IMPORTANT:If the base operating system is RHEL 6.8, you must first upgrade to Access Manager 4.4, then upgrade to RHEL 6.9.
If you have downloaded the evaluation version and want to keep your configuration after purchasing the product, you need to upgrade each of your components with the purchased version. The upgrade to the purchased version automatically changes your installation to a licensed version.
After you have purchased the product, log in to the NetIQ Customer Center and follow the link that allows you to download the product.
Perform the following procedures to upgrade from the evaluation version to the purchased version:
Open a terminal window.
Log in as the root user.
Download the upgrade file from dl.netiq.com and extract the tar.gz file using the following command: tar -xzvf <filename>.
NOTE:For information about the name of the upgrade file, see the specific Release Notes on the Access Manager Documentation website.
Change to the directory where you unpacked the file, then enter the following command in a terminal window:
./ma_upgrade.sh
Enter the Access Manager Administration Console user ID.
Enter the Access Manager Administration Console password
Re-enter the password for verification
The upgrade logs are located in the /tmp/novell_access_manager/ directory. The logs have time stamping.
Perform the steps provided in Upgrading Access Gateway Service
Back up any customized JSP pages and related files.
Even though the upgrade program backs up the JSP directory and its related files in the /root/nambkup folder, it is a good practice to backup these files.
Open a terminal window.
Log in as the root user.
Download the upgrade file from dl.netiq.com and extract the tar.gz file using the following command: tar -xzvf <filename>.
NOTE:For information about the name of the upgrade file, see the specific Release Notes on the Access Manager Documentation website.
Change to the directory where you unpacked the file, then enter the following command in a terminal window:
./ma_upgrade.sh
A warning message regarding backup and restore is displayed followed by the message for including security settings.
If you have customized any files, take a backup and restore them after installation.
IMPORTANT:httpd.conf file is overwritten with a new file because Access Manager 4.4 upgrades Apache 2.2 to Apache 2.4 to support WebSocket. A backup of the existing httpd.conf file is available at /root/nambkup.
Would you like to continue this upgrade? Type Y to continue.
If you do not want to include the security configurations, then type n. This stops the upgrade.
Do you want to restore custom login pages? Type Y to confirm.
Enter the Access Manager Administration Console user ID.
Enter the Access Manager Administration Console password
Re-enter the password for verification
The system displays the following message when the upgrade is complete:
Upgrade completed successfully.
Restore any customized files from the backup taken earlier. To restore the files, copy the files to the respective locations below:
/opt/novell/nam/mag/webapps/nesp/WEB-INF/web.xml
/opt/novell/nam/mag/webapps/nesp/jsp
/opt/novell/nam/mag/webapps/nesp/html
/opt/novell/nam/mag/webapps/nesp/images
/opt/novell/nam/mag/webapps/agm/WEB-INF/config/current
/opt/novell/nam/mag/webapps/nesp/config
/opt/novell/devman/jcc/scripts/presysconfig.sh
/opt/novell/devman/jcc/scripts/postsysconfig.sh
Manually back up the tomcat.conf and the server.xml files from /opt/novell/nam/mag/conf.
The ag_upgrade.sh script takes care of backing up the remaining customized files automatically. These files get automatically backed up at the /root/nambkup folder and includes apache configuration and error pages.
IMPORTANT:(Applicable for RHEL) When more than 60 proxy services are configured, Apache fails to start after upgrade. RHEL has 128 semaphore arrays by default which is inadequate for more than 60 proxy services. Apache 2.4 requires a semaphore array for each proxy service.
You must increase the number of semaphore arrays depending on the number of proxy services you are going to use. Perform the following steps to increase the number of semaphore arrays to the recommended value:
Open /etc/sysctl.conf
Add kernel.sem = 250 256000 100 1024
This creates the following:
Maximum number of arrays = 1024 (number of proxy services x 2)
Maximum semaphores per array = 250
Maximum semaphores system wide = 256000 (Maximum number of arrays x Maximum semaphores per array)
Maximum ops per semop call = 100
Use command sysctl -p to update the changes
Start Apache.
Download the AM_44_AccessGatewayService_Linux_64.tar.gz file from the NetIQ download site and extract it by using the following command:
tar -xzvf <AM_44_AccessGatewayService_Linux_64.tar.gz>
Run the ag_upgrade.sh script from the folder to start the upgrade.
IMPORTANT:httpd.conf file is overwritten with a new file because Access Manager 4.4 upgrades Apache 2.2 to Apache 2.4 to support WebSocket. A backup of the existing httpd.conf file is available at /root/nambkup.
Specify the following information:
User ID: Specify the name of the administration user for Administration Console.
Password and Re-enter Password: Specify and re-enter the password for the administration user account.
Access Gateway Service is upgraded. The following message is displayed when upgrade is complete:
Starting Access Manager services... Backup of customized files are available at /root/nambkup. Restore them if required.
View the log files. The install logs are located in the /tmp/novell_access_manager/ directory.
Restore any customized files from the backup taken earlier as part of steps in Prerequisites.
To restore the files, copy the content of the following files to the corresponding file in the new location.
|
Old File Locations |
New File Location |
|---|---|
|
/root/novell_access_manager/apache2/(contains apache var files) |
/opt/novell/apache2/share/apache2/error |
|
/root/novell_access_manager/nesp/ (contains modified error pages) |
/var/opt/novell/tomcat/webapps/nesp/jsp/ |
server.xml:
If you have modified any elements or attributes in the 4.2.x or 4.3 environment the corresponding changes will need to be applied to the 4.4 server.xml file.Typical changes done to the server.xml include modifying the 'Address=' to restrict the IP address the application will listen on, or 'maxThreads=' attributes to modify the number of threads.
In the following example, 4.2.x has customized maxThreads value.
<<Connector port="9009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" address="127.0.0.1" minSpareThreads="25" maxThreads="700" backlog="0" connectionTimeout="20000, ... ../>
Make a note of the customizations and copy paste the changed values in the 4.4 server.xml file
tomcat.conf:
Copy any elements or attributes that you have customized in the tomcat8.conf file to the tomcat.conf file.For example, if you have included the environment variable to increase the heap size by using -Xmx/Xms/Xss attributes in the tomcat8.conf file, copy this variable to the 4.4 /opt/novell/nam/idp/conf/tomcat.conf file.
Modify the required properties in /opt/novell/nam/mag/webapps/agm/WEB-INF/agm.properties using back up file /root/novell_access_manager/agm/agm.properties. If you have customized the agm.properties file from the backup taken in 4.2.x or 4.3.x, ensure that you apply the same to the new 4.4 /opt/novell/nam/mag/webapps/agm/WEB-INF/agm.properties file. An example below shows the how to enable the backend webserver's web page caching and the cache location.
apache.disk.cache.enabled=yes
apache.disk.cache.root=/var/cache/novell-apache2
Change the ownerships of the following files (with read access to tomcat user) using the following commands:
chown -R novlwww:novlwww /var/opt/novell/tomcat/webapps/nesp/jsp/
chown -R novlwww:novlwww /opt/novell/nam/mag/webapps/agm/WEB-INF/agm.properties
On the newly added Access Gateway Service, restart Tomcat using the /etc/init.d/novell-mag restart or rcnovell-mag restart command.
NOTE:If you have customized the Java settings in the /opt/novell/nam/idp/conf/tomcat.conf file, then after the upgrade, you must copy the customized setting to the new file.