This section provides information about upgrading from Change Guardian 5.0.0.0 appliance to Change Guardian 5.1.0.0 appliance.
This section describes the guidelines and best practices to plan the upgrade.
Complete the following checklist before proceeding with the upgrade:
Ensure that the CG server is on version 5.0 and updated with all the available updates.
NOTE:Run the Command rpm -qa | grep netiq to know the version of your Change Guardian installation.
Email ID and Registration code required to access the appliance update channel.
Ensure that the following partitions have the recommended free disk space:
/var/opt
should have 12 GB
/opt
should have 4 GB
/
should have 5 GB
Backup the data.
For more information, see Section 20.0, Backing Up and Restoring Data
Download the following files from the Micro Focus Downloads website:
The Change Guardian Server install file: cgserver-5.1.0.0-457.x86_64.tgz
The operating system install file: SLES-12-SP3-Server-DVD-x86_64-GM-DVD1.iso. Download this file on the location that is accessible to a Hyper-V or VMWare ESX console.
The appliance configuration utility install file changeguardian_appliance_configuration_utility_5100-32.tar.gz
Ensure that you have not used Change Guardian appliance for any other purpose, as recommended by the End User License Agreement. For example, you have not deployed any application packages other than Change Guardian.
Ensure that you have updated the appliance only through the supported Change Guardian release channels. For example, applying any updates directly through SUSE update channel may render your appliance in inconsistent state.
The following table gives a high-level overview of the steps, the prerequisites to complete the steps, and other considerations:
Step |
Purpose |
Prerequisite |
Other Consideration |
---|---|---|---|
Upgrade Change Guardian |
To upgrade to Change Guardian 5.1.0.0 appliance |
Change Guardian 5.0.0.0 appliance |
None |
Upgrade the base operating system |
To upgrade the operating system to SLES12 SP3 |
Change Guardian 5.1.0.0 |
Experience is similar to SLES11 to SLES12 OS upgrade procedure |
Configure Change Guardian |
To configure Change Guardian 5.1 appliance to receive future updates |
Upgrade the operating system to SLES 12 SP3 |
None |
This section provides information about upgrading Change Guardian 5.0 appliance to Change Guardian 5.1 appliance.
Perform the following steps to upgrade:
Log in to the Change Guardian server as root
Copy the following file to the Change Guardian server: cgserver-5.1.0.0-457.x86_64.tgz
NOTE:The downloaded file and the extracted file together needs 7 GB of space, which you can clear after the upgrade is complete.
Run the following command to extract the install files: tar -zxvf cgserver-5.1.0.0-457.x86_64.tgz
Use the cd command to change to the directory where the install files are extracted.
Start the upgrade by running the following command:./install-changeguardian.sh
Follow the prompts to select the language and accept the license agreement.
Accept to upgrade Change Guardian internal component to 8.2.0.0.
Approve the upgrade process by entering yes.
NOTE:Stopping services take several minutes.
Result: The upgrade finishes with the following messages: “Change Guardian upgrade configuration is complete.”
Open the Change Guardian web console, once services come up, by using the following URL: https://IP_Address_Change_Guardian_server:8443
NOTE:Starting Change Guardian services take a few minutes.
Perform the following steps to start the SLES upgrade:
Stop the Change Guardian services by running the following command: /opt/netiq/cg/scripts/cg_services.sh stop
(Conditional) If Change Guardian is in FIPS mode at this stage, NSS database files must be manually upgraded by running the following command:
certutil -K -d sql:/etc/opt/novell/sentinel/3rdparty/nss -X
Follow the on-screen instructions to upgrade the NSS database.
Give full permissions to novell user for the following files in folder /etc/opt/novell/sentinel/3rdparty/nss:
cert9.db key4.db pkcs11.txt
Configure the Change Guardian virtual machine:
Mount the SLES-12-SP3-Server-DVD-x86_64-GM-DVD1.iso to the DVD in the virtual machine configuration.
Change the BIOS setting of the virtual machine to boot from the mounted media.
Boot the virtual machine.
Select Upgrade in the boot menu.
WARNING: If you select Installation instead of Upgrade, data may be lost.
Select the Language, Keyboard, and License Agreement on the screen and click Next.
(Conditional) At the Network Settings screen, ignore the following message: The device is not configured. Press Edit to configure
to retain existing settings, and click Next.
NOTE:This screen appears based on your network configuration.
At the Select for Update screen, select the appropriate partition and click Next
Click OK to ignore the warning about the partition mount location.
(Conditional) At the Repositories screen, select the appropriate repository and click Next.
NOTE:This screen appears if you had configured a repository in the Change Guardian 5.0 appliance.
At the Registration screen, do the following:
Ignore any error messages or warnings for registration.
Select Skip Registration and select Next
At the Add On Product screen, do not modify the options, select Next.
At the Installation Settings screen, review the text and select Update
On the confirmation page, select Start Update.
After the upgrade completes, the system reboots.
After the reboot completes, select Boot from the Hard Disk.
Log in to the Change Guardian server as the root user.
NOTE:You can safely ignore the message No IP address is found. Please check appliance network configuration. The network is configured at a later step.
Verify the SLES version by running the following command: cat /etc/SuSE-release
(Conditional) If Change Guardian was in FIPS mode before the operating system upgrade or you use Mozilla Network Security Services (NSS) 3.29 and later; two dependent RPM files libfreebl3-hmac and libsoftokn3-hmac may not be installed. You must manually install both of these RPM files if not present.
This section provides information about packages required to manage the appliance, configure network settings and the password for root and vaadmin users. The vaadmin user is used to manage the Change Guardian appliance.
Perform the following steps to configure the appliance configuration utility:
Copy the following file to the Change Guardian server: changeguardian_appliance_configuration_utility_5100-32.tar.gz
Extract the file.
Run the command: tar -xvf changeguardian_appliance_configuration_utility_5100-32.tar.gz
Use the cd command to change to the directory where you extracted the utility.
To configure the appliance, keep your existing network configuration information ready for use and then run the following script:
./cg5100-appliance_configuration.sh
This script configures the required packages to manage the appliance.
WARNING:Do not run this script remotely as it involves network reconfiguration, which in turn might interrupt the configuration.
On the Yast-Change Guardian Appliance 5.1.0.0 screen, select Configure.
Follow the on-screen instructions to set the root and the vaadmin password.
NOTE:You can use an existing or a new password for root user. However, you must set a new password for the vaadmin user.
Select Static IP Address or DHCP IP Address based on your environment.
(Conditional) Enter the IP details if your network is configured to static IP address.
Select Exit to save the configuration, press Enter to reboot.
NOTE: Reboot might take several minutes to complete.
Using your existing registration code, register for updates again to receive Change Guardian and latest operating system updates.
Log in to the following URL to register to the Change Guardian appliance update channel, using your existing registration code, to register for updates again to receive both Change Guardian and SLES 12 SP3 updates: https://IP_Address_Change_Guardian_server:9443
For more information, see Registering the Appliance for Updates.
Allow a few minutes to let the services start, then log in to Change Guardian web console by using the following URL: https://IP_Address_Change_Guardian_server:8443
Use the appliance update channel to receive Change Guardian and operating system updates.
For more information, see Applying Appliance Updates.