Access Manager: Upgrading 1.3 to 1.4

Christopher Dakin
This article is marked as obsolete.

Introduction

In order to take advantage of the latest SSL security features, we have had to upgrade the version of Java and the underlying operating system. (Java 7 to 8 and Debian 7 to 8).

This means that you will not directly be able to upgrade a 1.3 system to 1.4 from the web UI or VMCentre as the operating system and associated packages will also need to upgraded.

This article contains instructions on how to perform this upgrade from a command-line shell.

Please ensure your Access Manager instance is backed up or has a VM snapshot before performing the below.

 

Pre-requisites

* Your Access Manager system should be on version 1.3-RG9. If it is not, upgrade to this first (which is the final 1.3 release).
* Internet access required to download the new operating system and Access Manager packages.
* Access to VM console shell or direct SSH access.


Procedure

Note: If you are using one of our pre-built cloud VMs (AWS, Google Compute, Oracle), ensure you are running all of the below commands as the root user rather than the nervepoint user.

To do this easily, switch to root first by typing: sudo -s

 

Connect to the VMCentre shell, or via SSH with the root account. Everything in italics are typed commands:

  1. Stop the Access Manager service with:/etc/init.d/nervepoint stop
  2. To stop the service restarting during the OS upgrade, type: touch /tmp/defeat-nervepoint-restart
  3. rm /etc/apt/sources.list
  4. echo "deb http://ftp.debian.org/debian jessie main contrib" | tee -a /etc/apt/sources.list
  5. echo "deb http://security.debian.org/ jessie/updates main contrib" | tee -a /etc/apt/sources.list
  6. echo "deb http://archive.debian.org/debian/ jessie-backports main" | tee -a /etc/apt/sources.list
  7. echo "Acquire::Check-Valid-Until false;" | tee -a /etc/apt/apt.conf.d/10-nocheckvalid
  8. echo 'Package: *\nPin: origin "archive.debian.org"\nPin-Priority: 500' | tee -a /etc/apt/preferences.d/10-archive-pin
  9. rm /etc/apt/sources.list.d/jessiebackports.list (this file may not exist, so any file not found error here is okay)
  10. cd /etc/apt/sources.list.d/
  11. rm nervepoint*
  12. echo "deb http://nervepointupdates.s3.amazonaws.com excalibur main" > nervepointupdates.list
  13. echo "#deb http://nervepointearlyaccess.s3.amazonaws.com excalibur main" > nervepointearlyaccess.list
  14. apt-get update (make sure there are no ERRORs, examine any WARNINGs - it might complain about some python stuff which can safely be ignored).
  15. apt-get dist-upgradeThere could be up to 400-500 upgrade packages, a small amount to remove, none not upgraded. Type Y to start the upgrade.

 

The dist-upgrade can take some time. During the upgrade you will be asked some or all of the below questions:

a) Console encoding (unlikely you will get prompted for this) but choose the best for your location, probably "western" for Europe/US for example.

b) Postfix configuration (does not always get prompted)- Choose no configuration.

c) Whether or not to allow SSH root logins with just passwords. This choice is up to you as the customer, but to keep it acting as before choose NO to NOT disable password root logins.

d) Whether or not to allow certain services to be restarted with asking. Choose Yes by using Tab or Cursor keys and Enter.

e) "Incompatible PAM profiles selected". Ignore it and press OK.

f) New versions of config files are available, such as grub for example. In general its OK to 'install the package maintainer's version.

Select all devices to install grub to /dev/sda /dev/sda1, /dev/sda2 etc with the space bar.

 

When the dist-upgrade completes you may see 'Errors were encountered while processing: nervepoint'. Don't worry about that as this will resolve itself on reboot, but don't reboot just yet.

 

To complete the upgrade:

  1. We need to install Java 8 and ensure it is installed: apt-get install -t jessie-backports openjdk-8-jdk
  2. Make sure it's the default with: update-alternatives --config java
  3. The Currently active JDK should have a * next to it. If its not java-8-openjdk, press the number relating to the Java-8 entry.
  4. You may get an error about a plugin not existing, ignore this.
  5. Now reboot the system by typing: reboot. The system will update the Access Manager database from 1.3 to 1.4.
  6. Wait for at least 5 minutes for the reboot and upgrade to occur, then reconnect to the system again.
  7. After the reboot you may find that VMCentre is no longer working. This can be fixed with: rm /root/.bash_profile.
  8. There is one last configuration change that the Access Manager does automatically the first time it starts up the 1.4 service, which needs a final restart. Restart the service one last time with /etc/init.d/nervepoint restart.

 

You should now have a working 1.4 system.

 

Note: You may see errors during the upgrade about not being able to install the linux kernel (linux-image) due to insufficient disk space.

This will not stop this upgrade from succeeding, but you may wish to fix this afterwards.

To do this, please refer to this article

then you will be able to upgrade the kernel with: apt-get dist-upgrade again.