I assume CDT would simply be using CPUSE to perform the major upgrade anyway, but maybe I'm missing something.

 https://community.checkpoint.com/people/tsahi330fad5c-65ab-41ad-8761-bd74072bb273‌?

Yes, CDT just uses CPUSE for packet installation. All commands are being sent to the gateways using cprid.

Recently I upgraded round about 20 clusters from 77.30 to 80.10 and jumbo take 56 in one deployment plan and it worked well. 

Can the CDT be used in conjunction with the API? It doesn't sound like it based on this. Are there any plans to allow the API to leverage the CDT?

The CDT is not based on the API because it supports different versions including versions without API. However, based on the success of the CDT, we are working on adding central deployment capabilities as part of SmartConsole, and all of these capabilities will have APIs. 

Yasushi Kono wrote:

In the upgrade admin guide of v1.5, there is no mentioning about upgrading from R77.30 to R80.10 anymore. The only options mentioned there is SmartUpdate and CPUSE. Why not CDT?

 

Are you talking about the CDT admin guide or the R80.10 upgrade guide?

CDT v1.5 can do everything previous versions did and much more.

As a matter of fact, you don't even need to configure MINOR, MAJOR or HOTFIX anymore because CDT now examines the packages before sending them and automatically detects the upgrade type.

Tsahi

Hi Vincent,

Your actions to the problems listed are accurate.

How did you come to these actions? On your own or got some help?

Robert.

Hi Robert,

unfortunately not on myself.

A guy from cdt team and one of the management team helped me.

Best regards

 Vincent

Hi Borut,

you need to insert the DepPlan.xml als Deployment Plan.

Kind regards

Yasushi

Von: Borut Vozelj

Gesendet: Donnerstag, 28. Juni 2018 13:18

An: Yasushi Kono <Yasushi.Kono@experteach.de>

Betreff: Re: - Re: Central Deployment Tool v1.5 (CDT) has been released

CheckMates <https://community.checkpoint.com/?et=watches.email.thread>

Re: Central Deployment Tool v1.5 (CDT) has been released

reply from Borut Vozelj<https://community.checkpoint.com/people/boruta2cd43c4-f354-4a4f-8972-1f498da0b38a?et=watches.email.thread> in Appliances and Gaia - View the full discussion<https://community.checkpoint.com/message/22309-re-central-deployment-tool-v15-cdt-has-been-released?commentID=22309&et=watches.email.thread#comment-22309>

Hi,

The candidates list generation can be done in 2 ways - the Basic mode and the Advanced mode. They have different syntax, so I'll describe both:

In the Basic mode, all you need to do is to specify that you want to generate a candidates list, and specify the file to contain that list, without the prefix '-candidates='. So the command will be:

./CentralDeploymentTool -generate test.csv

In the Advanced mode, you first must create a 'deployment plan' - this is an .xml file which instructs CDT on the sequence of actions to do on each GW/cluster member. You can use one of the example deployment plans found in the admin guide, and edit it to fit your needs. After you have done it, you can use the Advanced mode syntax as follows:

./CentralDeploymentTool -generate -candidates=test.csv -deploymentplan=DepPlan.xml

The first command you propose for basic mode is not working for me

[Expert@mgmt:0]# ./CentralDeploymentTool -generate test.csv

Thu Jun 28 14:00:37 2018 *A* [Main]: Central Deployment Tool (version 1.5.2 build #990180476)
Thu Jun 28 14:00:37 2018 *A* [Main]: ========================================================

Thu Jun 28 14:00:37 2018 *A* [Main]: Current execution logs are in: /var/log/CPcdt/logs_2018-06-28-14-00-36/
Thu Jun 28 14:00:37 2018 *E* [Main]: Invalid number of arguments.

Advanced (Deployment Plan) Usage:
=================================

Candidate list generation:
Generates the installation candidates list and saves it to a file.

-generate -candidates=<file name> -deploymentplan=<filename.xml> [-server=<Domain Management Server IP>] [-filter=<file name>]
generate candidate list following deployment plan [using a Domain Management Server] and save it to a file.
optional - use a filter list to generate a candidate list on the machines in the filter list.

[Expert@mgmt:0]# ./CentralDeploymentTool -b -generate test.csv

Basic Usage:
============

Candidate list generation:
Generates the installation candidates list and saves it to a file.

-generate <file name> [Domain Management Server IP]
generate candidate list from [Domain] management server and save it to a file.

Not sure what I'm missing here.

I forgot to add this: For Basic mode, you must specify which package to install in the main configuration file (CentralDeploymentTool.xml), otherwise CDT assumes you are using Advnaced mode. Use the PackageToInstall entry to do that - you can see an example in the admin guide.

Note that you must remove that entry if you wish to use the Advanced mode.

Just found the cause of the issue (thanks to Eliran):
I upgraded from beta to ga release of cdt.

The package was originally in /home/admin/ and I copied it (with the split files and the split_info.txt file) to $CDTDIR (and newly created subdirectory). The content of the split file still contain /home/admin paths.

So had to delete these file and keep only the FCS package.

Hi Jozko,

Sorry to hear about the confusion in our documentation. I will try to make it clearer.

