Sentinel 7.1.1.1 resolves specific previous issues. This document outlines why you should install this hotfix.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable inputs. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Sentinel Community Support Forums, our community Web site that also includes product notifications, blogs, and product user groups.
For more information about this hotfix and for the latest Readme, see the Sentinel 7.1 Documentation Web site.
The hotfix resolves the following issue. For the list of software fixes and enhancements in previous releases, see the Sentinel 7.1 Documentation Web site.
Issue: When you upgrade Sentinel to version 7.1.1, it takes a long time to migrate the data in MongoDB and delays the upgrade. (BUG 853484)
Fix: MongoDB data migration is now run in parallel with other Sentinel services on startup, no longer blocking Sentinel from functioning as expected. Sentinel 7.1.1 changes the MongoDB data schema, which requires Sentinel to migrate data from previous versions to the new schema. Usually the migration process happens only during the first restart of Sentinel after the upgrade. Upon startup, the migration process checks whether there is any MongoDB data to migrate. If you later restore MongoDB data that uses the old schema, Sentinel migrates that data the next time Sentinel is restarted and deletes the original schema data when migration is complete.
If you do not want to migrate data from previous versions, you can disable the data migration before you upgrade Sentinel. To disable Security Intelligence data migration, perform the following steps:
Log in to the Sentinel server as the root user.
Open the /etc/opt/novell/sentinel/config/server.xml file.
Add the following property:
<property name="baselining.migration.check">false</property>
Setting this property as false disables the Security Intelligence data migration.
(Conditional) If you want to permanently delete the Security Intelligence data from previous versions, add the following property:
<property name="baselining.migration.delete">true</property>
IMPORTANT:Setting this property as true permanently deletes the existing Security Intelligence data and the deleted data is not recoverable.
Restart the Sentinel server.
NOTE:If you want to enable Security Intelligence data migration, you should set the baselining.migration.check value to true and the baselining.migration.delete value to false.
You can upgrade to Sentinel 7.1.1.1 from Sentinel 7.0 or later.
For information about hardware requirements, supported operating systems, and browsers, see Meeting System Requirements
in the NetIQ Sentinel 7.1 Installation and Configuration Guide.
Download the hotfix from the Novell Patch Finder Web site. Before you upgrade to Sentinel, ensure that there are no duplicate users in the MongoDB database. For more information, see Section 3.1, Prerequisite.
The following sections provide information about upgrading Sentinel:
NOTE:
After the upgrade is complete, when the system starts for the first time, Sentinel might take a few minutes to start because the system performs a one-time update to the Security Intelligence schema. The time required to start depends on the amount of Security Intelligence data in your system.
After you upgrade Sentinel, clear the Java Web Start cache on the client computers to use the latest version of Sentinel applications. You can clear the Java Web Start cache by either using the javaws -clearcache command or by using Java Control Center. For more information, see http://www.java.com/en/download/help/plugin_cache.xml.
Sentinel 7.1.1 and later includes MongoDB version 2.4.1. MongoDB 2.4 requires removal of duplicate user names in the database. Before you upgrade to Sentinel 7.1.1.1, verify whether there are any duplicate users and then remove the duplicate users.
Log in to the Sentinel 7.1 or earlier server as the novell user.
Change to the following directory:
cd opt/novell/sentinel/3rdparty/mongo/bin
Run the following commands to verify duplicate users:
./mongo --port 27017 --host "localhost"
use analytics
db.system.users.findOne().count()
If the count is more than 1, it indicates there are duplicate users.
Run the following command to list the users:
db.system.users.findOne().pretty()
The command lists users along with duplicate entries. The first user in the list is the original user. You should keep the first user and delete the others in the list. The other entries would be the most recent that were probably installed when you restored the backup
Run the following command to remove duplicate users:
db.system.users.remove({ _id : ObjectId("object_ID") })
Run the following command to verify whether the duplicate users have been removed:
db.system.users.findOne().pretty()
Switch to database admin user:
use admin
Repeat Step 1 through Step 3 to verify and remove duplicate dbausers in the admin database.
