"Failed to update firmware" and "Export of scp failed for firmware update" error msg.

[jb185t]

Using OpenManage Ansible Module, I'm trying to update firmware on below server.

Model	PowerEdge R740xd
Host Name
Operating System
Operating System Version
Service Tag	xxxxxx
Asset Tag
Express Service Code	xxxxx
BIOS Version	2.2.11
Lifecycle Controller Firmware	3.34.34.34

Against the machine, below Ansible playbook was applied. NFS is mounted on Ansible Controller host and parameter variables are set as below in inventory.

 share_name: 12.34.56.78:/mnt/shared/
 share_mnt: /mnt/shared/

- hosts: dcu_hosts
  connection: local
  name: Update Firmware Inventory
  gather_facts: False

  tasks:
  - name: Update Firmware Inventory
    dellemc_idrac_firmware:
       idrac_ip:        "{{ ansible_host }}"
       idrac_user:      "{{ redfish_username }}"
       idrac_pwd: "{{ redfish_password }}"
#       idrac_password: "{{ redfish_password }}"

       share_name:      "{{ share_name }}"
       share_mnt:       "{{ share_mnt }}"

       job_wait:        True 
# Belows are optional.
#       share_user: "{{ share_user }}"
#       share_pwd: "{{ share_password }}"
#       reboot:   False      
       catalog_file_name: "{{ catalog_file_name }}" # Default is Catalog.xml

However, I get error message highlighted below. Wonder what did I do wrong or what to check. Dell-basic-scp-rsv731.xml was exported from other RX740 server.

fatal: [xxx.xxxx.xxx.xxxxx ]: FAILED! => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "invocation": {
        "module_args": {
            "catalog_file_name": " Dell-basic-scp-rsv731.xml",
            "idrac_ip": "xxx.xxxx.xxx.xxxxx",
            "idrac_port": 443,
            "idrac_pwd": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "idrac_user": "root",
            "job_wait": true,
            "reboot": false,
            "share_mnt": "/mnt/shared/",
            "share_name": "12.34.56.78:/mnt/shared/",
            "share_pwd": null,
            "share_user": null
        }
    },
    "msg": "**Failed to update firmware.**",
    "update_status": {
        "Message": "Export of scp failed for firmware update",
        "Status": "Failed"
    }
}

Here is the contents in shared directory in Ansible Controller machine.

$ ls /mnt/shared
apply_components.sh                   Dell-scp-rsv730.xml
BIOS_NM8WY_LN_2.2.11.BIN              dsuconfig.xml
BIOS_NM8WY_LN_2.2.11.BIN.sign         Firmware_762CC_LN_2.41_A00-00_04.BIN
Catalog.xml                           Firmware_9NKWP_LN_4.27_A00-00_03.BIN
CPLD_Firmware_PC0N3_LN_1.0.6_A00.BIN  iDRAC-with-Lifecycle-Controller_Firmware_3HT97_LN_3.34.34.34_A00.BIN
Dell-basic-scp-rsv731.xml             invcol_252PK_LN64_17_12_200_106_A00
Dell-scp-rsv730.json                  Systems-Management_Application_DVHNP_LN64_1.7.0_A00.BIN

[Wobak]

Hi,

I had the same issue, and I think I figured it out.

Might be something to do with the mounted folder.

The share_mnt folder needs to be the exported folder mounted as NFS on your machine (NFS3 specified).

ie if your files are in /mnt/shared, you should mount them elsewhere using :

mount -t nfs 192.168.100.150:/mnt/shared /mnt/nfsmount/ -o vers=3

which will then show like this in your mount command:

12.34.56.78:/mnt/shared on /mnt/nfsmount type nfs (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,...)

Then you should be able to run this playbook.

[jb185t]

Thanks for the reply, Wobak!

Your display from mount command hinted me what was my bad. In /etc/exports file, I set the read only ro as permission mode. Once I change it to rw as below, the "Export of scp failed for firmware update" was disappeared.

/mnt/shared x.0.0.0/8(rw,sync,no_subtree_check)

However, after rerun, another error popped up;

IOError: [Errno 13] Permission denied: '/mnt/shared/scp_66QH3W2_20190924_225559.xml

It seemed Ansible tried to write something on the SCP xml file, which failed due to insufficient permission. Widely opening up /mnt/* folders or changing /etc/exports file as below didn't help.

/mnt/shared x.0.0.0/8(rw,sync,no_subtree_check,all_squash,anonuid=0,anongid=991)

When I tried to manually edit /mnt/shared/scp_66QH3W2_20190924_225559.xml from some other NFS client, the file was read only. Wonder how it can be made read and writable.

Joon

[Wobak]

Can you try with no_root_squash instead of all_squash ?

[jb185t]

No luck with no_root_squash.

I noticed that each time the playbook is executed, new SCP_xxxxx.xml with time stamp is created. Wonder how it is created. It seems the Python code remotely copied by Ansible running in target iDrac server creates the XML file but not 100% sure. The file does have some XML contents.

This may due to some gap in my environment. Will report back further update.

[rajshekarp87]

Hi jb125t/Woback,

We have tried this scenario and were successfully able to perform the update operation. However, below are the NFS share permission.

*(rw,sync,no_subtree_check) with 755 folder permission (recommended).

Kindly re-check if you have adequate NFS share and mount permission and let us know the status.

Thanks & Regards, Rajshekar P

[rajeevarakkal]

@jb185t @Wobak Have you tried the above settings? Also we have now enhanced idrac_firmware module to support more reposotiry types such as HTTP/S, FTP also using non-SCP approach for firmware updating. Let us know in case you are still facing the issues

[rajeevarakkal]

@jb185t @Wobak Since there is no update for sometimes,we are closing this issue.