Description
This article describes how to upgrade a supervisor/worker (FSM) without Internet access. This assumes you have a way of uploading the upgrade .tar file to FSM.
Solution
This article describes how to upgrade a supervisor/worker (FSM) without Internet access. This assumes you have a way of uploading the upgrade .tar file to FSM.
Solution
The explanation is described step by step:
1) Download the file from images server onto your laptop
In this example we’re upgrading a supervisor from 5.0.1 to 5.1.0. We need to download this directory and the files within this link.
2) Copy the va-5.1.0.1336.tar file onto the supervisor (example using scp from laptop to FSM Supervisor)
scp va-5.1.0.1336.tar root@192.168.0.112:.
root@192.168.0.112's password:
va-5.1.0.1336.tar 100% 1369MB 41.4MB/s 00:33
Then we need to make sure this file is in a directory named ‘5.1.0.1336’, just like it is in the online image server:
Log onto your FSM Supervisor through SSH:
ssh root@192.168.0.112
root@192.168.0.112's password:
Last login: Thu Sep 20 09:23:54 2018 from 192.168.0.111
[root@tomic ~]# mkdir 5.1.0.1336
[root@tomic ~]# mv va-5.1.0.1336.tar 5.1.0.1336/
3) Run the phdownloadimage command and point to our directory
[root@tomic ~]# cd /pbin [root@tomic pbin]# ./phdownloadimage file:///root/5.1.0.1336
The process to download the upgrade image may take some time and use a considerable amount of bandwidth. Would you like to start the download now? (yes/no) :yesProceeding to download.Role is : phMonitorSupervisorVersion Downloading : 5.1.0.1336DOWNLOAD FILE is va-5.1.0.1336Downloading the file va-5.1.0.1336.tar from file:///root/5.1.0.1336URL IS /usr/bin/curl -o /tmp/va-5.1.0.1336.tar file:///root/5.1.0.1336/va-5.1.0.1336.tar% Total % Received % Xferd Average Speed Time Time Time CurrentDload Upload Total Spent Left Speed100 1369M 100 1369M 0 0 91.9M 0 0:00:14 0:00:14 --:--:-- 76.0Mva-5.1.0.1336/va-5.1.0.1336/RPM-GPG-KEYva-5.1.0.1336/accelops-va-5.1.0.1336.rpmva-5.1.0.1336/repodata/va-5.1.0.1336/repodata/other.xml.gzva-5.1.0.1336/repodata/filelists.xml.gzva-5.1.0.1336/repodata/primary.xml.gzva-5.1.0.1336/repodata/repomd.xmlPlease wait..../usr/bin/yumdownloader -c /etc/yum.repos.d/accelops-va.repo --setopt=sslverify=false --destdir=/var/cache/yum/accelops-va/packages/ accelops-vaRepository accelops-va is listed more than once in the configurationaccelops-va | 951 B 00:00 ...accelops-va/primary | 14 kB 00:00 ...accelops-va 1/1.....https://os-pkgs-cdn.fortisiem.fortinet.com/centos6/base/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'os-pkgs-cdn.fortisiem.fortinet.com'"Trying other mirror.....https://os-pkgs.fortisiem.fortinet.com/centos6/base/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'os-pkgs.fortisiem.fortinet.com'"Trying other mirror.....https://os-pkgs-cdn.fortisiem.fortinet.com/centos6/extras/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'os-pkgs-cdn.fortisiem.fortinet.com'"Trying other mirror.....https://os-pkgs.fortisiem.fortinet.com/centos6/extras/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'os-pkgs.fortisiem.fortinet.com'"Trying other mirror.....https://os-pkgs-cdn.fortisiem.fortinet.com/centos6/updates/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'os-pkgs-cdn.fortisiem.fortinet.com'"Trying other mirror.....https://os-pkgs.fortisiem.fortinet.com/centos6/updates/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'os-pkgs.fortisiem.fortinet.com'"Trying other mirror.accelops-va-5.1.0.1336.rpm | 1.3 GB 00:00
[root@tomic pbin]#4) Run phupgradeimage
[root@tomic pbin]# ./phupgradeimage
https://os-pkgs-cdn.fortisiem.fortinet.com/centos6/base/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'os-pkgs-cdn.fortisiem.fortinet.com'"
Trying other mirror.
https://os-pkgs.fortisiem.fortinet.com/centos6/base/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'os-pkgs.fortisiem.fortinet.com'"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: base. Please verify its path and try again
Proceeding to upgrade.
