この記事は Cisco Systems Japan Advent Calendar 2025 の25日目の記事となります。
過去のカレンダー一覧:
2017年版: https://qiita.com/advent-calendar/2017/cisco
2018年版: https://qiita.com/advent-calendar/2018/cisco
2019年版: https://qiita.com/advent-calendar/2019/cisco
2020年版: https://qiita.com/advent-calendar/2020/cisco
2021年版: https://qiita.com/advent-calendar/2021/cisco
2022年版: https://qiita.com/advent-calendar/2022/cisco
2023年版: https://qiita.com/advent-calendar/2023/cisco
2024年版: https://qiita.com/advent-calendar/2024/cisco
2025年版: https://qiita.com/advent-calendar/2025/cisco
免責事項
本サイトおよび対応するコメントにおいて表明される意見は、投稿者本人の個人的意見であり、シスコの意見ではありません。本サイトの内容は、情報の提供のみを目的として掲載されており、シスコや他の関係者による推奨や表明を目的としたものではありません。各利用者は、本Webサイトへの掲載により、投稿、リンクその他の方法でアップロードした全ての情報の内容に対して全責任を負い、本Webサイトの利用に関するあらゆる責任からシスコを免責することに同意したものとします。
はじめに
筆者はネットワークエンジニアとして日々の業務に携わる中で、Cisco IOS XR を搭載したデバイスに対するOSインストール/アップグレードを行う機会は少なくありません。
従来の IOS XR のインストール/アップグレード作業は、一般的に以下のような複数のステップが必要です:
- ベース ISO イメージ(
mini.iso)を用いた初期インストール(システム再起動が発生) - MgmtEth インターフェースへの IP アドレス設定
- Mgmtネットワーク経由で追加オプションパッケージのインストール
- 必要な SMU のインストール(SMUの内容によっては、複数回のシステム再起動が発生する場合あり)
- 必要となる Configuration の適用
これらの作業は手間と時間を要し、特に複数台のデバイスを手動で管理・展開する社内検証・ラボ環境では、運用効率の観点から課題を感じることが多くなります。
ここで install replace プロセスと Golden ISO(GISO) を活用することで、これら一連の作業を大幅に簡素化し、IOS XRインストールおよびアップグレードの効率を高めることが可能となります。
本記事では、Cisco NCS5500 シリーズを対象に、install replace フローと Golden ISO ファイルを用いた IOS XR の効率的なインストール/アップグレード手法について紹介します。
また、インタネット上既存の Golden ISO(GISO)に関する解説記事(参考文献)と比較し、本記事では 2025 年時点の最新情報と実際の運用・検証経験を踏まえ、より実践的かつ詳細な内容を紹介します。
IOS XR の install replace 機能について
IOS XR の install replace 機能は、IOS XR 64bit 6.5.1 において ASR9000 シリーズ向けに初めて導入されました。
その名称が示すとおり、本機能は指定した ISO イメージを基準として、システム上のすべてのパッケージを置き換える(replace)形でインストール処理を行う仕組みです。
この特性を活用することで、必要な パッケージ、SMU、Configuration をすべて含んだ Golden ISO(GISO) を事前に作成し、install replace コマンドを実行するだけで、デバイスのインストール/アップグレード作業をワンステップで完了させることが可能となります。
また、Golden ISO(GISO)を用いた install replace は、常に最小限の変更のみを適用するという点も重要な特徴です。
例えば、install replace 実行時に「追加・有効化が必要な SMU が 1 つだけ存在し、その SMU が process restart を要する」場合、該当プロセスの再起動のみが実施され、システム全体の reload は発生しません。
このように、install replace はシステム可用性への影響を最小限に抑えつつ、確実なソフトウェア更新を実現できるメカニズムとなっています。
Golden ISO(GISO)とは
Golden ISO(GISO)は、特定のIOS XRデバイス、またはデバイス群に対して必要となるすべての パッケージ、SMU、Configuration を事前に組み込んだ ISO イメージです。
Golden ISO(GISO)を作成・利用することで、複数台のデバイスに対して 同一のソフトウェアバージョンおよび設定状態を一貫性をもって適用することが可能となり、大規模環境における OS 展開作業や運用管理の効率化に大きく貢献します。
Golden ISO(GISO)の構成要素
Golden ISO(GISO)は、標準的なIOS XRベース ISO(mini.iso)を基盤として、ユーザーが選択した以下のコンポーネントを統合することで作成されます。
- Mandatory base image
- ベース ISO イメージ(ISO 形式)
- Optional files / packages
- Optional packages
- SMUs
- ZTP config
- XR config
これらの要素を 1 つの ISO にまとめることで、インストール/アップグレード時の手作業を大幅に削減でき、作業の再現性・信頼性を高めることができます。
Golden ISO(GISO)の作成方法
Golden ISO(GISO)の作成には、Cisco が提供する gisobuild ツールを使用します。
gisobuild は Python スクリプトとして提供されており、必要なパッケージ、SMU、Configuration などのコンポーネントを指定することで、Golden ISO を生成することができます。
gisobuild ツールは GitHub リポジトリから入手可能です。
本記事では、Docker コンテナ上で gisobuild ツールを利用して GISO を作成する方法に焦点を当てて解説します。
Docker コンテナを利用して GISO を作成することで、以下のようなメリットがあります:
- ローカル環境に複雑な依存関係をインストールする必要がなくなる
- 常に最新バージョンの
gisobuildツールを容易に利用できる - デバイス種別や IOS XR バージョンごとにビルド環境を分離でき、環境間の競合を防止できる
特に複数の IOS XR バージョンやプラットフォーム(例:ASR9000/NCS5500/C8000 など)を扱う場合、Docker を用いたアプローチは再現性と保守性の観点から非常に有効です。
Golden ISO (GISO) 作成環境の準備
本記事の執筆時点では、Debian 13 (trixie) をホスト OS としたサーバを使用しています。
このサーバ上に Docker をインストールし、GISO を作成するためのコンテナビルド環境を構築しています。
以下は、検証環境における OS および Docker のバージョン情報です。
trustywolf@devops:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 13 (trixie)
Release: 13
Codename: trixie
trustywolf@devops:~$ docker -v
Docker version 29.1.3, build f52814d
Debian をベースとした環境に Docker を組み合わせることで、gisobuild 実行に必要な依存関係をホスト OS から切り離し、再現性の高い GISO 作成環境を実現しています。
gisobuild Docker イメージの作成
Cisco は Docker Hub 上に公式の gisobuild Docker イメージを提供しており、これを利用することで環境構築を簡略化することも可能です。
しかし、現時点筆者の調査では、公式イメージの最新バージョンは 2.3.4 であり、約 2 年前に作成されたものでした。そのため、最新の機能や修正が反映されていない可能性があります。
本記事では、常に最新の gisobuild を利用できるよう、ソースコードから独自に Docker イメージをビルドする方法を紹介します。
まず、git コマンドを使用して gisobuild のソースコードリポジトリをクローンします。
trustywolf@devops:~$ git clone https://github.com/ios-xr/gisobuild.git
trustywolf@devops:~$ cd gisobuild/
リポジトリ内のファイルを確認すると、gisobuild には Docker イメージ作成用の Dockerfile が同梱されていることが分かります。
trustywolf@devops:~/gisobuild$ ll
total 44
-rw-r--r-- 1 trustywolf trustywolf 1432 Dec 24 18:46 CONTRIBUTING.md
-rw-r--r-- 1 trustywolf trustywolf 1970 Dec 24 18:46 Dockerfile
-rw-r--r-- 1 trustywolf trustywolf 4666 Dec 24 18:46 gisobuild_options.yaml
-rw-r--r-- 1 trustywolf trustywolf 1551 Dec 24 18:46 LICENSE
-rw-r--r-- 1 trustywolf trustywolf 19335 Dec 24 18:46 README.md
drwxr-xr-x 2 trustywolf trustywolf 116 Dec 24 18:46 sample_yaml
-rw-r--r-- 1 trustywolf trustywolf 2374 Dec 24 18:46 SECURITY.md
drwxr-xr-x 2 trustywolf trustywolf 32 Dec 24 18:46 setup
drwxr-xr-x 8 trustywolf trustywolf 110 Dec 24 18:46 src
次に、この Dockerfile を用いて Docker イメージをビルドします。
trustywolf@devops:~/gisobuild$ docker build -t gisobuild .
