This document covers the following about updating to OES 2 SP3 via ZLM.
- Controlling the deployment schedule
- Troubleshooting notes
- Addressing a known LUM/namcd issue when using a proxy user and not having configured LUM with YAST
- SecretStore configured by default
Controlling the deployment schedule of the patching process to OES 2 SP3:
First and foremost, please reference the online documentation.
After referencing the online documentation listed above go to page 241.
If you need to control what site is patched when, you can control the deployment of the patch by doing the following:
- Follow the steps found in the online documentation starting on page 241
- In ZCC, create a new Catalog say “OES2-SP3-Online-Migration” and add the bundles “OES2-SP3-Online-bundle”, “OES2-SP3-firstboot-bundle” and “OES2-SP3 File Bundle” to this catalog.
- In ZCC, assign the OES2-SP3-Online-Migration Catalog and the OES2-SP3-Pool” Catalog containing its bundles to the OES Server devices with ZLM agent installed. The Catalog schedule can be deployed and immediate to update its metadata. Bundles in Catalog are an optional assignment and would not get installed automatically on assignment to a Server and refresh of the device.Below are the details of the bundles we are creating for upgrade process.
- OES2SP3-file-bundle: This bundle will copy the “answer” file to /opt/novell/oes-insta/ directory (if the “answer” file is created) & it also copy the “prereboot.sh” to /tmp directory. There is a script with this bundle that will run “prereboot.sh” file. “prereboot.sh” script checks the status of all the bundles for installed or not. Once all the bundles are installed it will trigger server reboot.
- OES2SP3-firstboot-bundle: This bundle install the “yast2-firstboot” rpm & configure it. This package interrupts the standard init script processing following the reboot, and launches the customized OES configuration code (This is where the “answer” file is used, if the “answer” file is there on /opt/novell/oes-install directory upgrade process will pick the password from there, if not it will prompt for password).
- OES2SP2-bundle/OES2SP2-Online-Bundle/OES2SP2-Pool-bundle: These bundles contains the oes2sp2 rpms.
- Refresh the registered agent using “rug ref” and list the new Catalogs.
- Subscribe to the “OES2-SP3-Online-Migration” Catalog on the device. The Pool Catalog doesn’t need to be assigned as it is used for dependency resolution.
- Install the OES 2 SP3 Online Bundle first using rug bin <bundle-name> and check for installed status (i) using rug bl. Follow the same for Firstboot bundle and then File Bundle which follows OES Upgrade Config post reboot.
Note: Make sure you have recent ZLM7.3 server/agent (ZLM7.3 IR4) installed and No bundles are directly assigned to the OES device else it would be a mandatory installation on the device. It’s better to verify the steps for bundle installation on a test device running under a VM.
If the answer file is misconfigured, you will need to fix it and reboot. If there is no answer file, you will need to login on bootup. If you are suspicious of the update not successfully configuring the server, check the following:
- Check for the OES2SP3-firstboot-bundle (yast2-firstboot rpm) & the OES2SP3-file-bundle configuration & there installation status of agent machines.
- chkconfig firstboot (check to see if it is on or not. If it is on, it is a good indication that the patching did not finish)
- do these files still exit after the patching? /etc/reconfig_system” & “/etc/Yast2/firstboot.xml”
y2log should show the following lines when it is finished:
[YCP] clients/channel-upgrade-oes.ycp:55 ChannelUpgrade.CleanupFirstBoot:executing: rm -f /etc/reconfig_system [YCP] clients/channel-upgrade-oes.ycp:64 ChannelUpgrade.CleanupFirstBoot:disabling 'firstboot' service. [YCP] Service.ycp:399 Disabling service firstboot ShellCommand.cc(shellcommand):78 insserv: script ipmi.hp: service ipmidrv already provided! [YCP] clients/channel-upgrade-oes.ycp:998 ChannelUpgrade:ret from cleaning up firstboot = true [YCP] clients/channel-upgrade-oes.ycp:75 ChannelUpgrade.DeleteAnswerFile:executing: rm -f /opt/novell/oes-install/answer ycp:84 ChannelUpgrade.DeleteAnswerFile:deleting password file. [YCP] clients/channel-upgrade-oes.ycp:1001 ChannelUpgrade:ret from deleting answer file = true [YCP] clients/channel-upgrade-oes.ycp:1009 ChannelUpgrade:channel-upgrade finished [YCP] clients/channel-upgrade-oes.ycp:1010 ----------------------------------------
use the y2log to gather info for problems during the install.