Upgrade image for accelops-va
phbackupsuper now.
Please wait...
.Stopping crond: [ OK ]
Stopping backend processes ................................................./bin/cp: cannot stat `org': No such file or directory
Run phimageinstaller now
[PH_MODULE_LOCAL_CONFIG_LOADED]:[eventSeverity]=PHL_INFO,[procName]=phtools,[fileName]=phConfigLoader.cpp,[lineNumber]=168,[configName]=global,[phLogDetail]=Module loaded local config successfully
[PH_GENERIC_DEBUG]:[eventSeverity]=PHL_TRACE,[procName]=phtools,[fileName]=phHttpClient.cpp,[lineNumber]=1031,[phLogDetail]=Response file of this cache will be located at /opt/phoenix/cache/192.168.0.112/phoenix/rest/config/systemConfig/default.dat
[PH_GENERIC_DEBUG]:[eventSeverity]=PHL_DEBUG,[procName]=phtools,[fileName]=phHttpClient.cpp,[lineNumber]=1813,[phLogDetail]=set CURLOPT_SSL_VERIFYPEER to no
[PH_GENERIC_DEBUG]:[eventSeverity]=PHL_DEBUG,[procName]=phtools,[fileName]=phHttpClient.cpp,[lineNumber]=774,[phLogDetail]=Send req with https://192.168.0.112:443/phoenix/rest/config/systemConfig
[PH_GENERIC_DEBUG]:[eventSeverity]=PHL_DEBUG,[procName]=phtools,[fileName]=phHttpClient.cpp,[lineNumber]=803,[phLogDetail]=Check curl result for https://192.168.0.112:443/phoenix/rest/config/systemConfig: result: 0
[PH_GENERIC_INFO]:[eventSeverity]=PHL_INFO,[procName]=phtools,[fileName]=phHttpClient.cpp,[lineNumber]=175,[phLogDetail]=Http time out has been set to 300
[PH_MODULE_INITIALIZING]:[eventSeverity]=PHL_DEBUG,[procName]=phtools,[fileName]=phBaseProcess.cpp,[lineNumber]=501,[phLogDetail]=Module initialization
[PH_MODULE_DB_CONFIG_LOADED]:[eventSeverity]=PHL_INFO,[procName]=phtools,[fileName]=phBaseProcess.cpp,[lineNumber]=843,[phLogDetail]=Module loaded database config succesfully
[PH_MODULE_LOG_LEVEL_CHANGE]:[eventSeverity]=PHL_INFO,[procName]=phtools,[fileName]=phBaseProcess.cpp,[lineNumber]=651,[oldLogLevel]=2047,[newLogLevel]=424,[phLogDetail]=Module received log level change
[PH_MODULE_INIT_COMPLETE]:[eventSeverity]=PHL_INFO,[procName]=phtools,[fileName]=phBaseProcess.cpp,[lineNumber]=525,[phLogDetail]=Module successfully started
Successfully send command --stop
[PH_GENERIC_INFO]:[eventSeverity]=PHL_INFO,[procName]=phtools,[fileName]=phToolsProcess.cpp,[lineNumber]=206,[phLogDetail]=Monitor received command --stop
[PH_MODULE_EXIT_OK]:[eventSeverity]=PHL_INFO,[procName]=phtools,[fileName]=phBaseProcess.cpp,[lineNumber]=339,[phLogDetail]=Module exited gracefully
[PH_BASE_PROC_GET_PID_FILE_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phtools,[fileName]=phBaseProcess.cpp,[lineNumber]=1176,[filePath]=/opt/phoenix/cache/r,[errorNoInt]=2,[phLogDetail]=Failed to get pid file
[PH_MODULE_EXIT_OK]:[eventSeverity]=PHL_INFO,[procName]=phtools,[fileName]=phBaseProcess.cpp,[lineNumber]=339,[phLogDetail]=Module exited gracefully
Setting up Update Process
Repository accelops-va is listed more than once in the configuration
Resolving Dependencies
--> Running transaction check
---> Package accelops-va.x86_64 0:5.0.1.1203-1 will be updated
---> Package accelops-va.x86_64 0:5.1.0.1336-1 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================================================================================================================================================================================================
Package Arch Version Repository Size
================================================================================================================================================================================================================================================================================