[+] Building 44.1s (9/9) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.1s
=> => transferring dockerfile: 2.01kB 0.0s
=> [internal] load metadata for docker.io/library/almalinux:8.10 1.6s
=> [internal] load .dockerignore 0.1s
=> => transferring context: 2B 0.0s
=> [internal] load build context 0.1s
=> => transferring context: 2.90kB 0.0s
=> [1/4] FROM docker.io/library/almalinux:8.10@sha256:6e0bf7e15bf9082c3e5b8f1811618ae2c56c7b9fc1e9f5e5ec6e23d27 4.1s
=> => resolve docker.io/library/almalinux:8.10@sha256:6e0bf7e15bf9082c3e5b8f1811618ae2c56c7b9fc1e9f5e5ec6e23d27 0.0s
=> => sha256:6e0bf7e15bf9082c3e5b8f1811618ae2c56c7b9fc1e9f5e5ec6e23d271bc273c 4.68kB / 4.68kB 0.0s
=> => sha256:932a575f8bea4a92df1864fdc4449dd2b0129e54e38573c922be57844669c6e8 1.03kB / 1.03kB 0.0s
=> => sha256:b280baad03a35fd12c2f1335fc2a217b93e374fd2d0cc75bc9fbd5f4b6b4e156 609B / 609B 0.0s
=> => sha256:ae93eb8e046d556eab73821be1ee598d67cbdaf19013e6a1574362d11dc09bb8 71.90MB / 71.90MB 1.4s
=> => extracting sha256:ae93eb8e046d556eab73821be1ee598d67cbdaf19013e6a1574362d11dc09bb8 2.4s
=> [2/4] COPY setup/prep_dependency.sh /tmp 0.8s
=> [3/4] WORKDIR /app/gisobuild 0.1s
=> [4/4] RUN /tmp/prep_dependency.sh && rm /tmp/prep_dependency.sh 36.6s
=> exporting to image 0.8s
=> => exporting layers 0.7s
=> => writing image sha256:92f3e4f921b5ba762c13443d5e80277b9de1e994d842c1180bdc397d0f663fce 0.0s
=> => naming to docker.io/library/gisobuild 0.0s
最後に、docker images コマンドで gisobuild Docker イメージが正常に作成されたことを確認します。
trustywolf@devops:~/gisobuild$ docker images
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
gisobuild:latest 92f3e4f921b5 406MB 0B
Golden ISO (GISO) 作成用ファイルの準備
今回は NCS5504 ルータを対象に、IOS XR 7.11.21 の Golden ISO(GISO)を作成します。
まず、必要となるファイルをダウンロードします。
trustywolf@devops:~$ ll ./img/ncs5500/
total 2209956
-rw-r--r-- 1 trustywolf trustywolf 5079040 Dec 24 18:20 ncs5500-7.11.21.CSCwk15887.tar
-rw-r--r-- 1 trustywolf trustywolf 317440 Dec 24 18:20 ncs5500-7.11.21.CSCwm56977.tar
-rw-r--r-- 1 trustywolf trustywolf 942080 Dec 24 18:20 ncs5500-7.11.21.CSCwm85670.tar
-rw-r--r-- 1 trustywolf trustywolf 3153920 Dec 24 18:20 ncs5500-7.11.21.CSCwm85686.tar
-rw-r--r-- 1 trustywolf trustywolf 3205120 Dec 24 18:20 ncs5500-7.11.21.CSCwn08493.tar
-rw-r--r-- 1 trustywolf trustywolf 2250291200 Dec 24 18:20 NCS5500-iosxr-k9-7.11.21.tar
これらのファイルを展開し、必要なコンポーネント(Mini ISO、Optional packages、SMU)を抽出して 1 つのディレクトリにまとめます。
trustywolf@devops:~$ mkdir ~/ncs5500 && cd ~/ncs5500
trustywolf@devops:~/ncs5500$ tar -xf ~/img/ncs5500/NCS5500-iosxr-k9-7.11.21.tar --wildcards '*.rpm' --strip-components=2
trustywolf@devops:~/ncs5500$ tar -xf ~/img/ncs5500/NCS5500-iosxr-k9-7.11.21.tar --wildcards '*.iso'
trustywolf@devops:~/ncs5500$ tar -xf ~/img/ncs5500/ncs5500-7.11.21.CSCwk15887.tar --wildcards '*.rpm'
trustywolf@devops:~/ncs5500$ tar -xf ~/img/ncs5500/ncs5500-7.11.21.CSCwm56977.tar --wildcards '*.rpm'
trustywolf@devops:~/ncs5500$ tar -xf ~/img/ncs5500/ncs5500-7.11.21.CSCwm85670.tar --wildcards '*.rpm'
trustywolf@devops:~/ncs5500$ tar -xf ~/img/ncs5500/ncs5500-7.11.21.CSCwm85686.tar --wildcards '*.rpm'
trustywolf@devops:~/ncs5500$ tar -xf ~/img/ncs5500/ncs5500-7.11.21.CSCwn08493.tar --wildcards '*.rpm'
展開後のディレクトリ構成は以下のとおりです:
trustywolf@devops:~/ncs5500$ pwd
/home/trustywolf/ncs5500
trustywolf@devops:~/ncs5500$ ll
total 2209908
-rw-r--r-- 1 trustywolf trustywolf 5066832 Feb 25 2025 ncs5500-bgp-1.0.0.1-r71121.CSCwk15887.x86_64.rpm
-rw-r--r-- 1 trustywolf trustywolf 638164 Oct 17 2024 ncs5500-eigrp-1.0.0.0-r71121.x86_64.rpm
-rw-r--r-- 1 trustywolf trustywolf 96785675 Oct 17 2024 ncs5500-healthcheck-1.0.0.0-r71121.x86_64.rpm
-rw-r--r-- 1 trustywolf trustywolf 3147158 Mar 15 2025 ncs5500-infra-1.0.0.1-r71121.CSCwm85686.x86_64.rpm
-rw-r--r-- 1 trustywolf trustywolf 3193446 Apr 22 2025 ncs5500-infra-1.0.0.2-r71121.CSCwn08493.x86_64.rpm
-rw-r--r-- 1 trustywolf trustywolf 3841215 Oct 17 2024 ncs5500-isis-1.0.0.0-r71121.x86_64.rpm
-rwxr-x--- 1 trustywolf trustywolf 1436712 Oct 17 2024 ncs5500-k9sec-1.0.0.0-r71121.x86_64.rpm
-rw-r--r-- 1 trustywolf trustywolf 342960 Oct 17 2024 ncs5500-li-1.0.0.0-r71121.x86_64.rpm
-rw-r--r-- 1 trustywolf trustywolf 13850 Oct 17 2024 ncs5500-lictrl-1.0.0.0-r71121.x86_64.rpm
-rw-r--r-- 1 trustywolf trustywolf 11587345 Oct 17 2024 ncs5500-mcast-1.0.0.0-r71121.x86_64.rpm
-rw-r--r-- 1 trustywolf trustywolf 21392609 Oct 17 2024 ncs5500-mgbl-1.0.0.0-r71121.x86_64.rpm
-rw-r--r-- 1 trustywolf trustywolf 2098958336 Oct 17 2024 ncs5500-mini-x-7.11.21.iso
-rw-r--r-- 1 trustywolf trustywolf 2292968 Oct 17 2024 ncs5500-mpls-1.0.0.0-r71121.x86_64.rpm
-rw-r--r-- 1 trustywolf trustywolf 8867858 Oct 17 2024 ncs5500-mpls-te-rsvp-1.0.0.0-r71121.x86_64.rpm
-rw-r--r-- 1 trustywolf trustywolf 306681 Mar 15 2025 ncs5500-os-1.0.0.1-r71121.CSCwm56977.x86_64.rpm
-rw-r--r-- 1 trustywolf trustywolf 4113794 Oct 17 2024 ncs5500-ospf-1.0.0.0-r71121.x86_64.rpm
-rw-r--r-- 1 trustywolf trustywolf 930494 Mar 6 2025 ncs5500-parser-1.0.0.1-r71121.CSCwm85670.x86_64.rpm
これで、GISO 作成に必要な Mini ISO、Optional packages、および SMU ファイルの準備が完了しました。
Docker を使用した Golden ISO (GISO) の作成
まず、作業ディレクトリ構成を確認します。今回はホームディレクトリ直下に、gisobuild(ソースコード)、ncs5500(ISO/RPM/SMU 置き場)、output(成果物出力先)を配置しています。
trustywolf@devops:~$ cd ~
trustywolf@devops:~$ pwd
/home/trustywolf
trustywolf@devops:~$ mkdir ~/output
trustywolf@devops:~$ tree -L 2 .
.
├── gisobuild
│ ├── CONTRIBUTING.md
│ ├── Dockerfile
│ ├── gisobuild_options.yaml
│ ├── LICENSE
│ ├── README.md
│ ├── sample_yaml
│ ├── SECURITY.md
│ ├── setup
│ └── src
├── ncs5500
│ ├── ncs5500-bgp-1.0.0.1-r71121.CSCwk15887.x86_64.rpm
│ ├── ncs5500-eigrp-1.0.0.0-r71121.x86_64.rpm
│ ├── ncs5500-healthcheck-1.0.0.0-r71121.x86_64.rpm
│ ├── ncs5500-infra-1.0.0.1-r71121.CSCwm85686.x86_64.rpm
│ ├── ncs5500-infra-1.0.0.2-r71121.CSCwn08493.x86_64.rpm
│ ├── ncs5500-isis-1.0.0.0-r71121.x86_64.rpm
│ ├── ncs5500-k9sec-1.0.0.0-r71121.x86_64.rpm
│ ├── ncs5500-li-1.0.0.0-r71121.x86_64.rpm
│ ├── ncs5500-lictrl-1.0.0.0-r71121.x86_64.rpm
│ ├── ncs5500-mcast-1.0.0.0-r71121.x86_64.rpm
│ ├── ncs5500-mgbl-1.0.0.0-r71121.x86_64.rpm
│ ├── ncs5500-mini-x-7.11.21.iso
│ ├── ncs5500-mpls-1.0.0.0-r71121.x86_64.rpm
│ ├── ncs5500-mpls-te-rsvp-1.0.0.0-r71121.x86_64.rpm
│ ├── ncs5500-os-1.0.0.1-r71121.CSCwm56977.x86_64.rpm
│ ├── ncs5500-ospf-1.0.0.0-r71121.x86_64.rpm
│ └── ncs5500-parser-1.0.0.1-r71121.CSCwm85670.x86_64.rpm
└── output
次に、前文で作成した gisobuild Docker イメージを使用して GISO をビルドします。
ここでは、ホスト側のディレクトリをコンテナ内へ bind mount し、入力(ISO/RPM)・ツール本体・出力先を分離して扱えるようにしています。
trustywolf@devops:~$ docker run -itd --name gisobuild-ncs5500 -v ./ncs5500:/app/gisobuild/input -v ./gisobuild/src:/app/gisobuild/src -v ./output:/app/gisobuild/output gisobuild:latest
50578faa4270e4d9c3fd48beca8d668afe2f591529b4b9dd6be6f21b8be80dac
このコマンドにより、gisobuild-ncs5500 という名前のコンテナを起動し、以下のディレクトリをマウントしています。
-
./ncs5500→/app/gisobuild/input -
./gisobuild/src→/app/gisobuild/src -
./output→/app/gisobuild/output
続いてコンテナへ入ります:
trustywolf@devops:~$ docker exec -it gisobuild-ncs5500 /bin/bash
[root@50578faa4270 gisobuild]# pwd
/app/gisobuild
ここまで完了すると、gisobuild.py を実行可能になります。まずはgisobuild.pyのヘルプを確認します。
[root@50578faa4270 gisobuild]# ./src/gisobuild.py -h
usage: gisobuild.py [-h] [--iso ISO] [--repo REPO [REPO ...]]
[--bridging-fixes BRIDGE_FIXES [BRIDGE_FIXES ...]]
[--xrconfig XRCONFIG] [--ztp-ini ZTP_INI] [--label LABEL]
[--no-label] [--out-directory OUT_DIRECTORY]
[--create-checksum] [--yamlfile CLI_YAML] [--clean]
[--pkglist PKGLIST [PKGLIST ...]]
[--key-request KEY_REQUEST] [--docker] [--script SCRIPT]
[--x86-only] [--migration]
[--remove-packages REMOVE_PACKAGES [REMOVE_PACKAGES ...]]
[--skip-usb-image] [--copy-dir COPY_DIRECTORY]
[--clear-bridging-fixes] [--verbose-dep-check] [--debug]
[--isoinfo ISOINFO]
[--only-support-pids ONLY_SUPPORT_PIDS [ONLY_SUPPORT_PIDS ...]]
