerequisites
1. Use the display version command to verify the current BootWare image version and startup software version.
2. Use the release notes for the upgrade software version to evaluate the upgrade impact on your network and verify the following items:
¡ Software and hardware compatibility.
¡ Version and size of the upgrade software.
¡ Compatibility of the upgrade software with the current BootWare image and startup software image.
3. Use the release notes to verify whether the software images require a license. If licenses are required, register and activate licenses for each license-based software image. For more information about licensing, see "Managing licenses."
4. Use the dir command to verify that the device has sufficient storage space for the upgrade images. If the storage space is not sufficient, delete unused files by using the delete /unreserved command. For more information, see "Managing file systems."
5. Use FTP or TFTP to transfer the upgrade image file to the root directory of a file system. For more information about FTP and TFTP, see "Configuring FTP" or "Configuring TFTP." For more information about file systems, see "Managing file systems."
Preloading the BootWare image to BootWare
1. Enter system view.
system-view
2. (Optional.) Enable BootWare image validity check.
bootrom-update security-check enable
By default, this feature is enabled.
This feature examines the image for wrong file type, file corruption, and hardware incompatibility. As a best practice, enable it to ensure a successful upgrade.
3. Return to user view.
quit
4. (Optional.) Back up the current BootWare image in the Normal area of BootWare.
¡ Back up the image to the Backup area of BootWare:
bootrom backup [ subslot subslot-number-list ] [ all | part ]
¡ Back up the image to the default file system:
bootrom read [ subslot subslot-number-list ] [ all | part ]
Use either command to back up the BootWare image for a future version rollback or image restoration.
The bootrom read command creates two BootWare image files on the default file system: basicbtm.bin for the basic segment and extendbtm.bin for the extended section.
5. Load the upgrade BootWare image to the Normal area of BootWare.
bootrom update file file [ subslot subslot-number-list ] [ all | part ]
Specify the downloaded software image file for the file argument.
The new BootWare image takes effect at a reboot.
|
|
NOTE: The system verifies the signature of a BootWare image before it loads that image to the Normal area of BootWare. If the digital signature verification fails, the system will not load the image and you will receive a digital signature verification failure message. |
Specifying startup images and completing the upgrade
Perform the following steps in user view:
1. Specify main or backup startup images.
¡ Use an .ipe file:
boot-loader file ipe-filename [ patch filename&<1-30> ] { backup | main }
¡ Use .bin files:
boot-loader file boot filename system filename [ feature filename&<1-30> ] [ patch filename&<1-30> ] { backup | main }
|
|
NOTE: The system verifies the digital signature of the specified images before it updates the startup image list with the specified images. If the digital signature verification fails, the system will not update the startup image list and you will receive a digital signature verification failure message. |
2. Save the running configuration.
save
This step ensures that any configuration you have made can survive a reboot.
3. Reboot the device.
reboot
4. (Optional.) Verify the software image settings.
display boot-loader
Verify that the current software images are the same as the startup software images.
Installing or uninstalling features and patches
About installing or uninstalling features and patches
You can install a new feature or patch image, or upgrade an existing feature image.
The device requires a boot image and a system image to operate correctly. You can uninstall only feature and patch images.
Restrictions and guidelines
To ensure a successful image installation or upgrade, do not perform any other operations on the device during the image installation or upgrade.
Prerequisites
Use FTP or TFTP commands to transfer the image file to the root directory of the default file system on the master device. You do not need to transfer or copy the image file to subordinate member devices. The system will automatically copy the image file to the subordinate members when you activate the images on them. For more information about FTP and TFTP, see "Configuring FTP" and "Configuring TFTP."
Installing or upgrading features
1. Activate features.
install activate feature filename&<1-30> slot slot-number
|
|
NOTE: The software images for the device are digitally signed. The system verifies the digital signature of a feature image for authenticity and integrity before it activates it. If the digital signature verification fails, the system will not activate the image and you will receive a digital signature verification failure message. |
2. Commit the software changes.
install commit
For the image changes to take effect after a reboot, you must perform a commit operation.
Installing patches
1. Activate patches.
install activate patch filename { all | slot slot-number }
You can specify only one patch image file for this command at a time. However, you can execute this command multiple times to install multiple patch image files.
The install activate patch filename all command installs the specified patch images on all hardware and the images can survive a reboot. You do not need to execute the install commit command for the installation.
|
|
NOTE: The software images for the device are digitally signed. The system verifies the digital signature of a patch image for authenticity and integrity before it activates it. If the digital signature verification fails, the system will not activate the image and you will receive a digital signature verification failure message. |
2. Commit the software changes.
install commit
Images run in memory immediately after they are activated. However, only patch images activated by using the install activate patch filename all command can survive a reboot. For other images to take effect after a reboot, you must execute this command to commit the software change.