Updating:
accelops-va x86_64 5.1.0.1336-1 accelops-va 1.3 G
Transaction Summary
================================================================================================================================================================================================================================================================================
Upgrade 1 Package(s)
Total size: 1.3 G
Downloading Packages:
warning: rpmts_HdrFromFdno: Header V3 DSA/SHA1 Signature, key ID 2b939d92: NOKEY
Retrieving key from file:///upgrade/va-5.1.0.1336/RPM-GPG-KEY
Importing GPG key 0x2B939D92:
Userid: "admin (admin) <admin@accelops.net>"
From : /upgrade/va-5.1.0.1336/RPM-GPG-KEY
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
yumupdate image for super
SVN disk has already been migrated.
Updating : accelops-va-5.1.0.1336-1.x86_64 1/2
eth1: error fetching interface information: Device not found
System is in the single net interface mode.
Waiting for domain1 to start .............................................................................................................
Successfully started the domain : domain1
domain Location: /opt/glassfish3/glassfish/domains/domain1
Log File: /opt/glassfish3/glassfish/domains/domain1/logs/server.log
Admin Port: 4848
Command start-domain executed successfully.
upgrade App Server configuration parameters
Changing some file permissions
Setting adjtime to use UTC
Stopping NTP
Shutting down ntpd: [ OK ]
Syncing NTP
20 Sep 10:07:50 ntpdate[12614]: ntpdate 4.2.6p5@1.2349-o Fri Jan 26 02:18:05 UTC 2018 (1)
Exiting, name server cannot be used: Temporary failure in name resolution (-3)20 Sep 10:08:05 ntpdate[12614]: name server cannot be used: Temporary failure in name resolution (-3)
Starting NTP again
Starting ntpd: [ OK ]
Exit script without installing module during upgrade. Installation will proceed during reboot
cp: cannot stat `/opt/phoenix/config/remi-safe': No such file or directory
Cleanup : accelops-va-5.0.1.1203-1.x86_64 2/2
Verifying : accelops-va-5.1.0.1336-1.x86_64 1/2
Verifying : accelops-va-5.0.1.1203-1.x86_64 2/2
Updated:
accelops-va.x86_64 0:5.1.0.1336-1
Complete!
image update succeeded
('Upgrade Image return value is :', 0)
./phupgradeimage: line 170: 10241 Terminated progress
Running phupgradesuper now.
Setup File/Dir
Upgrade db
storage type is localstore
localstore
ext3
/dev/sdd
Storage type already in the db
Something went wrong in previous or present insertion
System hardware id: 564DE343-7115-B232-BBD2-153D9307CF3E
Hardware Id already exists in DB.
re-deploy app svr
Waiting for domain1 to start ............................................................................
Successfully started the domain : domain1
domain Location: /opt/glassfish3/glassfish/domains/domain1
Log File: /opt/glassfish3/glassfish/domains/domain1/logs/server.log
Admin Port: 4848
Command start-domain executed successfully.
upgrade App Server configuration parameters
deploying new phoenix.ear
Undeploy current phoenix application
Command undeploy executed successfully.
Stop server ...
Waiting for the domain to stop ......
Command stop-domain executed successfully.
Clean session persistent
Start server ...
Waiting for domain1 to start ....
Successfully started the domain : domain1
domain Location: /opt/glassfish3/glassfish/domains/domain1
Log File: /opt/glassfish3/glassfish/domains/domain1/logs/server.log
Admin Port: 4848
Command start-domain executed successfully.
Deploy /opt/phoenix/deployment/phoenix.ear
Application deployed with name phoenix.