[--clear-key-request]
[--ownership-vouchers OWNERSHIP_VOUCHERS]
[--clear-ownership-vouchers]
[--ownership-certificate OWNERSHIP_CERTIFICATE]
[--clear-ownership-certificate] [--no-buildinfo]
[--version]
Utility to build Golden ISO for IOS-XR.
optional arguments:
-h, --help show this help message and exit
--iso ISO Path to an input LNT ISO, EXR mini/full ISO, or a
GISO.
--repo REPO [REPO ...]
List of paths to RPM repositories. For LNT, user can
specify .rpm, .tgz, .tar filenames, or directories.
RPMs are only used if already included in the ISO, or
specified by the user via the --pkglist option.
--bridging-fixes BRIDGE_FIXES [BRIDGE_FIXES ...]
Bridging RPMs to package. For EXR, takes from-release
or RPM names; for LNT, the user can specify the same
file types as for the --repo option.
--xrconfig XRCONFIG Path to XR config file
--ztp-ini ZTP_INI Path to user ztp ini file
--label LABEL, -l LABEL
Golden ISO Label
--no-label Indicates that no label should be added to the GISO,
and any existing label should be removed
--out-directory OUT_DIRECTORY
Directory to put all artifacts of the GISO build
--create-checksum Write a file with the checksum and size of the output
file(s)
--yamlfile CLI_YAML Cli arguments via yaml. See the files in
./sample_yaml/ for examples
--clean Delete output dir before proceeding
--pkglist PKGLIST [PKGLIST ...]
Packages to be added to the output GISO. For eXR:
optional RPM or SMU to package. For LNT: either full
package filenames or package names for user
installable packages can be specified. Full package
filenames can be specified to choose a particular
version of a package, the rest of the block that the
package is in will be included as well. Package names
can be specified to include optional packages in the
output GISO.
--key-request KEY_REQUEST
Key request to package to be used when validating
customer and partner RPMs.
--docker, --use-container
Build GISO in container environment.Pulls and run pre-
built container image to build GISO.
--version Print version of this script and exit
EXR only build options:
--script SCRIPT Path to user executable script, executed as part of
boot, post activate.
--x86-only Only use x86_64 RPMs, even if other architectures are
applicable.
--migration Build migration tar (only valid for ASR9k)
LNT only build options:
--remove-packages REMOVE_PACKAGES [REMOVE_PACKAGES ...]
Remove RPMs, specified in a space separated list.
These are matched against user installable package
names, and must be the whole package name, e.g: xr-bgp
--skip-usb-image Do not build the USB image
--copy-dir COPY_DIRECTORY
Copy built artifacts to specified directory if
provided. The specified directory must already exist,
be writable by the builder and must not contain a
previously built artifact with the same name.
--clear-bridging-fixes
Remove all bridging bugfixes from the input ISO
--verbose-dep-check Verbose output for the dependency check.
--debug Output debug logs to console
--isoinfo ISOINFO User specified isoinfo executable to use instead of
the default version
--only-support-pids ONLY_SUPPORT_PIDS [ONLY_SUPPORT_PIDS ...]
Support only these hardware PIDs in the output ISO
(e.g. '8800-RP' '8800-LC-36FH' '8800-LC-48H'); other
PIDs from the input ISO will be removed. This option
is generally used to reduce the size of the output
ISO. Do not use this option before discussing with
Cisco support.
--clear-key-request Remove all key requests from the input ISO
--ownership-vouchers OWNERSHIP_VOUCHERS
Ownership vouchers to package to be used when
validating owner and partner RPMs.
--clear-ownership-vouchers
Remove all ownership vouchers from the input ISO, if
there are any present
--ownership-certificate OWNERSHIP_CERTIFICATE
Ownership certificate to package to be used when
validating owner and partner RPMs.
--clear-ownership-certificate
Remove the ownership certificate from the input ISO,
if there is one present
--no-buildinfo Do not update the build metadata in mdata.json with
the GISO build information
gisobuild は IOS-XR 64bit(eXR)および IOS XR7(LNT)の両アーキテクチャに対応した共通ツールです。
本記事では NCS5504 向けに GISO を作成するため、ここからは主に eXR 向けのオプションを利用してビルドを進めます。
以下のコマンドを実行して GISO を作成します。
[root@50578faa4270 gisobuild]# ./src/gisobuild.py --iso /app/gisobuild/input/ncs5500-mini-x-7.11.21.iso --repo /app/gisobuild/input --label lab --clean
System requirements check [PASS]
Platform: ncs5500 Version: 7.11.21
Scanning repository [/app/gisobuild/input]...
Building RPM Database...
Total 16 RPM(s) present in the repository path provided in CLI
0 valid TP Rpms:
[ 1] ncs5500-lictrl-1.0.0.0-r71121.x86_64.rpm
[ 2] ncs5500-isis-1.0.0.0-r71121.x86_64.rpm
[ 3] ncs5500-infra-1.0.0.2-r71121.CSCwn08493.x86_64.rpm
[ 4] ncs5500-parser-1.0.0.1-r71121.CSCwm85670.x86_64.rpm
[ 5] ncs5500-k9sec-1.0.0.0-r71121.x86_64.rpm
[ 6] ncs5500-mpls-te-rsvp-1.0.0.0-r71121.x86_64.rpm
[ 7] ncs5500-mgbl-1.0.0.0-r71121.x86_64.rpm
[ 8] ncs5500-eigrp-1.0.0.0-r71121.x86_64.rpm
[ 9] ncs5500-infra-1.0.0.1-r71121.CSCwm85686.x86_64.rpm
[10] ncs5500-li-1.0.0.0-r71121.x86_64.rpm
[11] ncs5500-os-1.0.0.1-r71121.CSCwm56977.x86_64.rpm
[12] ncs5500-healthcheck-1.0.0.0-r71121.x86_64.rpm
[13] ncs5500-ospf-1.0.0.0-r71121.x86_64.rpm
[14] ncs5500-mpls-1.0.0.0-r71121.x86_64.rpm
[15] ncs5500-mcast-1.0.0.0-r71121.x86_64.rpm
[16] ncs5500-bgp-1.0.0.1-r71121.CSCwk15887.x86_64.rpm
Following XR x86_64 rpm(s) will be used for building Golden ISO:
(+) ncs5500-lictrl-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-isis-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-infra-1.0.0.2-r71121.CSCwn08493.x86_64.rpm
(+) ncs5500-parser-1.0.0.1-r71121.CSCwm85670.x86_64.rpm
(+) ncs5500-k9sec-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-mpls-te-rsvp-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-mgbl-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-eigrp-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-li-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-os-1.0.0.1-r71121.CSCwm56977.x86_64.rpm
(+) ncs5500-healthcheck-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-ospf-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-mpls-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-mcast-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-bgp-1.0.0.1-r71121.CSCwk15887.x86_64.rpm
...RPM signature check [PASS]
...RPM compatibility check [PASS]
Building Golden ISO...
Summary .....
XR rpms:
ncs5500-lictrl-1.0.0.0-r71121.x86_64.rpm
ncs5500-isis-1.0.0.0-r71121.x86_64.rpm
ncs5500-infra-1.0.0.2-r71121.CSCwn08493.x86_64.rpm
ncs5500-parser-1.0.0.1-r71121.CSCwm85670.x86_64.rpm
ncs5500-k9sec-1.0.0.0-r71121.x86_64.rpm
ncs5500-mpls-te-rsvp-1.0.0.0-r71121.x86_64.rpm
ncs5500-mgbl-1.0.0.0-r71121.x86_64.rpm
ncs5500-eigrp-1.0.0.0-r71121.x86_64.rpm
ncs5500-li-1.0.0.0-r71121.x86_64.rpm
ncs5500-os-1.0.0.1-r71121.CSCwm56977.x86_64.rpm
ncs5500-healthcheck-1.0.0.0-r71121.x86_64.rpm
ncs5500-ospf-1.0.0.0-r71121.x86_64.rpm
ncs5500-mpls-1.0.0.0-r71121.x86_64.rpm
ncs5500-mcast-1.0.0.0-r71121.x86_64.rpm
ncs5500-bgp-1.0.0.1-r71121.CSCwk15887.x86_64.rpm
...Golden ISO creation SUCCESS.
Golden ISO Image Location: /app/gisobuild/output_gisobuild/ncs5500-goldenk9-x-7.11.21-lab.iso
Creating USB Boot zip...
USB Boot Zip: ncs5500-usb_boot-7.11.21-lab.zip
USB Boot Zip Location: /app/gisobuild/output_gisobuild/ncs5500-usb_boot-7.11.21-lab.zip
上記のとおり、NCS5504 向けの GISO 作成が成功しました。生成された GISO ファイルおよび USB ブート用 ZIP は、コンテナ内の /app/gisobuild/output_gisobuild 配下に出力されます。以下のコマンドで成果物を確認することが可能です。
[root@50578faa4270 gisobuild]# ls -alh /app/gisobuild/output_gisobuild
total 4.2G
drwxr-xr-x 4 root root 181 Dec 24 10:41 .
drwxr-xr-x 1 root root 68 Dec 24 10:39 ..
-rw-r--r-- 1 root root 34 Dec 24 10:40 img_built_name.txt
drwxr-xr-x 2 root root 54 Dec 24 10:39 logs
-rw-r--r-- 1 root root 2.2G Dec 24 10:40 ncs5500-goldenk9-x-7.11.21-lab.iso
-rw-r--r-- 1 root root 2.1G Dec 24 10:41 ncs5500-usb_boot-7.11.21-lab.zip
-rw-r--r-- 1 root root 647 Dec 24 10:39 rpms_packaged_in_giso.txt
drwxr-xr-x 2 root root 4.0K Dec 24 10:39 upgrade_matrix
今回、公式提供の ISO と区別しやすいように、GISO 作成時に --label lab を指定しています。
その結果、生成される GISO のファイル名は ncs5500-goldenk9-x-7.11.21-lab.iso となります。
一方、ラベルを付与したくない場合は --no-label を指定します。
`--no-label` を指定して GISO を作成した場合の出力例は以下のとおりです。
[root@50578faa4270 gisobuild]# ./src/gisobuild.py --iso /app/gisobuild/input/ncs5500-mini-x-7.11.21.iso --repo /app/gisobuild/input --no-label --clean
System requirements check [PASS]
Platform: ncs5500 Version: 7.11.21
Scanning repository [/app/gisobuild/input]...
