Dell PowerEdge firmware upgrades via iDrac
Published: 26-01-2018 | Author: Remy van Elst | Text only version of this article
The recent spectre and meltdown vulnerabilities require BIOS and firmware updates. Dell provides binaries for Windows and Linux, but just for Red Hat and SUSE. Some firmware updates can be run on Ubuntu or Debian, but some fail with the error that RPM could not be found. Which is correct since it's not Red Hat. In this small article I'll show you how to upgrade the firmware via the iDrac, which I recently discovered.
Upgrade via the shell
Usually I do upgrades automated with Ansible, via the shell. Manually this can be done as well, in this example a firmware for the power supply unit of a Dell R620:
# Download the firmware wget https://downloads.dell.com/FOLDER01988261M/1/Power_Firmware_JX7PR_LN_09.2B.80_A00.BIN # Run it bash Power_Firmware_JX7PR_LN_09.2B.80_A00.BIN
On Ubuntu the output in this case is:
Cannot find utilities on the system to execute package. Make sure the following utilities are in the path: rpm stat stty cut fmt tty tar gzip tail rm mkdir mktemp chmod ls basename dirname wc sleep
You could use the iDrac console (if you have an enterprise license) or a KVM switch to boot up a CentOS live DVD, but in this case there was no KVM or license available.
Upgrade via the iDrac
I was unaware of this feature, but using the iDrac web interface you can upgrade the firmware as well. I found this article on the Dell site which explains it.
Quoting the important parts:
Use the Windows 32-bit or 64-bit version of the Dell Update Package (DUP), which the iDRAC is able to extract and apply by itself.
For iDrac 9:
Go to Maintenance > System Update. The Firmware Update page is displayed.
For iDrac 7/8:
Go to Overview > iDRAC Settings > Update and Rollback. The Firmware Update page is displayed.
Using the job queue, reboot the machine to apply the update.
This interface has a few advantages over the shell binaries:
- Multiple updates can be uploaded and queued, applied directly after the reboot
- No OS is required on the machine (redhat etc)
- Progress can be monitored even when the machine is rebooting
It is also possible to SSH into the iDrac and use
racadm to upgrade the
firmware. This process involves a remote NFS or SMB share where the upgrade file
is hosted, which we may cover in another article.