Uninstalling features or patches
1. Deactivate features or patches.
install deactivate feature filename&<1-30> slot slot-number
install deactivate patch filename { all | slot slot-number }
You can specify only one patch image file for this command at a time. However, you can execute this command multiple times to deactivate multiple patch image files.
The install deactivate patch filename all command uninstalls the specified patch images on all hardware and the images do not run after a reboot. You do not need to execute the install commit command for the uninstallation.
2. Commit the software changes.
install commit
This step removes the image file from the startup image list but does not delete the image file from the default file system.
The device will not load features and patches from the image files at startup.
Upgrading device software by using install commands
Upgrade tasks at a glance
3. (Optional.) Decompressing an .ipe file
4. Installing and upgrading software images
5. (Optional.) Deactivating software images
6. (Optional.) Rolling back the running software images
7. (Optional.) Aborting a software activate or deactivate operation
8. (Optional.) Verifying software images
9. Committing software changes
10. (Optional.) Deleting inactive software images
Decompressing an .ipe file
11. (Optional.) Identify images that are included in the .ipe file.
display install ipe-info
12. Decompress the .ipe file.
install add ipe-filename filesystem
Installing and upgrading software images
About installing or upgrading features and patches
You can install a new feature or patch image, or upgrade an existing boot, system, or feature image.
The device requires a boot image and a system image to operate correctly. You can uninstall only feature and patch images.
Software image installation and upgrade methods
Use one of the following methods to activate software images:
· Slot by slot—Activate all the images on one slot, and then move to the next slot.
· Image by image—Activate one image on all slots before activating another image. Before using this method, read the release notes to make sure the upgrade images are compatible with the current images. If the upgrade images are not compatible with the current images, the upgrade might fail.
Installing or upgrading boot, system, and feature images
To install or upgrade boot, system, or feature images, execute the following commands in user view:
13. Verify that the system is stable.
display system stable state
The system is stable if the System State field displays Stable. For a successful upgrade, you must make sure the system is stable before you proceed to the next step.
14. (Optional.) Identify the recommended method and the possible impact of the upgrade.
install activate { boot filename | system filename | feature filename&<1-30> } * slot slot-number test
15. Activate images.
install activate { boot filename | system filename | feature filename&<1-30> } slot slot-number *
|
|
NOTE: The software images for the device are digitally signed. The system verifies the digital signature of an image for authenticity and integrity before it activates it. If the digital signature verification fails, the system will not activate the image and you will receive a digital signature verification failure message. |
Installing patch images
To install patch images, execute the following commands in user view:
16. Verify that the system is stable.
display system stable state
The system is stable if the System State field displays Stable. For a successful installation, you must make sure the system is stable before you proceed to the next step.
17. Install patch images.
install activate patch filename { all | slot slot-number }
You can specify only one patch image file for this command at a time. However, you can execute this command multiple times to install multiple patch image files.
|
|
NOTE: The software images for the device are digitally signed. The system verifies the digital signature of a patch image for authenticity and integrity before it activates it. If the digital signature verification fails, the system will not activate the image and you will receive a digital signature verification failure message. |
Deactivating software images
Restrictions and guidelines
You can deactivate only feature and patch images.
The deactivate operation only removes images from the current software image list. For the image changes to take effect after a reboot, you must perform a commit operation to remove the images from the main startup image list.
Deactivated images are still stored on the storage medium. To permanently delete the images, execute the install remove command. For more information, see "Deleting inactive software images."
Deactivating feature images
To deactivate feature images, execute the following commands in user view:
18. Verify that the system is stable.
display system stable state
The system is stable if the System State field displays Stable. For a successful deactivate operation, you must make sure the system is stable before you proceed to the next step.
19. Deactivate feature images.
install deactivate feature filename&<1-30> slot slot-number
Deactivating patch images
To deactivate patch images, execute the following commands in user view:
20. Verify that the system is stable.
display system stable state
The system is stable if the System State field displays Stable. For a successful deactivate operation, you must make sure the system is stable before you proceed to the next step.
21. Deactivate patch images.
install deactivate patch filename
You can specify only one patch image file for this command at a time. To deactivate multiple patch image files, repeat this command.
Rolling back the running software images
About this task
During an incremental upgrade, the system creates a rollback point for each activate or deactivate operation of a boot, system, or feature image. The system can maintain a maximum of 50 rollback points. If this limit has been reached when a rollback point is created, the system removes the earliest rollback point. You can roll back the software to any of the rollback points.
During a reboot upgrade, the system does not create rollback points. After a reboot upgrade, you can roll back the software only to the status before any activate or deactivate operations were performed.
Restrictions and guidelines
You can perform this task only before committing software changes. A commit operation deletes all rollback points.
For an incremental upgrade rollback to take effect after a reboot, you must perform a commit operation to update the main startup image list.