Building RPM Database...
Total 16 RPM(s) present in the repository path provided in CLI
0 valid TP Rpms:
[ 1] ncs5500-isis-1.0.0.0-r71121.x86_64.rpm
[ 2] ncs5500-infra-1.0.0.2-r71121.CSCwn08493.x86_64.rpm
[ 3] ncs5500-lictrl-1.0.0.0-r71121.x86_64.rpm
[ 4] ncs5500-k9sec-1.0.0.0-r71121.x86_64.rpm
[ 5] ncs5500-mpls-te-rsvp-1.0.0.0-r71121.x86_64.rpm
[ 6] ncs5500-bgp-1.0.0.1-r71121.CSCwk15887.x86_64.rpm
[ 7] ncs5500-parser-1.0.0.1-r71121.CSCwm85670.x86_64.rpm
[ 8] ncs5500-eigrp-1.0.0.0-r71121.x86_64.rpm
[ 9] ncs5500-infra-1.0.0.1-r71121.CSCwm85686.x86_64.rpm
[10] ncs5500-li-1.0.0.0-r71121.x86_64.rpm
[11] ncs5500-os-1.0.0.1-r71121.CSCwm56977.x86_64.rpm
[12] ncs5500-mcast-1.0.0.0-r71121.x86_64.rpm
[13] ncs5500-healthcheck-1.0.0.0-r71121.x86_64.rpm
[14] ncs5500-ospf-1.0.0.0-r71121.x86_64.rpm
[15] ncs5500-mpls-1.0.0.0-r71121.x86_64.rpm
[16] ncs5500-mgbl-1.0.0.0-r71121.x86_64.rpm
Following XR x86_64 rpm(s) will be used for building Golden ISO:
(+) ncs5500-isis-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-infra-1.0.0.2-r71121.CSCwn08493.x86_64.rpm
(+) ncs5500-lictrl-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-k9sec-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-mpls-te-rsvp-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-bgp-1.0.0.1-r71121.CSCwk15887.x86_64.rpm
(+) ncs5500-parser-1.0.0.1-r71121.CSCwm85670.x86_64.rpm
(+) ncs5500-eigrp-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-li-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-os-1.0.0.1-r71121.CSCwm56977.x86_64.rpm
(+) ncs5500-mcast-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-healthcheck-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-ospf-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-mpls-1.0.0.0-r71121.x86_64.rpm
(+) ncs5500-mgbl-1.0.0.0-r71121.x86_64.rpm
...RPM signature check [PASS]
...RPM compatibility check [PASS]
Building Golden ISO...
Summary .....
XR rpms:
ncs5500-isis-1.0.0.0-r71121.x86_64.rpm
ncs5500-infra-1.0.0.2-r71121.CSCwn08493.x86_64.rpm
ncs5500-lictrl-1.0.0.0-r71121.x86_64.rpm
ncs5500-k9sec-1.0.0.0-r71121.x86_64.rpm
ncs5500-mpls-te-rsvp-1.0.0.0-r71121.x86_64.rpm
ncs5500-bgp-1.0.0.1-r71121.CSCwk15887.x86_64.rpm
ncs5500-parser-1.0.0.1-r71121.CSCwm85670.x86_64.rpm
ncs5500-eigrp-1.0.0.0-r71121.x86_64.rpm
ncs5500-li-1.0.0.0-r71121.x86_64.rpm
ncs5500-os-1.0.0.1-r71121.CSCwm56977.x86_64.rpm
ncs5500-mcast-1.0.0.0-r71121.x86_64.rpm
ncs5500-healthcheck-1.0.0.0-r71121.x86_64.rpm
ncs5500-ospf-1.0.0.0-r71121.x86_64.rpm
ncs5500-mpls-1.0.0.0-r71121.x86_64.rpm
ncs5500-mgbl-1.0.0.0-r71121.x86_64.rpm
Info: Label is not specified so Golden ISO will not have any label
...Golden ISO creation SUCCESS.
Golden ISO Image Location: /app/gisobuild/output_gisobuild/ncs5500-goldenk9-x-7.11.21.iso
Creating USB Boot zip...
USB Boot Zip: ncs5500-usb_boot-7.11.21-0.zip
--no-label を指定した場合、生成される GISO は ncs5500-goldenk9-x-7.11.21.iso のようにラベルなしのファイル名となります。
[root@50578faa4270 gisobuild]# ls -alh /app/gisobuild/output_gisobuild
total 4.2G
drwxr-xr-x 4 root root 175 Dec 24 10:54 .
drwxr-xr-x 1 root root 68 Dec 24 10:51 ..
-rw-r--r-- 1 root root 30 Dec 24 10:53 img_built_name.txt
drwxr-xr-x 2 root root 54 Dec 24 10:51 logs
-rw-r--r-- 1 root root 2.2G Dec 24 10:53 ncs5500-goldenk9-x-7.11.21.iso
-rw-r--r-- 1 root root 2.1G Dec 24 10:54 ncs5500-usb_boot-7.11.21-0.zip
-rw-r--r-- 1 root root 647 Dec 24 10:52 rpms_packaged_in_giso.txt
drwxr-xr-x 2 root root 4.0K Dec 24 10:52 upgrade_matrix
なお、GISO のほかに ncs5500-usb_boot-7.11.21-<label>.zip という USB ブート用 ZIP ファイルも同時に生成されます。これは、USB メディアから IOS XR を起動・インストールする用途で利用できます。
最後に、生成された成果物をコンテナ内からホスト側の output ディレクトリへコピーします。
[root@50578faa4270 gisobuild]# cp -r /app/gisobuild/output_gisobuild/* /app/gisobuild/output/
これで、NCS5504 向けの GISO 作成プロセスは完了です。成果物はホスト側の output ディレクトリに保存され、インストール/アップグレード作業に利用できます。
trustywolf@devops:~/output$ pwd
/home/trustywolf/output
trustywolf@devops:~/output$ ll
total 4403692
-rw-r--r-- 1 root root 34 Dec 24 20:07 img_built_name.txt
drwxr-xr-x 2 root root 54 Dec 24 20:07 logs
-rw-r--r-- 1 root root 2260103168 Dec 24 20:07 ncs5500-goldenk9-x-7.11.21-lab.iso
-rw-r--r-- 1 root root 2249264260 Dec 24 20:07 ncs5500-usb_boot-7.11.21-lab.zip
-rw-r--r-- 1 root root 647 Dec 24 20:07 rpms_packaged_in_giso.txt
drwxr-xr-x 2 root root 4096 Dec 24 20:07 upgrade_matrix
install replace と Golden ISO(GISO)を用いた IOS XR インストール/アップグレード
Golden ISO(GISO)の作成が完了したら、これを用いて NCS5504 上の IOS XR をアップグレードします。
ここでは例として、現在稼働中のNCS5504のIOS XR を GISO で 25.2.2 へ更新するコマンドを示します。install replace は指定した Golden ISO をベースに、必要最小限の差分を適用しながら置き換えを進めるため、運用手順の簡素化とダウンタイムの短縮につながります。
RP/0/RP1/CPU0:R1-NCS5504#install replace http://172.20.99.19/files/ncs5500-goldenk9-x-25.2.2-lab.iso commit noprompt
(参考)アップグレード中のログ出力は以下のとおりです。
RP/0/RP1/CPU0:R1-NCS5504#install replace http://172.20.99.19/files/ncs5500-goldenk9-x-25.2.2-lab.iso commit noprompt
Thu Dec 4 05:59:41.578 JST
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2025-12-04 05:59:52 Install operation 9 started by transport-admin:
2025-12-04 05:59:52 install replace source http://172.20.99.19/files/ncs5500-goldenk9-x-25.2.2-lab.iso noprompt commit
0/RP1/ADMIN0:Dec 4 05:59:52.000 JST: cal_logger[42658]: %OS-SYSLOG-6-LOG_INFO : truncated by file_cleanup.py, it is a cleanup mechanism and will not impact any functionality
2025-12-04 05:59:56 No install operation in progress at this moment
2025-12-04 05:59:56 Checking system is ready for install operation
2025-12-04 05:59:57 'install replace' in progress
2025-12-04 05:59:57 Install replace with commit option is triggered
2025-12-04 05:59:57 Label = lab
2025-12-04 05:59:57 ISO ncs5500-goldenk9-x-25.2.2-lab.iso in input package list. Going to upgrade the system to version 25.2.2.
WARNING: Commit option is used. This will auto commit the software after the install activation completes successfully.
However, if any login failures are seen after the reload, rollback would be possible with USB/PXE boot or appropriate workaround.
2025-12-04 06:00:02 Scheme : http
2025-12-04 06:00:02 Hostname : 172.20.99.19
2025-12-04 06:00:02 Collecting software state..
2025-12-04 06:00:02 Getting platform
2025-12-04 06:00:02 Getting supported architecture
2025-12-04 06:00:02 Getting active packages from XR
0/RP1/ADMIN0:Dec 4 06:00:02.000 JST: cal_logger[43249]: %OS-SYSLOG-6-LOG_INFO : truncated by file_cleanup.py, it is a cleanup mechanism and will not impact any functionality
2025-12-04 06:00:04 Getting inactive packages from XR
2025-12-04 06:00:11 Getting list of RPMs in local repo
2025-12-04 06:00:11 Getting list of provides of all active packages
2025-12-04 06:00:11 Getting provides of each rpm in repo
2025-12-04 06:00:11 Getting requires of each rpm in repo
2025-12-04 06:00:16 Fetching .... ncs5500-goldenk9-x-25.2.2-lab.iso
RP/0/RP1/CPU0:Dec 4 06:01:01.666 JST: sdr_instmgr[1312]: %PKT_INFRA-FM-6-FAULT_INFO : INSTALL-IN-PROGRESS :DECLARE :0/RP1/CPU0: INSTALL_IN_PROGRESS Alarm : being DECLARED for the system
0/RP1/ADMIN0:Dec 4 06:01:01.000 JST: inst_mgr[4328]: %PKT_INFRA-FM-6-FAULT_INFO : INSTALL-IN-PROGRESS :DECLARE :0/RP1: Sysadmin INSTALL_IN_PROGRESS Alarm : being DECLARED for the system
2025-12-04 06:01:01 Adding packages
ncs5500-goldenk9-x-25.2.2-lab.iso
2025-12-04 06:01:01 Allocated operation ID 10 for install add
2025-12-04 06:01:43 Activating ncs5500-goldenk9-x-25.2.2-lab
2025-12-04 06:01:46 Optimized list to prepare after sanitizing input list for superseded packages:
ncs5500-goldenk9-x-25.2.2-lab
2025-12-04 06:01:46 Package list:
2025-12-04 06:01:46 ncs5500-goldenk9-x-25.2.2-lab
2025-12-04 06:01:46 The operation is past point-of-no-return and can no longer be stopped!