- NAMCD is moving the proxy user from nam.conf to casa.
- The proxy-user-fdn and proxy-user-pwd are no longer stored in /etc/nam.conf,
- Proxy user and credentials are moved to casa during the upgrade.
- “rcmicasad status” to check if casa is running ?
- ‘CASAcli -l’ should list ‘novell-lum’ store
If you need to manually reset the proxy user and password, use the below commands:
- KEYVALUE=cn=lpxy,o=novell CASAcli -s -n novell-lum -k CN
- KEYVALUE=npass CASAcli -s -n novell-lum -k Password
The firstboot process will take 10-20+ minutes, depending what services are installed on the box. After the patch is deployed, the firstboot process will startup when the box is rebooted. The answer file will be deleted, ndsconfig upgrade will be ran and ndsd will be restarted, all other services will be looked at as part of the firstboot process as it is ran.
Addressing a known LUM/namcd issue when using a proxy user and not having configured LUM with YAST
If you LUM via the nam.conf file and not through YAST, you will probably find that the credentials are not moved over to CASA when you upgrade to OES 2 SP3. You will want to edit the /etc/sysconfig/novell/lum2_sp2 file to set the proxy credentials. See the line CONFIG_LUM_PROXY_USER=”cn=ldaplum,o=novell”. Below is an example script of moving the credentials from the nam.conf to the casa store. You would want to run this script prior to the reboot of the patches being applied if possible. If not, make sure to do it right after the firstboot process.
############################# #!/bin/bash # Script to move the proxy information from /etc/nam.conf to CASA On OES 2 SP3 server PROXY_USER=`grep "proxy-user-fdn" /etc/nam.conf |cut -d"=" -f2-` if [ -z $PROXY_USER ] then echo "PROXY USER is empty" exit fi sed -i 's/CONFIG_LUM_PROXY_USER=".*"/CONFIG_LUM_PROXY_USER=\"'$PROXY_USER'"/g' /etc/sysconfig/novell/lum2_sp2 sed -i 's/CONFIG_LUM_PROXY_USER=".*"/CONFIG_LUM_PROXY_USER=\"'$PROXY_USER'"/g' /etc/sysconfig/novell/lum2_sp3 PROXY_PWD=`grep "proxy-user-pwd" /etc/nam.conf |cut -d"=" -f2-` if [ -z $PROXY_PWD ] then echo "PROXY PASSWORD is empty" exit fi KEYVALUE=$PROXY_USER CASAcli -s -n novell-lum -k CN if [ $? -ne 0 ] then echo "Writing Proxy User to CASA failed" exit fi KEYVALUE=$PROXY_PWD CASAcli -s -n novell-lum -k Password if [ $? -ne 0 ] then echo "Writing Proxy password to CASA failed" exit fi sed -i '/^proxy-user/,//d' /etc/nam.conf if [ $? -ne 0 ] then echo "Removing proxy-user-fdn and proxy-user-pwd from /etc/nam.conf failed" else echo "Proxy User and Proxy Password moved to CASA successfully" fi #############################
SecretStore configured by default
By default SecretStore is configured when patching to OES 2 SP3. If this is not desired, you can modify the /etc/sysconfig/novell/edir2_sp2 file to set the ‘CONFIG_EDIR_CONFIGURE_SECRETSTORE=””‘ to have the value of “no”, prior to the upgrade.
The default setting in the file shows:
## Path: System/Yast2/eDirectory ## Description: Novell eDirectory configuration ## Type: "yes" | "no" ## Default: "yes" # # Install eDir security product SecretStore # # CONFIG_EDIR_CONFIGURE_SECRETSTORE=""