Some days back, I was having a conversation with a friend about the recent CVEs that impact the firmware of several physical machines. HP usually will release several vulnerability alerts and it is very important to patch your firmware. You might also notice that the mitigation happens at CPU levels such as AMD or Intel. In this blog post, I will focus on one of the very basic ways to update your firmware. Prior before upgrading, its important to make a checklist. My HP Proliant Gen9 is actually an ESXi on VMware infrastructure. You can view the step by step actions below and pause the video at any time. I have blurred some information for security purpose such as the name of servers, IPs, Logins, etc..
A basic checklist can be considered as follows:
- Monitoring consideration.
- How many and size of the VMs on production.
- The consistency of the Firmware provided by HP.
- Logins and Passwords for the HP ILO, vCenter, Virtual Machines running, etc..
- Java or Dot Net framework for accessing the ILO.
- Where is the storage node of the virtual machines?
- Load on the cluster or the ESX itself.
- The expected amount of time during migration.
- The output of the update (Correction of bugs, New feature, etc..).
1. Prior before upgrading the firmware, you need to make a survey about the oversized VMs. Consider performing a manual migration before activating the maintenance mode. Then, enter maintenance mode, all the virtual machines in the cluster should migrate to other physical machines in the cluster. We assume that the datastore of each machine is not on the physical machine itself which is not recommended.
2. Once all virtual machines migrated to other ESXi hosts, connect to the HP ILO onboard administrator interface. Consider checking the health status of other ESXi hosts on your chassis.
3. Also consider, verifying the system information of your ESXi host (HP physical machine).
4. On the ‘information’ tab, click on ‘system information’, you will notice the field ‘Integrated remote console’. You can choose any framework whether Java or .Net to open the console.
5. Once connected, you should be able to see the following screen.
6. From vCenter, upload the image file which constitutes of the patch for the new firmware.
7. On vCenter, right click on the physical machine, then ‘reboot’. Consider checking the grey bar that is now blinking on the left just below the ‘<F2> tag ‘at the bottom on the ESXi console.
8. By the time, you should also notice that you have been logout on vCenter.
9. Normally, after a few minutes, the server will reboot showing the HP Enterprise logo followed by other system information, then you will notice a screen that with four key options below: F9 (System Utilities), F10 (Intelligent Provisioning), F11 (Boot Menu), and F12 (Network Boot). Hit the F9 button to enter ‘System Utilities’.
10. Choose the ‘one-time boot menu’ option. Then go to the USB virtual disk that you have mounted at step 6 and hit ‘Enter’.
11. By now you should notice the installation of the firmware in progress. This might take a considerate amount of time. Monitor the installation.
12. After extracting the iso file, it will go through three steps: Inventory, Review, and Deployment.
13. You can also monitor for the ‘blink’ message on the HP Onboard Administrator interface which means that the upgrade has not completed yet.
14. Once, the UID state is off, you can remove the server from maintenance. On vCenter, right click on the server, and click on ‘Exit maintenance mode’.
15. Several machines will now join the ESXi host which has been added back to the cluster through an election process.
If you are interested more on the election process and how High Availability works, please check the article ‘VMware vSphere High Availability‘ which I published several months back.
All steps from 1 to 15 have been described in the video below. If you like the article please click on the like button and share.