2025-12-04 06:01:46 Action 1: install prepare action started
2025-12-04 06:01:46 Triggering prepare operation.
This may take a while...
2025-12-04 06:06:13 Action 1: install prepare action completed successfully
2025-12-04 06:06:34 Prepare operation completed. Trigger activate.
This may take a while...
2025-12-04 06:06:34 Prepare completed. Operation ID 9 will be taken up for activate operation
2025-12-04 06:06:35 Activate operation ID is: 9 for 'install source' ID:9
2025-12-04 06:06:37 Install operation 9 started:
install activate replace noprompt synchronous
2025-12-04 06:06:39 Action 1: install activate action started
2025-12-04 06:06:39 The software will be activated with reload upgrade
2025-12-04 06:06:41 Following nodes are available for System Upgrade activate:
2025-12-04 06:06:41 0/FC0 0/FC1 0/FC2 0/FC3 0/FC4 0/FC5 0/RP1 0/SC0 0/SC1
2025-12-04 06:09:10 Action 1: install activate action completed successfully
RP/0/RP1/CPU0:Dec 4 06:09:18.400 JST: sdr_instmgr[1312]: %MGBL-SCONBKUP-6-INTERNAL_INFO : Reload debug script successfully spawned
2025-12-04 06:09:22 Install operation 9 finished successfully
RP/0/RP1/CPU0:Dec 4 06:09:22.571 JST: sdr_instmgr[1312]: %INSTALL-INSTMGR-2-OPERATION_SUCCESS : Install operation 9 finished successfully
2025-12-04 06:09:23 Ending operation 9
RP/0/RP1/CPU0:Dec 4 06:09:23.697 JST: sdr_instmgr[1312]: %INSTALL-INSTMGR-2-SYSTEM_RELOAD_INFO : The whole system will be reloaded to complete install operation 9
RP/0/RP1/CPU0:Dec 4 06:09:23.705 JST: sdr_instmgr[1312]: %INSTALL-INSTMGR-2-REPLACE_COMMIT_PENDING : This operation has a pending install commit which will be triggered after reload
0/RP1/ADMIN0:Dec 4 06:09:25.000 JST: inst_mgr[4328]: %INFRA-INSTMGR-5-OPERATION_TO_RELOAD : This rack will now reload as part of the install operation
RP/0/RP1/CPU0:Dec 4 06:10:14.633 JST: SSHD_[1316]: %SECURITY-SSHD-6-INFO_GENERAL : shutdown event for ssh server received
0/FC3/ADMIN0:Dec 4 06:10:14.000 JST: cm[2251]: %ROUTING-TOPO-5-PROCESS_UPDATE : Got process update: Card shutdown.
0/FC0/ADMIN0:Dec 4 06:10:14.000 JST: cm[2251]: %ROUTING-TOPO-5-PROCESS_UPDATE : Got process update: Card shutdown.
0/FC1/ADMIN0:Dec 4 06:10:14.000 JST: cm[2251]: %ROUTING-TOPO-5-PROCESS_UPDATE : Got process update: Card shutdown.
0/FC5/ADMIN0:Dec 4 06:10:14.000 JST: cm[2247]: %ROUTING-TOPO-5-PROCESS_UPDATE : Got process update: Card shutdown.
0/FC2/ADMIN0:Dec 4 06:10:14.000 JST: cm[2251]: %ROUTING-TOPO-5-PROCESS_UPDATE : Got process update: Card shutdown.
0/FC4/ADMIN0:Dec 4 06:10:14.000 JST: cm[2248]: %ROUTING-TOPO-5-PROCESS_UPDATE : Got process update: Card shutdown.
0/SC1/ADMIN0:Dec 4 06:10:14.000 JST: card_mgr[2259]: %DRIVER-CARD_MGR-6-RPSC_STANDBY_STATUS : Location: 0/SC1, Mastership status: Standby, rpsc_arb_val: 0xe, rpsc2rpsc_status: 0x40010201, rpsc2rpsc_command: 0x40001
0/SC1/ADMIN0:Dec 4 06:10:14.000 JST: cm[2260]: %ROUTING-TOPO-5-PROCESS_UPDATE : Got process update: Card shutdown.
0/SC0/ADMIN0:Dec 4 06:10:14.000 JST: cm[2268]: %ROUTING-TOPO-5-PROCESS_UPDATE : Got process update: Card shutdown.
0/SC0/ADMIN0:Dec 4 06:10:14.000 JST: card_mgr[2267]: %DRIVER-CARD_MGR-6-RPSC_MASTER_STATUS : Location: 0/SC0, Mastership status: Master, rpsc_arb_val: 0x11, rpsc2rpsc_status: 0x80010201, rpsc2rpsc_command: 0x40002
0/FC5/ADMIN0:Dec 4 06:10:15.000 JST: aaad[2241]: %MGBL-AAAD-7-DEBUG : Disaster-recovery account not configured. Using first user as disaster-recovery account
0/FC4/ADMIN0:Dec 4 06:10:15.000 JST: aaad[2244]: %MGBL-AAAD-7-DEBUG : Disaster-recovery account not configured. Using first user as disaster-recovery account
0/FC0/ADMIN0:Dec 4 06:10:15.000 JST: aaad[2248]: %MGBL-AAAD-7-DEBUG : Disaster-recovery account not configured. Using first user as disaster-recovery account
0/FC2/ADMIN0:Dec 4 06:10:15.000 JST: aaad[2247]: %MGBL-AAAD-7-DEBUG : Disaster-recovery account not configured. Using first user as disaster-recovery account
0/FC1/ADMIN0:Dec 4 06:10:15.000 JST: aaad[2247]: %MGBL-AAAD-7-DEBUG : Disaster-recovery account not configured. Using first user as disaster-recovery account
0/FC3/ADMIN0:Dec 4 06:10:15.000 JST: aaad[2248]: %MGBL-AAAD-7-DEBUG : Disaster-recovery account not configured. Using first user as disaster-recovery account
0/SC1/ADMIN0:Dec 4 06:10:15.000 JST: aaad[2257]: %MGBL-AAAD-7-DEBUG : Disaster-recovery account not configured. Using first user as disaster-recovery account
0/SC0/ADMIN0:Dec 4 06:10:15.000 JST: aaad[2265]: %MGBL-AAAD-7-DEBUG : Disaster-recovery account not configured. Using first user as disaster-recovery account
RP/0/RP1/CPU0:R1-NCS5504#0/RP1/ADMIN0:Dec 4 06:10:21.000 JST: esdma[3808]: %INFRA-ESDMA-6-ESD_CONN_LOST : ESDMA lost connection with esd at 0/SC1/EPC_SW
0/RP1/ADMIN0:Dec 4 06:10:21.000 JST: esdma[3808]: %INFRA-ESDMA-6-ESD_CONN_LOST : ESDMA lost connection with esd at 0/SC1/SC_SW
0/RP1/ADMIN0:Dec 4 06:10:21.000 JST: esdma[3808]: %INFRA-ESDMA-6-ESD_CONN_LOST : ESDMA lost connection with esd at 0/SC1/EOBC_SW
0/RP1/ADMIN0:Dec 4 06:10:21.000 JST: esdma[3808]: %INFRA-ESDMA-6-ESD_CONN_LOST : ESDMA lost connection with esd at 0/SC0/EOBC_SW
0/RP1/ADMIN0:Dec 4 06:10:21.000 JST: esdma[3808]: %INFRA-ESDMA-6-ESD_CONN_LOST : ESDMA lost connection with esd at 0/SC0/EPC_SW
0/RP1/ADMIN0:Dec 4 06:10:22.000 JST: esdma[3808]: %INFRA-ESDMA-6-ESD_CONN_LOST : ESDMA lost connection with esd at 0/SC0/SC_SW
0/RP1/ADMIN0:Dec 4 06:10:26.000 JST: cm[2091]: %ROUTING-TOPO-5-PROCESS_UPDATE : Got process update: Card shutdown.
0/RP1/ADMIN0:Dec 4 06:10:28.000 JST: esdma[3808]: %INFRA-ESDMA-6-ESD_CONN_LOST : ESDMA lost connection with esd at 0/FC0/FC-SW
Preparing system for backup. This may take a few minutes especially for large configurations.
