Artikelnummer: 000206371
This procedure is to be followed only for systems that are already on IDPA 2.7.2 or higher versions. Do not use this procedure to upgrade Search on IDPA systems to or from any other version as it may break the compatibility.
If the IDPA is on a lower version than v2.7.2, upgrade IDPA before continuing.
Procedure
1. Download the Search 19.6.2 upgrade file from the Dell Support Website:
https://dl.dell.com/downloads/X48KP_Search-19.6.2-upgrade-package.zip
ruby /usr/local/search/cis/Tools/update_passphrase.rb /home/search/passphrase LD_LIBRARY_PATH=/usr/local/search/cis/CST/lib ruby /usr/local/search/cis/Tools/reset_lockbox.rb rpm -e crda-3.18-8.1.x86_64
4. If you have an IDPA DP8x00, then SSH to the 2nd and 3rd Search Index Nodes and run the following command:
LD_LIBRARY_PATH=/usr/local/search/cis/CST/lib ruby /usr/local/search/cis/Tools/reset_lockbox.rb rpm -e crda-3.18-8.1.x86_64
5. Once the above commands are completed, we can start the upgrade process. On the Search Master Index Node, run the following commands:
service puppetmaster stop service puppet stop rm -rf /etc/puppet/status/*
6. Move the upgrade binary to /etc/puppet/repository/
mv /tmp/search-upgrade-19.6.2.4424.zip /etc/puppet/repository/ chmod 777 /etc/puppet/repository/search-upgrade-19.6.2.4424.zip service puppetmaster start service puppet start
7. Give it some time and the upgrade should start, it could be 5 minutes or so.
To verify if the upgrade has started, users can confirm if file 'search-upgrade-19.6.2.4424.zip-running' exists in /etc/puppet/status folder.
8. If after 15 minutes you do not see a search-upgrade-19.6.2.4424.zip-running you can check the following log for clues as to why it is not running: /etc/puppet/log/puppet_agent.log
9. You can let it run, it reboots one or more Search nodes once or twice during the upgrade.
search-upgrade-19.6.2.4424.zip-allcompleted search-upgrade-19.6.2.4424.zip-completed
If the status changes to:
search-upgrade-19.6.2.4424.zip-failed
It means that the upgrade has failed, contact support providing /etc/puppet/log/puppet_agent.log.
11. If no zip-failed file, you can now validate that the upgrade is successful by running this command:
bash /home/search/validate_search_install.sh 19.6.2.4424 admin
Enter your password when prompted.
You can now confirm that Search is upgraded to 19.6.2.4424 as in this screenshot:
Note: The screenshot shows 19.6.1.4197, you should be seeing: 19.6.2.4424
If the search-cis-core service is not running, run the following two commands :
ruby /usr/local/search/cis/Tools/update_passphrase.rb /home/search/passphrase LD_LIBRARY_PATH=/usr/local/search/cis/CST/lib ruby /usr/local/search/cis/Tools/reset_lockbox.rb
If you have an IDPA DP8x00, then SSH to the 2nd and 3rd Search Index Nodes and run the following command:
LD_LIBRARY_PATH=/usr/local/search/cis/CST/lib ruby /usr/local/search/cis/Tools/reset_lockbox.rb
And
service search-cis-core start
Rerun the validate script and confirm that all services are running:
bash /home/search/validate_search_install.sh 19.6.2.4424 admin
If search-cis-core still does not run, engage support.
12. Once we have confirmed the upgrade is successful, we can remove the upgrade package:
rm /etc/puppet/repository/search-upgrade-19.6.2.4424.zip
13. This concludes the Upgrade of Search component within PowerProtect DP Series Appliances and IDPA.
Components |
Issue ID |
Issue Title |
---|---|---|
Search | 751600 | SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0068-1) |
Search | 751683 | SUSE Enterprise Linux Security Update for samba (SUSE-SU-2022:0323-1) |
Search | 751696 | SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0364-1) |
Search | 751712 | SUSE Enterprise Linux Security Update for glibc (SUSE-SU-2022:0441-1) - newly detected |
Search | 751721 | SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2022:0496-1) - newly detected |
Third-party Component | CVEs | More information |
---|---|---|
Oracle JRE | CVE-2022-32215 CVE-2022-21634 CVE-2022-21597 CVE-2022-21628 CVE-2022-21626 CVE-2022-21618 CVE-2022-39399 CVE-2022-21624 CVE-2022-21619 |
https://www.oracle.com/security-alerts/cpuoct2022.html #AppendixJAVA |
Nginx | CVE-2022-41742 | http://nginx.org/en/security_advisories.html |
Apache log4j | CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 CVE-2021-44832 |
Apache Log4j Remote Code Execution |
Samba | CVE-2022-32746 CVE-2022-32745 CVE-2022-1615 |
https://www.suse.com/security/cve/CVE-2022-32746.html |
Kernel | CVE-2022-33981 | https://www.suse.com/security/cve/CVE-2022-33981.html |
Python | CVE-2021-28861 | https://www.suse.com/security/cve/CVE-2021-28861.html |
OpenSSL | CVE-2022-1292 CVE-2022-2068 |
https://www.suse.com/security/cve/CVE-2022-1292.html https://www.suse.com/security/cve/CVE-2022-2068.html |
PowerProtect Data Protection Appliance, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software
PowerProtect DP4400, PowerProtect DP5300, PowerProtect DP5800, PowerProtect DP8300, PowerProtect DP8800, PowerProtect DP5900, PowerProtect DP8400, PowerProtect DP8900
04 mrt. 2024
8
How To