Command deploy executed successfully.
new phoenix application is ready at Thu Sep 20 10:11:56 WEST 2018.
Populating data to DB….
This will then proceed with the upgrade and will finish with the following message and reboot:
==========================================
FortiSIEM Configuration Auto Upgrade Utility
Rev 1.1 (2018-05-10)
==========================================
Copying previous version 5.0.1.1203 phoenix_config.txt from /tmp/backup/phoenix_config.txt to /opt/phoenix/config/phoenix_config.txt.5.0.1.1203
FortiSIEM System Role: phMonitorSupervisor
Copying cainfo in section GLOBAL with value: /opt/phoenix/config/ca.crt from old phoenix_config.txt
Copying agent_key in section GLOBAL with value: /opt/phoenix/config/collector.prospecthills.net.key from old phoenix_config.txt
Copying agent_cert in section GLOBAL with value: /opt/phoenix/config/collector.prospecthills.net.crt from old phoenix_config.txt
Copying ccm_ftp_directory in section PHPARSER with value: # /opt/phoenix/cache/ccm from old phoenix_config.txt
Copying avaya_sftp_directory in section PHPARSER with value: # /opt/phoenix/cache/avayaCM from old phoenix_config.txt
Copying airline_sls_directory in section PHPARSER with value: # /opt/phoenix/cache/airline from old phoenix_config.txt
Copying airline_sls_directory_high in section PHPARSER with value: # higher priority than above from old phoenix_config.txt
Copying airline_thread in section PHPARSER with value: 2 from old phoenix_config.txt
Copying incoming_log_cfg in section PHPARSER with value: # /opt/phoenix/cache/bluecoat from old phoenix_config.txt
Copying tls_certificate_file in section PHPARSER with value: /etc/pki/tls/certs/tls_self_signed.crt from old phoenix_config.txt
Copying tls_key_file in section PHPARSER with value: /etc/pki/tls/private/tls_self_signed.key from old phoenix_config.txt
Copying tls_certificate_file in section phEventForwarder with value: #/opt/phoenix/bin/.ssh/my_cert.crt from old phoenix_config.txt
Copying tls_key_file in section phEventForwarder with value: #/opt/phoenix/bin/.ssh/my_cert.key from old phoenix_config.txt
Copying max_num_thread_per_task in section phQueryWorker with value: 2 from old phoenix_config.txt
Copying num_merge_threads in section phReportMaster with value: 3 from old phoenix_config.txt
Copying thread_num in section Kafka with value: 2 from old phoenix_config.txt
Automatically upgraded 5.0.1.1203 phoenix_config.txt to 5.1.0.1336 version which is now saved in the file: /opt/phoenix/config/phoenix_config.txt
If you had made any other changes to the parameters in previous releases, the original copy is found in /opt/phoenix/config/phoenix_config.txt.5.0.1.1203
Please manually make these parameter changes if needed. Otherwise, all settings except the ones above are factory default for 5.1.0.1336
Getting the super IP to clear cache
cache file does exits removing the same
Parsing policy file: /opt/tripwire/etc/tw.pol
Generating the database...
*** Processing Unix File System ***
### Warning: File system error.
### Filename: /opt/tripwire/etc/tomic-local.key
### No such file or directory
### Continuing...
Wrote database file: /opt/tripwire/lib/tripwire/tomic.twd
The database was successfully generated.
Broadcast message from root@tomic
(/dev/pts/2) at 10:29 ...
The system is going down for reboot NOW!
[root@tomic pbin]# Connection to 192.168.0.112 closed by remote host.
Connection to 192.168.0.112 closed.
Troubleshooting Tips:
1) License after Upgrade
After the upgrade if the system asks you for a license, make sure that all processes are up and running. This only happens if the Application Server hasn’t loaded the application completely.
You can verify that everything is running by doing phstatus in the console:
You can also force the services by issuing the phtools --start ALL command
2) Phdownloadimage error
If phdownloadimage gives you an error, it is most likely related to the fact that the path is wrong. Make sure to have three forward slashes (and not two) before the directory name: ./phdownloadimage file:///directory/path