Status report: node0_RP1_CPU0: BACKUP INPROGRESS
0/RP1/ADMIN0:Dec 4 06:10:28.000 JST: esdma[3808]: %INFRA-ESDMA-6-ESD_CONN_LOST : ESDMA lost connection with esd at 0/FC1/FC-SW
0/RP1/ADMIN0:Dec 4 06:10:28.000 JST: esdma[3808]: %INFRA-ESDMA-6-ESD_CONN_LOST : ESDMA lost connection with esd at 0/FC2/FC-SW
0/RP1/ADMIN0:Dec 4 06:10:28.000 JST: esdma[3808]: %INFRA-ESDMA-6-ESD_CONN_LOST : ESDMA lost connection with esd at 0/FC3/FC-SW
0/RP1/ADMIN0:Dec 4 06:10:28.000 JST: esdma[3808]: %INFRA-ESDMA-6-ESD_CONN_LOST : ESDMA lost connection with esd at 0/FC4/FC-SW
0/RP1/ADMIN0:Dec 4 06:10:28.000 JST: esdma[3808]: %INFRA-ESDMA-6-ESD_CONN_LOST : ESDMA lost connection with esd at 0/FC5/FC-SW
Status report: node0_RP1_CPU0: BACKUP HAS COMPLETED SUCCESSFULLY
[Done]
RP/0/RP1/CPU0:Dec 4 06:10:30.562 JST: processmgr[51]: %MGBL-SCONBKUP-6-INTERNAL_INFO : Reload debug script successfully spawned
0/RP1/ADMIN0:Dec 4 06:10:34.000 JST: shelf_mgr[2113]: %INFRA-SHELF_MGR-4-CARD_RELOAD : Reloading card 0/0
0/RP1/ADMIN0:Dec 4 06:10:34.000 JST: shelf_mgr[2113]: %INFRA-SHELF_MGR-4-CARD_RELOAD : Reloading card 0/FC0
0/RP1/ADMIN0:Dec 4 06:10:34.000 JST: shelf_mgr[2113]: %INFRA-SHELF_MGR-4-CARD_RELOAD : Reloading card 0/FC1
0/RP1/ADMIN0:Dec 4 06:10:34.000 JST: shelf_mgr[2113]: %INFRA-SHELF_MGR-4-CARD_RELOAD : Reloading card 0/FC2
0/RP1/ADMIN0:Dec 4 06:10:34.000 JST: shelf_mgr[2113]: %INFRA-SHELF_MGR-4-CARD_RELOAD : Reloading card 0/FC3
0/RP1/ADMIN0:Dec 4 06:10:34.000 JST: shelf_mgr[2113]: %INFRA-SHELF_MGR-4-CARD_RELOAD : Reloading card 0/FC4
0/RP1/ADMIN0:Dec 4 06:10:34.000 JST: shelf_mgr[2113]: %INFRA-SHELF_MGR-4-CARD_RELOAD : Reloading card 0/FC5
0/RP1/ADMIN0:Dec 4 06:10:34.000 JST: shelf_mgr[2113]: %INFRA-SHELF_MGR-4-CARD_RELOAD : Reloading card 0/SC0
0/RP1/ADMIN0:Dec 4 06:10:34.000 JST: shelf_mgr[2113]: %INFRA-SHELF_MGR-4-CARD_RELOAD : Reloading card 0/SC1
0/RP1/ADMIN0:Dec 4 06:10:34.000 JST: shelf_mgr[2113]: %INFRA-SHELF_MGR-4-CARD_RELOAD : Reloading card 0/RP1
RP/0/RP1/CPU0:Dec 4 06:10:42.198 JST: rmf_svr[447]: %PKT_INFRA-FM-3-FAULT_MAJOR : ALARM_MAJOR :RP-RED-LOST-ADMINNR :DECLARE :0/RP1/CPU0:
RP/0/RP1/CPU0:Dec 4 06:10:42.563 JST: processmgr[51]: %OS-SYSMGR-6-INFO : sysmgr_audit_app_tier: ack not received for sysmgr shutdown event from :emsd(1141)
[ OK ] Stopped Calvados service.
Stopping Network bridge for containers...
[ OK ] Stopped Network bridge for containers.
[ OK ] Stopped target Multi-User System.
[ OK ] Stopped target Cisco custom login prompts.
Stopping Avahi mDNS/DNS-SD Stack...
Stopping Periodic Command Scheduler...
Stopping Ethernet Bridge Filtering Tables...
Stopping Suspend/Resume Running libvirt Guests...
[34637.546653] libvirt-guests.sh[1611]: Running guests on default URI:
Stopping Lighttpd Daemon...
[34637.649833] libvirt-guests.sh[1619]: Running guests on
Stopping Machine Check Exception Logging Daemon...
[34637.768737] libvirt-guests.sh[1601]: Ru
Stopping Cisco Process Monitor Service...
Stopping Respond to IPv6 Node Information Queries...
Stopping Network Router Discovery Daemon...
Stopping System Logging Service...
Stopping Self Monitoring a…g Technology (SMART) Daemon...
Stopping Permit User Sessions...
Stopping Xinetd A Powerful Replacement For Inetd...
Stopping XR installation service...
[ OK ] Stopped OpenSSH Key Generation.
[ OK ] Stopped Periodic Command Scheduler.
[ OK ] Stopped Machine Check Exception Logging Daemon.
[ OK ] Stopped Cisco Process Monitor Service.
[ OK ] Stopped System Logging Service.
[ OK ] Stopped Self Monitoring an…ing Technology (SMART) Daemon.
[ OK ] Stopped Lighttpd Daemon.
[ OK ] Stopped Avahi mDNS/DNS-SD Stack.
[ OK ] Stopped Respond to IPv6 Node Information Queries.
[ OK ] Stopped Network Router Discovery Daemon.
[ OK ] Stopped Xinetd A Powerful Replacement For Inetd.
[ OK ] Stopped Ethernet Bridge Filtering Tables.
[ OK ] Stopped Suspend/Resume Running libvirt Guests.
[ OK ] Stopped Permit User Sessions.
[ OK ] Stopped XR installation service.
[ OK ] Stopped target Libvirt guests shutdown.
Stopping Container lxc-14781-sysadmin.
Stopping Container lxc-25161-default-sdr--1.
[ OK ] Stopped Container lxc-14781-sysadmin.
[ OK ] Stopped Container lxc-25161-default-sdr--1.
Stopping Virtualization daemon...
[ OK ] Unmounted /lxc_rootfs/panini_vol_grp-calvados_lv2.
[ OK ] Unmounted /run/lxc/sysadmin/ns/net.
[ OK ] Unmounted /run/netns/sysadmin.libvirt.
[ OK ] Unmounted /lxc_rootfs/panini_vol_grp-xr_lv2.
[ OK ] Unmounted /run/lxc/default-sdr--1/ns/net.
[ OK ] Unmounted /run/netns/default-sdr--1.libvirt.
[ OK ] Stopped Virtualization daemon.
[ OK ] Stopped target Network.
[ OK ] Stopped target Remote File Systems.
Stopping D-Bus System Message Bus...
[ OK ] Stopped Rollback uncommitt…rk config change transactions.
Stopping Login Service...
Stopping Virtual Machine a…tainer Registration Service...
Stopping Network Name Resolution...
[ OK ] Stopped D-Bus System Message Bus.
[ OK ] Stopped Virtual Machine an…ontainer Registration Service.
[ OK ] Stopped Login Service.
[ OK ] Stopped Network Name Resolution.
Stopping Network Service...
[ OK ] Stopped Network Service.
[ OK ] Stopped target Network (Pre).
[ OK ] Stopped IPv6 Packet Filtering Framework.
[ OK ] Stopped IPv4 Packet Filtering Framework.
[ OK ] Stopped target Basic System.
[ OK ] Stopped target Paths.
[ OK ] Stopped Dispatch Password …ts to Console Directory Watch.
[ OK ] Stopped Forward Password R…uests to Wall Directory Watch.
[ OK ] Stopped target Slices.
[ OK ] Removed slice Virtual Machine and Container Slice.
[ OK ] Removed slice User and Session Slice.
[ OK ] Stopped target Sockets.
[ OK ] Closed Avahi mDNS/DNS-SD Stack Activation Socket.
[ OK ] Closed D-Bus System Message Bus Socket.
[ OK ] Closed Libvirt admin socket.
[ OK ] Closed Libvirt local read-only socket.
[ OK ] Closed Libvirt local socket.
[ OK ] Closed sshd.socket.
[ OK ] Closed Syslog Socket.
[ OK ] Closed Tftp Server Activation Socket.
[ OK ] Closed Virtual machine lock manager socket.
[ OK ] Closed Virtual machine log manager socket.
[ OK ] Stopped target System Initialization.
Stopping Hardware RNG Entropy Gatherer Daemon...
[ OK ] Stopped Apply Kernel Variables.
[ OK ] Stopped Load Kernel Modules.
[ OK ] Stopped Update is Completed.
[ OK ] Stopped Rebuild Dynamic Linker Cache.
[ OK ] Stopped Rebuild Journal Catalog.
Stopping Update UTMP about System Boot/Shutdown...
[ OK ] Stopped Hardware RNG Entropy Gatherer Daemon.
[ OK ] Stopped Update UTMP about System Boot/Shutdown.
Stopping Security Auditing Service...
[ OK ] Stopped Security Auditing Service.
[ OK ] Stopped Create Volatile Files and Directories.
[ OK ] Stopped target Local File Systems.
Unmounting /debugfs/tracing...
Unmounting /mnt/pstore...
Unmounting /run/lxc...
Unmounting /run/netns/global-vrf...
Unmounting /run/netns/init...
Unmounting /run/netns/vrf1...
Unmounting /run/netns/vrf10...
Unmounting /run/netns/vrf11...
Unmounting /run/netns/vrf12...
Unmounting /run/netns/vrf13...
Unmounting /run/netns/vrf14...
Unmounting /run/netns/vrf15...
Unmounting /run/netns/vrf16...
Unmounting /run/netns/vrf2...
Unmounting /run/netns/vrf3...
Unmounting /run/netns/vrf4...
Unmounting /run/netns/vrf5...
Unmounting /run/netns/vrf6...
Unmounting /run/netns/vrf7...
Unmounting /run/netns/vrf8...
Unmounting /run/netns/vrf9...
Unmounting /var/log...
Unmounting /var/volatile...
Unmounting /www/pages/install_repo...
[ OK ] Unmounted /debugfs/tracing.
[ OK ] Unmounted /mnt/pstore.
[ OK ] Unmounted /run/lxc.
[ OK ] Unmounted /run/netns/global-vrf.
[ OK ] Unmounted /run/netns/init.
[ OK ] Unmounted /run/netns/vrf1.
[ OK ] Unmounted /run/netns/vrf10.
[ OK ] Unmounted /run/netns/vrf11.
[ OK ] Unmounted /run/netns/vrf12.
[ OK ] Unmounted /run/netns/vrf13.
[ OK ] Unmounted /run/netns/vrf14.
[ OK ] Unmounted /run/netns/vrf15.
[ OK ] Unmounted /run/netns/vrf16.
[ OK ] Unmounted /run/netns/vrf2.
[ OK ] Unmounted /run/netns/vrf3.
[ OK ] Unmounted /run/netns/vrf4.
[ OK ] Unmounted /run/netns/vrf5.
[ OK ] Unmounted /run/netns/vrf6.
[ OK ] Unmounted /run/netns/vrf7.
[ OK ] Unmounted /run/netns/vrf8.
[ OK ] Unmounted /run/netns/vrf9.
[FAILED] Failed unmounting /var/log.
[ OK ] Unmounted /var/volatile.
[ OK ] Unmounted /www/pages/install_repo.
Unmounting /debugfs...
Unmounting /mnt...
Unmounting /run/netns...
[ OK ] Unmounted /debugfs.
[ OK ] Unmounted /mnt.
[ OK ] Unmounted /run/netns.
[ OK ] Stopped target Local File Systems (Pre).
Stopping Monitoring of LVM…meventd or progress polling...
[ OK ] Stopped Create Static Device Nodes in /dev.
[ OK ] Stopped Create System Users.
[ OK ] Stopped Remount Root and Kernel File Systems.
[ OK ] Stopped Monitoring of LVM2… dmeventd or progress polling.
Unmounting Temporary Directory (/tmp)...