Meanwhile, let me explain:

The CDT Basic Mode command ‘extended_preparations’, as you have figured out, is used to send packages from the management machine to the connected firewalls. The same could also be done in the Advanced Mode, but in a different way – In Advanced Mode, you can construct a Deployment Plan (the xml file which contains a list of actions to perform on each machine) with any combination of actions you want. If you just need to send the packages to the firewalls, you can create a deployment plan with just 1 action (import_package) and then execute it. You can create another deployment plan to do the actual installation.

Most of your commands have not worked because you were trying to use an Advanced Mode command (-execute) with a Basic Mode parameter (-extended_preparations). The 4th command you mentioned (with just the –extended_preparations parameter) should have worked. Do you remember if you used a copy&pasted command? If you did, that could have been the issue. If not – please share the exact output that you get when trying to run ./CentralDeploymentTool -extended_preparations list.csv

Regards,

Arik Ovtracht

Packaging Team Leader

Device Operations Group

Hi Arik Ovtracht‌,

Thank you very much for your response

The issue I had was caused that I have modified both .xml files in wrong order and with wrong arguments.

What I wanted was to just update CPUSE agent (RPM), import R80.10 upgrade package to R70.30 gateways and verify it -  definition of extended_preparations of Basic mode.

This is the content of CentralDeploymentTool.xml I have used:

<?xml version="1.0" encoding="UTF-8" ?>
<CentralDeploymentTool>
<PackageToInstall Path="/var/log/Check_Point_R80.10_T462_Fresh_Install_and_Upgrade_from_R7X.tgz" ConnectivityUpgrade="false"/>
<Logging FileLevel="DEBUG" ScreenLevel="DEBUG" SyslogLevel="NONE" Colors="true"/>
<CPUSE RPMPath="/var/log/CPda-00-00.i386.rpm" />
<Batch MaxMachinesCount="UNLIMITED" />
</CentralDeploymentTool>

This is the content of DepPlan.xml I have used:

<?xml version="1.0" encoding="UTF-8"?>

<!--
This is an example of a Check Point Central Deployment Tool Deployment Plan file.
Refer to the CDT SK for additional information about configuring and using CDT:
https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&so...
-->

<CDT_Deployment_Plan>
<!--
The plan_settings element contains the name and the description of the deployment plan
and additional configuration.
-->
<plan_settings>
<name value="Example deployment plan" />
<description value="Example deployment plan provided with CDT" />
<update_cpuse value="true" />
<connectivityupgrade value="true" />
</plan_settings>

<!-- Execute script -->
<execute_script path="/home/admin/cdt/preScript.sh" iscritical="false" />

<!-- Remove custom jumbo -->
<uninstall_cpuse_package filename="R75.46_JUMBO_HF.tgz" />

<!-- Major R77.30 upgrade -->
<import_package path="/var/log/Check_Point_R80.10_T462_Fresh_Install_and_Upgrade_from_R7X.tgz" />
<install_package path="/var/log/Check_Point_R80.10_T462_Fresh_Install_and_Upgrade_from_R7X.tgz" />

<!-- Notifications during execution -->
<log level="NORMAL" value="Finished installing major upgrade." />
<!-- <send_email to="cdt.admin@checkpoint.com" subject="Major upgrade completed" body="Finished installation of R77.30 major upgrade, preparing to install R77.30 HF2." /> -->

<!-- Install HF for R77.30 -->
<!-- <import_package path="/home/admin/R77.30_HF2.tgz" /> -->
<!-- <install_package path="/home/admin/R77.30_HF2.tgz" /> -->

<!-- Get a file from the gateway to /home/admin/ -->
<!-- <pull_file remote_path="/home/admin/file_to_pull.txt" local_dir="/home/admin/" /> -->

</CDT_Deployment_Plan>

As I figured out, the content of DepPlan.xml is irrelevant in this case, as I want to go via Basic mode and extended_preparations.

So finally I was able to run CDT with syntax:

./CentralDeploymentTool -extended_preparations test.csv

and waited around 2 hours to finish the job.

Once finished, I checked both gateways which were mentioned in candidate list test.csv.

R80.10 upgrade package was transfered and was located in /var/log/upload on both gateways.

The CPUSE agent (RPM) was NOT upgraded at all. In addition, the RPM package is not visible in /var/log/upload directory on both gateways. Not sure if this can be related to the fact that on one gateway I have already installed the build version which I want to upgrade (1573). On second node I have older build number, which was supposed to be upgraded from currect 1567 to the latest 1573. It wasnt upgraded.

Second issue I see is that on the management server where I run CDT, the following files were created and wasnt removed after CDT finished the job:

Hi Jozko,

You are correct that when using the Basic Mode, there is no deployment plan involved - so the DepPlan.xml file is indeed irrelevant.

Regarding your first issue - CDT takes the CPUSE rpm from the configured path in CentralDeploymentTool.xml (in you case it was /var/log/CPda-00-00.i386.rpm), and installs it on each of the members. Are you sure that you put the rpm for build 1573 in that location? If you did - please share your CDT log files (in /var/log/CPcdt/ , if you executed CDT multiple times then just share the directory with the relevant execution time).

Regarding your 2nd issue - the files you see are parts of the R80.10 upgrade package. CDT splits big files before it sends them, due to infrastructure limitations. It keeps the split package to mark that it doesn't need to be split again. You can delete these files manually if you want.

Not yet but I will surely use it for my first R80.20 upgrade