Skip to main content

Applying an update-compliance policy to one or more resources

Uses this definition to apply an update-compliance policy to one or more resources.

A job is created to complete this request.

Usage

resource "lxco_firmware" "applyAndactivate" {
   policy_action = "applyAndactivate"
   activation_rule = string
   force_update = Boolean
   group_ids = array of strings
   install_prerequisite_firmware = Boolean
   policy_id = string  
   resource_ids = array of strings
   update_rule = string 
}

output "applyAndactivate" {
   value = lxco_firmware.applyAndactivate
}

Example

The following example assigns a policy to a group of serves and a specific server.
terraform {
   required_providers {
      lxco = {
         version = "0.1"
        source = "lenovo.com/xclarity/lxco"
      }
   }
}
 
provider "lxco" {
   host = "192.0.2.0"
   # username = ""
   # password = ""
}

# Apply a firmware-compliance policy, and return the results
resource "lxco_firmware" "applyAndactivate" {
   policy_action = "applyAndactivate"
   activation_rule = "ImmediateActivation"
   force_update = true
   group_ids = ["G_162B69BD175947CC9AAD0E0C7CB6045C"]
   install_prerequisite_firmware = false
   policy_id = "1633679392153"  
   resource_ids = []
   update_rule = "ContinueOnError"
}

output "applyAndactivate" {
   value = lxco_firmware.applyAndactivate
}

Inputs

NameRequired / OptionalTypeDescription
activation_ruleRequiredString(Managed devices only) Indicates when to activate the update. This can be one of the following values.
  • ImmediateActivation. (default) During the update process, the resource might be restarted automatically several times until the entire process is complete. Ensure that you quiesce all applications on the resource before you proceed.
  • DelayedActivation. (Servers and RackSwitch devices only) Some but not all update operations are performed. Resources must be restarted manually to continue the update process. Additional restarts are then performed until the update operation completes.
  • PrioritizedActivation. (Servers and RackSwitch devices only) Baseboard Management Controller is applied and activated immediately while other firmware is performed in delayed activation mode.

For resource managers, the update is activated immediately. The resource might be restarted automatically several times until the entire process is complete. Ensure that you quiesce all applications on the resource before you proceed.

force_updateRequiredBoolean(Managed devices only) Indicates whether to apply the update to selected components even if the current software or firmware level is up to date or to apply an update that is earlier than the one that is currently installed.
Important
You cannot apply earlier levels of firmware to device options, adapters, and disk drives.
This can be one of the following values.
  • true. Applies the update to the selected resources even if the software or firmware is compliant.
  • false. (default) Skips the update on the selected resources if the software or firmware is already compliant.

For resource managers, you cannot apply an update of the same or earlier software level as the one that is currently installed on a resource manager.

group_idsRequiredArray of stringsList of IDs of resource group to which to apply the updates

The update is applied to each resource in the specified groups only if the resource has an assigned compliance policy and is out of compliance with that policy.

Set this attribute to null if you do not want to specify a group.

If resource_ids and group_ids are set to an empty array and policy_id is set to null, all managed resources that are not compliant with their assigned policy are updated by default.

install_prerequisite_firmwareRequiredBoolean(Managed devices only) Indicates whether to install prerequisite updates. Prerequisite updates are installed and activated before the remaining updates are installed and activated. Multiple reboots might be required to install all updates.
This can be one of the following values.
  • true. (default) Installs all prerequisite updates, if needed.
  • false. Do not install prerequisite updates.

For resource managers, prerequisite updates are not applied automatically to resource managers.

policy_idOptionalStringID of the update-compliance policy

The update is applied to each resource that is assigned the policy only if the resource is out of compliance with that policy.

If you specify a policy_id, you must set resource_ids to an empty array. You can specify either policy_id or resources using resource_ids, but not both.

If resource_ids and group_ids are set to an empty array and policy_id is set to null, all managed resources that are not compliant with their assigned policy are updated by default.

resource_idsRequiredArray of stringsList of IDs of resources to which to apply the updates

The update is applied to each specified resource only if the resource has an assigned compliance policy and is out of compliance with that policy.

Set this attribute to an empty array if you do not want to specify a resource.

If you specify resources using resource_ids, you cannot specify policy_id.

If resource_ids and group_ids are set to an empty array and policy_id is set to null, all managed resources that are not compliant with their assigned policy are updated by default.

update_ruleRequiredString(Managed devices only) Indicates how to handle errors during the update process. This can be one of the following values.
  • ContinueOnError. If an error occurs when updating one of the components in a resource (such as an adapter or management-controller firmware), the update process does not apply the update for that specific component. However, the orchestrator server continues to update other components for the resource and continues with all other updates in the current update job.
  • AbortOnError. If an error occurs when updating one of the components in a resource (such as an adapter or management-controller firmware), the updates process stops the remaining updates for that specific resource. The current firmware that is installed on that resource remains in effect. However, current update job includes additional resources, the orchestrator server continues to update the remaining resources.

For resource managers, the update always continues on error.

Outputs

NameTypeDescription
idStringJob ID
statusStringMessage about the status of the action
The following example is returned if the request is successful.
{
   "id":"125",
   "status": "The job was created successfully. The job was launched in the 
             orchestrator server and will be run asynchronously. Job ID: 125"
}