HPE Storage Users Group :: View topic - What is the best way to automate 3par firmware updates?

HPE Storage Users Group https://3parug.com/

What is the best way to automate 3par firmware updates? https://3parug.com/viewtopic.php?f=18&t=3352	Page 1 of 1

Author:	msarro [ Wed Jan 29, 2020 5:14 pm ]
Post subject:	What is the best way to automate 3par firmware updates?
We have multiple 3pars across several data centers. Our data centers are secure. No one without preapproval and screening/certification is allowed on prem. Likewise, no remote support is allowed (well it could be, but there are a ton of legal issues that need to get taken care of). Trying to get firmware upgrade info has been a nightmare. HPE constantly derps on about allowing their 3par service team do our upgrades, and I constantly have to explain to them that they do not have access and will not be granted access, so I need instructions on how to perform the upgrades. The real problem is that I haven't found any good way to automate the upload and install of firmware files. 3parcli allows you to upload files, but AFAIK it uses some built in mechanism and doesn't use anything standard. Since we aren't in a windows shop, that hits us already. Ideally this should be automated so I dont have to dedicate a team of guys for 2-3 days to sit and manually upload firmware files one after another via the VSP. Has anyone found a good way to automate this process?

Author:	ailean [ Thu Jan 30, 2020 7:46 am ]
Post subject:	Re: What is the best way to automate 3par firmware updates?
This has come up before but don't think a solution was found. I'm guessing your VSPs don't talk home to HPE for fault reporting either if secured site? I know HPE have a process which allows them to auto push certain updates out to dial home SPs but they only seem to use it occasionally from what I've observed (couple of times a year maybe). For obvious reasons I'd like to think they wouldn't advertise the api and allow 3rd parties to use that as I'm sure someone would use it as a way to remote break arrays. Have had to use the 3parcli method a couple of times but I'd be careful of that as it doesn't seem to clean up files or track changes as well as via the SP. The small Pxx patches are normally straight forward for local install via the SP, the release notes contain any additional commands needed if required. Just need to check on ordering. The MU or version upgrades really aren't designed for end user install and often have manual tasks before, during and after for a safe install. That seems to be improving over the years but I'd still be careful on live systems if trying to automate them. I've not looked (haven't had the need) at web automate tools but as 3PAR was never designed for self updating it just seems like a great way to break a lot of things overnight. I'm wondering if they have made any changes in this regard to the Primera line, if so might be things that'll filter back into the 3PAR code going forward.

Author:	msarro [ Thu Jan 30, 2020 11:35 am ]
Post subject:	Re: What is the best way to automate 3par firmware updates?
Our VSPs do report home to provide telemetry data for infosight since that's not CPNI. However any inbound access into our DC's is verboten unless we know the exact person connecting in, have a security clearance form from their vendor stating why they need access and that they've passed our DC requirements training, have certified them for access, have signed a contract that they will abide by our change management processes, etc. Since HPE uses a pool of resources they can't meet the requirements for inbound access. We process voice calls for millions of people, including 911 calls, so we guard our DCs pretty heavily. So far I'm looking at possibly using selenium to manipulate it, or even puppeteer. But they're new technologies for me but seem to be built exclusively around manipulating websites which should work.

Author:	MammaGutt [ Thu Jan 30, 2020 12:04 pm ]
Post subject:	Re: What is the best way to automate 3par firmware updates?
As soon as you're on 3.3.1 with SP5, you are pretty much in the clear. Anything below that has a ton of manual checks/workarounds to avoid issues during node reboots. With SP5 you have the option to auto download patches. I'm not sure if this requires call home to enabled but it would require SPs to be connected to the internet. With Primera it is to my knowledge the same as with 3.3.1 and SP5. The difference is that the SP is internal on the Primera. Just thinking out loud. I know that HPE and authorized service partners can go onsite and do the upgrade the same way as the remote team. They are not free like the remote team but it is an option.

Page 1 of 1	All times are UTC - 5 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/