For information about upgrading to Sentinel 7.1.1.1, see “Upgrading Sentinel” in the NetIQ Sentinel 7.1 Installation and Configuration Guide.
When you upgrade the Sentinel traditional installation in a high availability setup, first upgrade the passive nodes in the cluster, then upgrade the active cluster node.
Enable the maintenance mode on the cluster:
crm configure property maintenance-mode=true
Maintenance mode helps you to avoid any disturbance to the running cluster resources while you update Sentinel. You can run this command from any cluster node.
Verify whether the maintenance mode is active:
crm status
The cluster resources should appear in the unmanaged state.
Upgrade the passive cluster node:
Stop the cluster stack:
rcopenais stop
Stopping the cluster stack ensures that the cluster resources remain accessible and avoids fencing of nodes.
Log in as root to the server where you want to upgrade Sentinel.
Extract the install files from the tar file:
tar xfz <install_filename>
Run the following command in the directory where you extracted the install files:
./install-sentinel --cluster-node
After the upgrade is complete, restart the cluster stack:
rcopenais start
Repeat Step 3 for all passive cluster nodes.
Upgrade the active cluster node:
Back up your configuration, then create an ESM export.
For more information about backing up data, see Backing Up and Restoring Data
in the NetIQ 7.1 Administration Guide.
Stop the cluster stack:
rcopenais stop
Stopping the cluster stack ensures that the cluster resources remain accessible and avoids fencing of nodes.
Log in as root to the server where you want to upgrade Sentinel.
Run the following command to extract the install files from the tar file:
tar xfz <install_filename>
Run the following command in the directory where you extracted the install files:
./install-sentinel
After the upgrade is complete, start the cluster stack:
rcopenais start
Disable the maintenance mode on the cluster:
crm configure property maintenance-mode=false
You can run this command from any cluster node.
Verify whether the maintenance mode is inactive:
crm status
The cluster resources should appear in the Started state.
(Optional) Verify whether the Sentinel upgrade is successful:
rcsentinel version
When you upgrade the appliance from Sentinel 7.0.1 or earlier, the upgrade fails in WebYaST because the vendor name for the patch has changed from Novell to NetIQ. You must upgrade the appliance by using the zypper patch command.
To upgrade the appliance by using zypper:
Back up your configuration, then create an ESM export. For more information, see Backing Up and Restoring the Data
in the NetIQ Sentinel 7.1 Administration Guide.
Log in to the appliance console as the root user.
Run the following command:
/usr/bin/zypper patch
Enter 1 to accept the vendor change from Novell to NetIQ.
Enter Y to proceed.
Enter yes to accept the license agreement.
Restart the Sentinel appliance.
If you upgrade Sentinel from 7.0 to 7.1.1 and your Sentinel installation is in a non-default location, run the following commands as the novell user:
ln -s
"$RPM_INSTALLATION_PREFIX/opt/novell/sentinel/3rdparty/activemq/activemq-all-5.4.2.jar"
"$RPM_INSTALLATION_PREFIX/opt/novell/sentinel/lib/activemq-all-5.4.2.jar"
Where $RPM_INSTALLATION_PREFIX is the location of the Sentinel installation.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issue is currently being researched. If you need further assistance with any issue, please contact Technical Support.
For the list of known issues in previous releases, see the Sentinel 7.1 Documentation Web site.
Issue: MongoDB does not start if there are duplicate user names in the database. This issue might occur if you had done a full backup and restore of security intelligence data any time on your Sentinel server, before upgrading to Sentinel 7.1.1. (BUG 856174)
Workaround: There is no workaround at this time. Before you upgrade to Sentinel 7.1.1 and later, verify whether there are duplicate users and then remove any duplicate users. For more information, see Section 3.1, Prerequisite.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information Web site.
For general corporate and product information, see the NetIQ Corporate Web site.
For interactive conversations with your peers and NetIQ experts, become an active member of Qmunity, our community Web site that offers product forums, product notifications, blogs, and product user groups.
NetIQ Sentinel is protected by United States Patent No(s): 05829001.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
© 2013 NetIQ Corporation and its affiliates. All Rights Reserved.
For information about NetIQ trademarks, see http://www.netiq.com/company/legal/.