Procedure
To roll back the running software images, execute the following commands in user view:
22. (Optional.) Display available rollback points.
display install rollback
23. Roll back the software.
install rollback to { point-id | original }
Aborting a software activate or deactivate operation
About this task
While the system is activating or deactivating a software image for a service upgrade or file upgrade, you can abort the activate or deactivate operation. After an operation is aborted, the system runs with the software images that it was running with before the operation.
Procedure
To abort a software activate or deactivate operation, use one of the following methods:
· Execute the install abort [ job-id ] command in user view.
· Press Ctrl+C.
Committing software changes
About this task
When you activate or deactivate images for an incremental upgrade, or activate or deactivate patch images, the main startup image list does not update with the changes. The software changes are lost at reboot. For the changes to take effect after a reboot, you must commit the changes.
Procedure
To commit software changes, execute the following command in user view:
install commit
Verifying software images
About this task
Perform this task to verify the following items:
· Integrity—Verify that the boot, system, and feature images are integral.
· Consistency—Verify that the same active images are running across the entire system.
· Software commit status—Verify that the active images are committed as needed.
Procedure
To verify software images, execute the following commands in user view:
24. Verify software images.
install verify
25. Activate or deactivate images as required.
install { activate | deactivate }
26. Commit the software changes.
install commit
Deleting inactive software images
About this task
After completing an upgrade, you can use this task to delete old image files permanently.
Restrictions and guidelines
This task deletes image files permanently. You cannot use the install rollback to command to revert the operation, or use the install abort command to abort the operation.
Procedure
To delete inactive software image files, execute the following command in user view:
install remove [ slot slot-number ] { filename | inactive }
Upgrading firmware
About this task
Perform this task to upgrade firmware for components that cannot be upgraded when you upgrade Comware. Examples of these components include complex programmable logical devices (CPLDs), field programmable gate arrays (FPGAs), CPUs, and 3G modems.
Restrictions and guidelines
After you upgrade firmware for a component, you must power cycle the card where the component resides for the upgrade to take effect.
You can power cycle a card by using one of the following methods:
· Power cycle the device that holds the card.
· Remove and reinstall the card.
· Power cycle the card from the CLI:
¡ power-supply off
¡ power-supply on
Support for these methods depends on the card model.
Procedure
To upgrade firmware, execute the following command in user view:
firmware update [ subslot subslot-number ] { cpld cpld-number | fpga fpga-number | module module-number } file filename
Display and maintenance commands for software image settings
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
Remarks |
|
Display current software images and startup software images. |
display boot-loader [ slot slot-number ] |
N/A |
|
Display active software images. |
display install active [ slot slot-number ] [ verbose ] |
N/A |
|
Display backup startup software images. |
display install backup [ slot slot-number ] [ verbose ] |
N/A |
|
Display main startup software images. |
display install committed [ slot slot-number ] [ verbose ] |
N/A |
|
Display inactive software images in the root directories of file systems. |
display install inactive [ slot slot-number ] [ verbose ] |
N/A |
|
Display the software images included in an .ipe file. |
display install ipe-info ipe-filename |
N/A |
|
Display ongoing ISSU activate, deactivate, and rollback operations. |
display install job |
N/A |
|
Display ISSU log entries. |
display install log [ log-id ] [ verbose ] |
N/A |
|
Display software image file information. |
display install package { filename | all } [ verbose ] |
N/A |
|
Display rollback point information. |
display install rollback [ point-id ] |
The system does not record rollback points during an ISSU that uses issu commands. |
|
Display the software image file that includes a specific component or file. |
display install which { component name | file filename } [ slot slot-number ] |
N/A |
|
Clear ISSU log entries. |
reset install log-history oldest log-number |
N/A |
|
Clear ISSU rollback points. |
reset install rollback oldest point-id |
N/A |
Software upgrade examples
Example: Upgrading device software
Network requirements
As shown in Figure 1, use the file startup-a2105.ipe to upgrade software images for the device.
Configuration procedure
# Configure IP addresses and routes. Make sure the device and the TFTP server can reach each other. (Details not shown.)
# Configure TFTP settings on both the device and the TFTP server. (Details not shown.)
# Display information about the current software images.
<Sysname> display version
# Back up the current software images.
<Sysname> copy boot.bin boot_backup.bin
<Sysname> copy system.bin system_backup.bin
# Specify boot_backup.bin and system_backup.bin as the backup startup image files.
<Sysname> boot-loader file boot flash:/boot_backup.bin system flash:/system_backup.bin backup
# Use TFTP to download the startup-a2105.ipe image file from the TFTP server to the root directory of the flash memory.
<Sysname> tftp 2.2.2.2 get startup-a2105.ipe
# Specify startup-a2105.ipe as the main startup image file.
<Sysname> boot-loader file flash:/startup-a2105.ipe main
# Verify the startup image settings.
<Sysname> display boot-loader
# Reboot the device to complete the upgrade.
<Sysname> reboot
# Verify that the device is running the correct software.
<Sysname> display version