[ OK ] Unmounted Temporary Directory (/tmp).
[ OK ] Stopped target Swap.
[ OK ] Reached target Shutdown.
[ OK ] Reached target Unmount All Filesystems.
[ OK ] Reached target Final Step.
[ OK ] Started Reboot.
[ OK ] Reached target Reboot.
[34660.722714] [MTS(kfu_mts-app-137)] Could not connect to socket, error = 113
[34660.817663] systemd-shutdown[1]: Failed to finalize DM devices, ignoring
[34660.899601] obfl_rb_notify_cb: reboot notifier called
[34661.741431] Requesting remote cold reset on 0/0 ...
[34661.744591] Requesting remote cold reset on 0/FC0 ...
[34661.806580] Requesting remote cold reset on 0/FC1 ...
[34661.870578] Requesting remote cold reset on 0/FC2 ...
[34661.934575] Requesting remote cold reset on 0/FC3 ...
[34661.998587] Requesting remote cold reset on 0/FC4 ...
[34662.062576] Requesting remote cold reset on 0/FC5 ...
[34662.126574] Requesting remote cold reset on 0/SC0 ...
[34662.247759] Requesting remote cold reset on 0/S1 ...
[34662.251581] Preparing for local cold reset on 0/RP1 ...
[34662.374772] Requesting local cold reset on 0/RP1 ...
ME Firmware Status #1: 0x000F0345
ME Firmware Status #2: 0x38008000
ME Current State: Operational
ME Error Code: No Error
ME Operational Firmware Version: 06:3.0.3.27
3h
3h
3h
Press Esc for boot options
CPU Board IOFPGA Information:
Revision = 0x17
ID = 0x1573247
Creation Date = 0x20181207
SLOT ID = 0x1C [SUP2]
Post Code = 0xE2
Board is : Precisa Board
Booting from Upgrade Bios
Code Signing Results:(0xC0) 0x0
Using Upgrade FPGA
SECURE BOOT Result: Successfully!
SECURE BOOT: GOLDEN RESULTS
FPGA validation results(0xB8): 0x11EE003
Reports errors found by boot monitor(0xBC): 0x0
SECURE BOOT: UPGRADE RESULTS
Upgrade FPGA validation results(0xD8): 0xE003
Reports errors found by boot monitor(0xDC): 0x1
Secureboot system status monitor register(0xE0): 0x47CB7100
Board PID: [NC55-RP-E]
Product: XR OS PRODUCT
BIOS Version: 1.25.0
CPU IOFPGA found at PCI Bus: 0x05
Omega IOFPGA found at PCI Bus: 0x06
Board PID: [NC55-RP-E]
Product: XR OS PRODUCT
SUB_ARB_CNTL_REG = 0xE S2S_STATUS_REG = 0x0
No peer RP presence detected
IDROM MAC Address = 70:B3:17:6C:CF:8E
ME Firmware Version: 06:3.0.3.27
Omega FPGA Information:
Magic Number = 0xC15C0595
Revison Number = 0x3D
Build Number = 0x21D
FPGA ID = 0x1573250
M98DXN11 Switch Information:
Vendor ID = 0x11AB
Device ID = 0xD3D30
ZL30704 Chip Information:
Vendor ID = 0x780E
ZL81000 Chip Information:
Vendor ID = 0x8C1C
PHY1588 LAN Information:
Vendor ID = 0x7
Device ID = 0x7B1
Precisa BIOS: v1.25.0 Date: 06/25/2025 16:34:11
XR OS Boot Mode = 0x0
Selected Boot Option:
XROS: Harddisk Boot
Image Name = \EFI\BOOT\BOOTX64.EFI
Image Size = 743484 Bytes
-----------Cisco Secure Boot: Verifying-----------
Image verified successfully. Booting..
------------Cisco Secure Boot: End ------------
Welcome to GRUB!
error: cannot read variable.
error: cannot read variable.
Unable to locate Pkcs7VerifyProtocol
error: no such device: ((hd0,gpt4)/EFI/BOOT)/EFI/BOOT/grub.cfg.
Verifying (hd0,gpt4)/EFI/BOOT/grub.cfg...
Verifying (hd0,gpt4)/EFI/BOOT/grub.cfg...
Booting `System Host OS'
Booting from Disk..
Loading Kernel..
Verifying ?s?...
Image verified successfully. Booting..
/boot/bzImage verified using ciscosec protocol.
Verifying ?o?...
Image verified successfully. Booting..
/boot/bzImage verified using ciscosec protocol.
Loading initrd..
Verifying ???...
Image verified sucessfully. Booting...
/boot/initrd.img verified using ciscosec protocol.
error: cannot read variable.
Press any key to continue...
[ 5.816089] integrity: Unable to open file: /etc/keys/x509_ima.der (-2)
Adding sub-CA and leaf certificates to keyring
Failed vgck --updatemetadata on app_vol_grp
Failed vgck --updatemetadata on panini_vol_grp
Failed vgck --updatemetadata on pci_disk1
SELinux: /.autorelabel placed, filesystem will be relabeled...
Cleaning out /tmp
Relabeling / /sys
/ 100.0%
/sys 100.0%
Cleaning up labels on /tmp
* Relabel done, rebooting the system.
Running in chroot, ignoring request.
Cleaning up with exit code 0 ...
Switching to new root and running init.
Welcome to Linux Distro for XR 11.1.2 (dunfell)!
[ 17.840994] systemd[1]: /etc/systemd/system/auditd.service.d/10-cisco-auditd.conf:3: Failed to parse service type, ignoring:
[ OK ] Created slice Virtual Machine and Container Slice.
[ OK ] Created slice User and Session Slice.
[ OK ] Started Dispatch Password …ts to Console Directory Watch.
[ OK ] Started Forward Password R…uests to Wall Directory Watch.
[ OK ] Reached target Paths.
[ OK ] Reached target Remote File Systems.
[ OK ] Reached target Slices.
[ OK ] Reached target Swap.
[ OK ] Reached target Libvirt guests shutdown.
[ OK ] Listening on Device-mapper event daemon FIFOs.
[ OK ] Listening on RPCbind Server Activation Socket.
[ OK ] Reached target RPC Port Mapper.
[ OK ] Listening on Syslog Socket.
[ OK ] Listening on initctl Compatibility Named Pipe.
[ OK ] Listening on Journal Audit Socket.
[ OK ] Listening on Journal Socket (/dev/log).
[ OK ] Listening on Journal Socket.
[ OK ] Listening on Network Service Netlink Socket.
[ OK ] Listening on udev Control Socket.
[ OK ] Listening on udev Kernel Socket.
Mounting Huge Pages File System...
Mounting POSIX Message Queue File System...
Mounting Kernel Debug File System...
Mounting Temporary Directory (/tmp)...
Starting Create list of st…odes for the current kernel...
Starting Monitoring of LVM…meventd or progress polling...
Starting RPC Bind...
Starting SELinux autorelabel service loading...
Starting SELinux init for /dev service loading...
Starting Spirit early boot setup...
Starting Journal Service...
Starting Load Kernel Modules...
Starting Remount Root and Kernel File Systems...
Starting udev Coldplug all Devices...
[ OK ] Started RPC Bind.
[ OK ] Started Journal Service.
[ OK ] Mounted Huge Pages File System.
[ OK ] Mounted POSIX Message Queue File System.
[ OK ] Mounted Kernel Debug File System.
[ OK ] Mounted Temporary Directory (/tmp).
[ OK ] Started Create list of sta… nodes for the current kernel.
[ OK ] Started SELinux autorelabel service loading.
[ OK ] Started SELinux init for /dev service loading.
[ OK ] Started Load Kernel Modules.
[ OK ] Started Remount Root and Kernel File Systems.
Mounting NFSD configuration filesystem...
Mounting FUSE Control File System...
Starting Flush Journal to Persistent Storage...
Starting Apply Kernel Variables...
Starting Create System Users...
[ OK ] Started udev Coldplug all Devices.
[ OK ] Mounted NFSD configuration filesystem.
[ OK ] Mounted FUSE Control File System.
[ OK ] Started Flush Journal to Persistent Storage.
[ OK ] Started Apply Kernel Variables.
[ OK ] Started Create System Users.
Starting Create Static Device Nodes in /dev...
Starting udev Wait for Complete Device Initialization...
[ OK ] Started Create Static Device Nodes in /dev.
Starting udev Kernel Device Manager...
[ OK ] Started udev Kernel Device Manager.
[ OK ] Started Monitoring of LVM2… dmeventd or progress polling.
[ OK ] Created slice system-lvm2\x2dpvscan.slice.
[ OK ] Reached target Local File Systems (Pre).
Mounting /mnt...
Mounting /var/volatile...
Starting LVM event activation on device 8:3...
Starting LVM event activation on device 8:5...
Starting LVM event activation on device 8:6...
[ OK ] Started udev Wait for Complete Device Initialization.
[ OK ] Mounted /mnt.
[ OK ] Mounted /var/volatile.
[ OK ] Started LVM event activation on device 8:3.
[ OK ] Started LVM event activation on device 8:5.
[ OK ] Started LVM event activation on device 8:6.
[ OK ] Started Hardware RNG Entropy Gatherer Daemon.
Starting Load/Save Random Seed...
[ OK ] Started Load/Save Random Seed.
[ OK ] Started Spirit early boot setup.
[ OK ] Reached target Local File Systems.
Starting Rebuild Dynamic Linker Cache...
Starting SELinux init service loading...
Starting Create Volatile Files and Directories...
[ OK ] Started Rebuild Dynamic Linker Cache.
[ OK ] Started SELinux init service loading.
[ OK ] Started Create Volatile Files and Directories.
Starting Security Auditing Service...
Starting Run pending postinsts...
Starting Rebuild Journal Catalog...
[ OK ] Started Rebuild Journal Catalog.
[ OK ] Started Security Auditing Service.
Starting Update is Completed...
Starting Update UTMP about System Boot/Shutdown...
[ OK ] Started Update is Completed.
[ OK ] Started Run pending postinsts.
[ OK ] Started Update UTMP about System Boot/Shutdown.
[ OK ] Reached target System Initialization.
[ OK ] Started Periodic rotation of log files.
[ OK ] Started Daily Cleanup of Temporary Directories.
[ OK ] Reached target Timers.
[ OK ] Listening on Avahi mDNS/DNS-SD Stack Activation Socket.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Listening on Libvirt local socket.
[ OK ] Listening on Libvirt admin socket.
[ OK ] Listening on Libvirt local read-only socket.
