Created on 10-13-2016 06:24 AM Edited on 06-02-2022 09:55 AM By Anonymous
Description
There are AO customers whose AO-VA does not have internet access for security requirement and hence cannot upgrade the system by running phUpgradeImage command which requires yum validation to our image server. This documentation contains the instructions to upgrade a AO-VA which does not have internet connections.
There are three tasks to complete for such an upgrade:
Since offline VAs are not able to download the upgrade packages directly from AccelOps image server, customers need to download the upgrade package and copy the package over to the AO-VA.
The following script simulates an online download of the upgrade files. It places all of the files into their proper locations and prepares the system for upgrade.
[This script is now attached to this article below]
The process to download the upgrade image download may take some time and use a considerable amount of bandwidth. Would you like to start the download now? (yes/no) :
yes
continue to download .
Download images for accelops-va
Download url: file:///upgrade/va/latest
Please wait...
./usr/bin/yumdownloader -c /etc/yum.repos.d/accelops-va.repo --destdir=/var/cache/yum/accelops-va/packages/
accelops-va 100% |=========================| 951 B 00:00
primary.xml.gz 100% |=========================| 3.4 kB 00:00
accelops-v: ################################################## 1/1
Run the following command to upgrade Accelops.
There are a few additional steps that you will need to complete before the upgrade to the latest , if you are from a version before 3.6.2
There is a new upgradescript that you will need to download/scp. It is found at:
gpgcheck=1
keepcache=1
to look like:
gpgcheck=0
keepcache=0
File Structure and permissions example: /upgrade/va/latest
[root@james-sp_only latest]# ls -l
total 498060
-rw-r--r-- 1 root root 509330298 Apr 11 13:59 accelops-va-3.7.2.2008.rpm
-rw-r--r-- 1 root root 159340 Apr 11 13:50 nscd-2.5-18.el5_1.1.x86_64.rpm
drwxr-xr-x 2 root root 4096 Apr 17 07:51 repodata
-rw-r--r-- 1 root root 1682 Apr 11 13:50 RPM-GPG-KEY
-rw-r--r-- 1 root root 172 Apr 11 13:50 VA-3.7.2.2008.md5
[root@james-sp_only latest]# cd repodata
[root@james-sp_only repodata]# ls -l
total 88
-rw-r--r-- 1 root root 34663 Apr 11 13:49 filelists.xml.gz
-rw-r--r-- 1 root root 35253 Apr 11 13:49 other.xml.gz
-rw-r--r-- 1 root root 8117 Apr 11 13:49 primary.xml.gz
-rw-r--r-- 1 root root 192 Apr 11 13:49 repodata.md5
-rw-r--r-- 1 root root 951 Apr 11 13:49 repomd.xml
Please make sure you have the correct files in these directories as well as the correct extensions (note, if you download RPM-GPG-KEY into a windows box, it will append a .txt and change the format)
NOTE: The process to Upgrade the collector offline is different - Here are the steps to Install the collector offline.
Here is the manual "offline" Collector upgrade process. This is normally used when a Collector is not allowed to access the Internet, so it can't reach our image server.
Contact AccelOps Technical Support if you have questions about the process below. This example, was written for upgrading to version 3.6.2, later versions will use the appropriate file name that contains the version (accelops-collector-x.x.x.xxxx.rpm).
A. Download the Collector upgrade image to your laptop.
https://images.accelops.net/upgrade/co/latest4/ (use the same credentials as your AO license credentials)
B. Place the image file to the following directory with scp, and make sure that the file ownership and modify the rights to the file to match what you see below:
[root@Col351-133 packages]# pwd
/var/cache/yum/accelops-collector/packages (note: this directory may not be there yet for Collectors that have not been upgraded since installation, so you may need to create this directory)
[root@Col351-133 packages]# ls -la
total 321688
drwxr-xr-x 2 root admin 4096 Aug 7 14:34 .
drwxr-xr-x 3 root admin 4096 Aug 7 14:34 ..
-rw-rw-r-- 1 root admin 329071536 Jul 25 15:23 accelops-collector-3.6.2.1266.rpm
C. After the upgrade image file has been downloaded and moved to the correct directory, with the proper permissions and ownership, do the following:
1. Query the installed AccelOps package name by running “rpm –qa | grep accelops”
2. Remove the installed AccelOps package from the system by running “rpm –e <accelops rpm package name from step 1>”
3. Install the new AccelOps package by running “rpm –i <new accelops rpm package name from download>”
4. Reboot.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.