| Solution |
During an attempt to upgrade the collector, the following error appears when looking through the error logs: 'unzip failed 127'.
There are 2 locations for collector upgrade logs to find out why the collector failed :
- /usr/local/upgrade/logs/ansible.log
- /opt/phoenix/log/collector-upgrade.log
Before running the upgrade, run some checks to make sure the Collector is healthy enough to attempt the upgrade:
- Super and Collectors are in a healthy state.
- The Collector can Discover devices.
- The DNS servers need to be able to resolve and reach update.fortiguard.net
nmap update.fortiguard.net - p 443
curl -kv https://update.fortiguard.net
Example of a correct output :
curl -kv https://update.fortiguard.net
* Rebuilt URL to: https://update.fortiguard.net/
* Trying 173.243.138.67...
* TCP_NODELAY set
* Connected to update.fortiguard.net (173.243.138.67) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
* TLSv1.3 (OUT), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=California; L=Sunnyvale; O=Fortinet; OU=FDS; CN=fds1.fortinet.com; emailAddress=support@fortinet.com
* start date: Dec 14 17:46:55 2023 GMT
* expire date: Jun 11 17:46:55 2024 GMT
* issuer: C=US; ST=California; L=Sunnyvale; O=Fortinet; OU=Certificate Authority; CN=support; emailAddress=support@fortinet.com
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
* TLSv1.3 (OUT), TLS app data, [no content] (0):
> GET / HTTP/1.1
> Host: update.fortiguard.net
> User-Agent: curl/7.61.1
> Accept: */*
>
* Empty reply from server
* Connection #0 to host update.fortiguard.net left intact
curl: (52) Empty reply from server
If the response is not expected and a proxy is used, then configure the configuration for the use of a proxy:
Resources -> Malware Domains -> FortiGuard Malware Domain -> More -> Use Proxy.
 Update Foritigaurd Proxy
- The host file needs to have FQDN hostnames for both Supervisor and Collector (on each Collector).
- It is better to have all the updates in place before the upgrade.
yum update
- Verify if the Collector Image made it to the super and with the correct hash:
cd /opt/phoenix/CollectorUpgrade/
ls -l
sha256sum FSM_Upgrade_All_6.5.0_build1511.zip
02af9c4f870a95e6ee2b2c4493b4a6b14afd47f9862c5176509b25717608ae65 FSM_Upgrade_All_6.5.0_build1511.zip
Change the upgrade image to the image used for the upgrade.
Example:
sha256sum Your-FSM-Version-Upgrade
- After the Download portion is complete for the Collector upgrade, verify that the Hash matches on the Collector:
cd /opt/upgrade/
ls -l
sha256sum FSM_Upgrade_All_6.5.0_build1511.zip
- If everything is correct and the following error, 'unzip failed 127' appears, update the correct package and retry the upgrade:
yum install p7zip
|
