The Server Firmware Report

An Overview

The firmware report lists those servers which appear to need a firmware update. It does this by comparing the firmware which machines have with the firmware which we have available. It can be run at: http://ordershost/cgi/squery?qf=firmware

What firmware does a server have installed?

Servers all have an RPM called dice-orders-firmwarereport. This contains a script called firmwarereport. firmwarereport runs every day from a cron job. The cron job is specified in dice/options/server-common.h.

The firmwarereport script examines the server's hardware (disks, RAID controllers, BIOS, FibreChannel) and tries to identify what hardware units are present, and to find out the versions of firmware on those units. Having found out what it can, it inserts the data into the subunit table of the orders database which is on the machine called ordershost.

What firmware is available?

There's also an 'rfe' map called goodfirmware. This lists known good firmware upgrades, together with the firmware data which firmwarereport would produce from a machine which had had that upgrade applied. This map lives on ordershost. Every time this map is changed, rfe runs the script firmwareinstall. firmwareinstall checks the contents of goodfirmware and if acceptable inserts them into the firmware table of the orders database. firmwareinstall is run thanks to the rfe resources for the goodfirmware map. These resources are in dice/options/ordershost.h.

The comparison

On the orders host there is a web SQL query called firmware. This compares the contents of the subunit and firmware tables. It lists those machines which appear to be identical to a machine for which there is a known good firmware upgrade, but which do not appear to have had that upgrade applied.

Sources

The source for the scripts (firmwarereport and firmwareinstall) and the web query (firmware) is held in the dice-orders directory of the dice subversion repository. The firmwarereport script is packaged up in the RPM dice-orders-firmwarereport. This RPM is installed on all physical servers via the dice/options/server-common.h header. The other two are part of the dice-orders RPM which is installed on the orders host via the dice/options/ordershost.h header.

To Do

The system needs further work. In particular:

  1. firmwarereport does not yet detect NICs, so the report does not list firmware updates for these components.
  2. There is a logical flaw in the SQL used in the 'firmware' report. This lists all matching machines which have not had a particular approved firmware version applied. The problem with this is that one component can in theory have multiple good firmware versions. In such cases, machines which had had one of those firmware versions applied would be listed as needing to have the other firmware versions applied. This needs rethinking. It's arguably not a big problem, and one that we might comfortably live with, because each hardware unit arguably will only have one "latest" firmware version at any one time, and one could expect the latest firmware version to always supercede earlier versions.
  3. The system could be extended to regularly copy applicable firmware updates to local disk space on each server.
Topic revision: r4 - 08 Mar 2013 - 13:26:54 - ChrisCooke
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies