@itentialopensource/cisco-asa-upgrade v1.0.3-2023.1.0

Pre-Built Name

Table of Contents

• Overview
• Installation Prerequisites
• Requirements
• Features
• Future Enhancements
• How to Install
• How to Run
• Additional Information

Overview

This pre-built contains the Cisco ASA device upgrade workflow using IAP and either IAG or NSO. The workflow requires that a newer binary version file is already downloaded locally on the destination device (bootflash:), and file integrity has been verified (using md5).

This solution consist of the following:

• Main Workflow (IAP-Artifacts ASA Device Upgrade)

  • Perform device environmental checks. Verifies a device is on a different version than the requested one.
  • Perform pre-checks to confirm device readiness.
  • Backup the running-config locally on flash drive.
  • Perform boot statement configuration to direct the router to load the newer version upon the next boot.
  • Issue the reload command.
  • Wait for device to become available after reboot.
  • Confirm reliable connectivity (ping consistency).
  • Perform post-checks to verify the device functionality running the new version.
  • Show a Pre-Post Checks diff report.
  • Perform MOP analysis to verify no unexpected config changes occurred.
  • Show a MOP analysis report.
  • Perform rollback, if requested.

• Command Templates

  • Will run the pre / post commands and evaluate them against set thresholds.

• Analytic Templates

  • Will run the pre vs. post comparisons and evaluate them against set thresholds.

• Operations Manager automation with a JSON-Form:

  • Mode selection: Zero-Touch, Normal, or Verbose
  • Allows user to pick destination device to run the upgrade on.
  • Allows user to pick software version to upgrade to (file names are hard coded in JSON form).
  • Ping-consistency variables

Installation Prerequisites

Users must satisfy the following pre-requisites:

• Itential Automation Platform
  • ^2023.1
• Itential Automation Gateway
  • ^3.227.0+2023.1.15
• Network Services Orchestrator
  • See compatible NSO and NED versions on the 2023.1 release notes.

Requirements

This Pre-Built requires the following:

• Cisco ASA device is using Ansible as orchestrator
• Download new binary onto destination device (bootflash:)

Features

The main benefits and features of the Pre-Built are outlined below.

• Perform readiness checks prior to any change, and functionality verifications after changes have been applied.
• Allow for a rollback in case functionality checks have failed.
• Show a conclusive report with the Pre vs. Post config diff.

Future Enhancements

• Support for NSO orchestrator

How to Install

To install the Pre-Built:

• Verify you are running a supported version of the Itential Automation Platform (IAP) as listed above in the Requirements section in order to install the Pre-Built.
• The Pre-Built can be installed from within App-Admin_Essential. Simply search for the name of your desired Pre-Built and click the install button (as shown below).

How to Run

Use the following to run the Pre-Built: Starting an ASA device upgrade can be invoked via Operations Manager. Navigate to the Operations Manager app, then in the Automations section, select Cisco ASA Upgrade. Click the play button to run trigger and enter in the required details in the Cisco ASA Upgrade Form, then Run Manually.

Additional Information

Please use your Itential Customer Success account if you need support when using this Pre-Built.