[ OK ] Listening on Tftp Server Activation Socket.
[ OK ] Listening on Virtual machine lock manager socket.
[ OK ] Listening on Virtual machine log manager socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Basic System.
Starting Avahi mDNS/DNS-SD Stack...
[ OK ] Started Periodic Command Scheduler.
[ OK ] Started D-Bus System Message Bus.
[ OK ] Started diskmon.
Starting Ethernet Bridge Filtering Tables...
Starting IPv6 Packet Filtering Framework...
Starting IPv4 Packet Filtering Framework...
Starting Cisco kdump service...
Starting Lighttpd Daemon...
[ OK ] Started Machine Check Exception Logging Daemon.
[ OK ] Started Cisco Process Monitor Service.
Starting Rollback uncommit… config change transactions...
Starting System Logging Service...
[ OK ] Started Self Monitoring an…ing Technology (SMART) Daemon.
[ OK ] Started Cisco Serial Getty Service.
[ OK ] Reached target Cisco custom login prompts.
Starting Login Service...
Starting Virtual Machine a…tainer Registration Service...
Starting XR installation service...
Starting OpenSSH Key Generation...
[ OK ] Started System Logging Service.
[ OK ] Started Ethernet Bridge Filtering Tables.
[ OK ] Started IPv6 Packet Filtering Framework.
[ OK ] Started IPv4 Packet Filtering Framework.
[ OK ] Started Lighttpd Daemon.
[ OK ] Started Rollback uncommitt…rk config change transactions.
[ OK ] Started XR installation service.
[ OK ] Started OpenSSH Key Generation.
[ OK ] Reached target Network (Pre).
Starting OpenSSH server daemon...
Starting Network Service...
Starting Rotate log files...
[ OK ] Started Network Service.
[ OK ] Started OpenSSH server daemon.
[ OK ] Started Rotate log files.
[ OK ] Started Login Service.
[ OK ] Started Virtual Machine an…ontainer Registration Service.
[ OK ] Started Avahi mDNS/DNS-SD Stack.
[ OK ] Reached target Network.
Starting Create Network Namespaces...
Starting Virtualization daemon...
[ OK ] Started Respond to IPv6 Node Information Queries.
[ OK ] Started Network Router Discovery Daemon.
Starting Permit User Sessions...
[ OK ] Started Virtualization daemon.
[ OK ] Started Permit User Sessions.
[ OK ] Started Host Authentication service.
Starting Suspend/Resume Running libvirt Guests...
[ OK ] Started Create Network Namespaces.
[ OK ] Started Suspend/Resume Running libvirt Guests.
[ OK ] Reached target Multi-User System.
[ OK ] Started Network bridge for containers.
[ OK ] Started Spirit service to kickstart XR processes.
Starting Host booted notification...
Starting MTD flash setup...
Starting Update UTMP about System Runlevel Changes...
[ OK ] Started Update UTMP about System Runlevel Changes.
Linux Distro for XR 11.1.2 ios ttyS0
[ OK ] Started Host booted notification.
[ OK ] Started Cisco kdump service.
[ OK ] Started MTD flash setup.
[ OK ] Reached target XR installation and startup.
Connecting to 'default-sdr--1' console
[ OK ] Started Spirit early boot setup.
[ OK ] Reached target Local File Systems.
Starting Rebuild Dynamic Linker Cache...
Starting SELinux init service loading...
Starting Create Volatile Files and Directories...
[ OK ] Started Create Volatile Files and Directories.
Starting Rebuild Journal Catalog...
Starting Update UTMP about System Boot/Shutdown...
[ OK ] Started Update UTMP about System Boot/Shutdown.
[ OK ] Started Rebuild Journal Catalog.
[ OK ] Started SELinux init service loading.
[ OK ] Started Rebuild Dynamic Linker Cache.
Starting Run pending postinsts...
Starting Update is Completed...
[ OK ] Started Update is Completed.
[ OK ] Started Run pending postinsts.
[ OK ] Reached target System Initialization.
[ OK ] Started Periodic rotation of log files.
[ OK ] Started Daily Cleanup of Temporary Directories.
[ OK ] Reached target Timers.
[ OK ] Listening on Avahi mDNS/DNS-SD Stack Activation Socket.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Listening on Tftp Server Activation Socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Basic System.
Starting Avahi mDNS/DNS-SD Stack...
[ OK ] Started Periodic Command Scheduler.
[ OK ] Started D-Bus System Message Bus.
Starting Ethernet Bridge Filtering Tables...
Starting install-apps.service...
Starting IPv6 Packet Filtering Framework...
Starting IPv4 Packet Filtering Framework...
Starting Cisco kdump service...
Starting Lighttpd Daemon...
[ OK ] Started Machine Check Exception Logging Daemon.
[ OK ] Started Cisco Process Monitor Service.
Starting Rollback uncommit… config change transactions...
Starting rabbit-hosts.service...
Starting System Logging Service...
[ OK ] Started Cisco Serial Getty Service.
[ OK ] Reached target Cisco custom login prompts.
Starting Login Service...
[ OK ] Started XR pre-shutdown service.
Starting XR installation service...
Starting OpenSSH Key Generation...
[ OK ] Started Ethernet Bridge Filtering Tables.
[ OK ] Started install-apps.service.
[ OK ] Started IPv6 Packet Filtering Framework.
[ OK ] Started IPv4 Packet Filtering Framework.
[ OK ] Started Lighttpd Daemon.
[ OK ] Started Rollback uncommitt…rk config change transactions.
[ OK ] Reached target Network (Pre).
Starting Network Service...
Starting Rotate log files...
[ OK ] Started Avahi mDNS/DNS-SD Stack.
[ OK ] Started XR installation service.
[ OK ] Started System Logging Service.
[ OK ] Started Network Service.
[ OK ] Reached target Network.
Starting Create Network Namespaces...
[ OK ] Started Respond to IPv6 Node Information Queries.
[ OK ] Started Network Router Discovery Daemon.
[ OK ] Started Redis In-Memory Data Store.
Starting Permit User Sessions...
[ OK ] Started Permit User Sessions.
[ OK ] Started Create Network Namespaces.
[ OK ] Started Login Service.
[ OK ] Stopped Machine Check Exception Logging Daemon.
[ OK ] Started Machine Check Exception Logging Daemon.
[ OK ] Started Rotate log files.
[ OK ] Started Cisco kdump service.
[ OK ] Stopped Machine Check Exception Logging Daemon.
[ OK ] Started Machine Check Exception Logging Daemon.
[ OK ] Stopped Machine Check Exception Logging Daemon.
[ OK ] Started Machine Check Exception Logging Daemon.
[ OK ] Started rabbit-hosts.service.
Starting RabbitMQ broker...
[ OK ] Stopped Machine Check Exception Logging Daemon.
[ OK ] Started Machine Check Exception Logging Daemon.
[ OK ] Stopped Machine Check Exception Logging Daemon.
[ OK ] Started Machine Check Exception Logging Daemon.
[ OK ] Started OpenSSH Key Generation.
[ OK ] Stopped Machine Check Exception Logging Daemon.
[ OK ] Started Machine Check Exception Logging Daemon.
Starting OpenSSH server daemon...
[ OK ] Started OpenSSH server daemon.
[ OK ] Stopped Machine Check Exception Logging Daemon.
[ OK ] Started Machine Check Exception Logging Daemon.
[ OK ] Stopped Machine Check Exception Logging Daemon.
[ OK ] Started Machine Check Exception Logging Daemon.
[ OK ] Stopped Machine Check Exception Logging Daemon.
[ OK ] Started Machine Check Exception Logging Daemon.
[ OK ] Stopped Machine Check Exception Logging Daemon.
[FAILED] Failed to start Machine Check Exception Logging Daemon.
See 'systemctl status mcelog.service' for details.
[FAILED] Failed to start RabbitMQ broker.
See 'systemctl status rabbitmq-server.service' for details.
[ OK ] Reached target Multi-User System.
[ OK ] Started Spirit service to kickstart XR processes.
Starting MTD flash setup...
Starting Update UTMP about System Runlevel Changes...
[ OK ] Started Update UTMP about System Runlevel Changes.
[ OK ] Started MTD flash setup.
[ OK ] Reached target XR installation and startup.
RP/0/RP1/CPU0:Dec 3 21:17:13.635 UTC: rmf_svr[237]: %PKT_INFRA-FM-2-FAULT_CRITICAL : ALARM_CRITICAL :RP-RED-LOST-PNP :DECLARE :0/RP1/CPU0:
2025-12-03 21:17:16 osSignalTask: started
RP/0/RP1/CPU0:Dec 3 21:17:32.645 UTC: fia_cfg[320]: %FABRIC-FIA_CFG-3-HW_MODULE_UNSUPPORTED : The cli hw-module profile segment-routing srv6 mode is not supported on J2 compatible mode. This CLI will not have any effect even if enabled.
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply third-party
authority to import, export, distribute or use encryption. Importers,
exporters, distributors and users are responsible for compliance with
U.S. and local country laws. By using this product you agree to comply
with applicable laws and regulations. If you are unable to comply with
U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be
found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
ios con0/RP1/CPU0 is now available
Press RETURN to get started.
最後に、アップグレード完了後の状態を確認します。
以下のとおり、システムは正常に再起動しており、IOS XR が 新しいバージョン(25.2.2) で稼働していることが確認できます。
RP/0/RP1/CPU0:R1-NCS5504#show version
Thu Dec 4 09:14:20.874 JST
Cisco IOS XR Software, Version 25.2.2
Copyright (c) 2013-2025 by Cisco Systems, Inc.
Build Information:
Built By : swtools
Built On : Sat Sep 20 15:46:14 PDT 2025
Built Host : iox-lnx-049
Workspace : /auto/srcarchive11/prod/25.2.2/ncs5500/ws
Version : 25.2.2
Location : /opt/cisco/XR/packages/
Label : 25.2.2-lab
cisco NCS-5500 () processor
System uptime is 2 hours 57 minutes
まとめ
本記事では、install replace と Golden ISO(GISO)を組み合わせることで、IOS XR のインストール/アップグレードを大幅に簡素化できることを、NCS5504 を例に紹介しました。GISO に Optional packages / SMU / ZTP config / XR config を必要に応じて組み込んでおくことで、あとは install replace を実行するだけで、OS のインストール/アップグレードから初期設定までを自動化できます。結果として、作業手順の標準化やヒューマンエラーの削減、作業時間の短縮が期待できます。ぜひ皆様の環境でもお試しください。