Automatic Firmware Updates - CLI / API / Ansible | NetApp | Page 1

unique kelp May 14, 2025, 9:45 AM

#

I am searching for a way to configure the automatic firmware updates across our fleet that does not involve me logging into each cluster and doing it by hand in the GUI.
Is there a CLI command or API implementation that I am missing or is it GUI online for now?

stark terrace May 14, 2025, 11:11 AM

#

You can cover this task with some ansible magic.

#

https://docs.ansible.com/ansible/latest/collections/netapp/ontap/na_ontap_firmware_upgrade_module.html

#

https://activeiq.netapp.com/ offers "ready" to use modules. Watch out the Wellness Tab.

#

Bildschirmfoto_2025-05-14_um_13.26.45.png

round ruin May 14, 2025, 1:01 PM

#

It seems like these only show up if you have a vulnerability that requires a firmware update. Is there any way to get the code to show up when it's not needed? I want to be able to stage and test the code before I actually NEEDED it.

stark terrace May 14, 2025, 1:22 PM

#

Thats right - The button gets visible if you have vulnerabilities. If not you can still go ahead with the examples from https://docs.ansible.com/ansible/latest/collections/netapp/ontap/na_ontap_firmware_upgrade_module.html .

round ruin May 14, 2025, 5:47 PM

#

The scripts you download from ActiveIQ do a lot more than what is show in those examples though.
We had a vulnerability for our BMCs, so I was able to download the SP one, and there is a lot in there (and, it's failing in our environment, but I haven't had a chance to figure out why though. I think SSH might be getting blocked from the server I'm running from).

stark terrace May 14, 2025, 8:23 PM

#

Does the authentication user have sufficient rights? What error message does Ansible run return? And yes there is more magic in the downloadable script from the aiq page than in the example.

#

Useally ssh is not used for the ansible run. Does any previse Ansible runs worked as expected before?

unique kelp May 15, 2025, 2:04 PM

#

stark terrace You can cover this task with some ansible magic.

This is not what I was looking for but the feature where ONTAP automatically downloads and applies all firmware updates as needed. Can get a screenshot on Monday if needed.

round ruin May 16, 2025, 5:52 PM

#

I don't see anything in the Ansible modules, but in the API, there is /support/auto-update/configurations
Maybe that will give you what you want?

knotty creek May 16, 2025, 6:01 PM

#

just as an fyi, the netapp ontap and storagegrid modules do not use SSH for access. Hosts is set to 'localhost' for the inventory and REST API calls are actually made against hte targets

#

if I remember in my previous life at NetApp I tried to solve this, but the issue was that the firmware updates require netapp.com authentication and thus couldn't be directly linked, so a fully automated format couldn't be setup up.

obsidian bay May 16, 2025, 6:36 PM

#

The issue, iirc, is logging in and having to accept the license conditions before downloading, so full automatic is a bit of a challenge atm.

unique kelp May 19, 2025, 12:03 PM

#

for reference: I am talking about these GUI buttons

#

seems to be that you can turn on auto update like @knotty creek stated above:
curl -X PATCH "https://<CLUSTER>/api/support/auto-update" -H "accept: application/json" -H "authorization: Basic <Redacted>" -H "Content-Type: application/json" -d "{ "enabled": true}"

would love to see this as an Ansible module

#Automatic Firmware Updates - CLI / API / Ansible