Difference between revisions of "Seon update"

From Seon
Jump to: navigation, search
(Run update semi-automatically (1))
(Run update semi-automatically (2))
 
(14 intermediate revisions by the same user not shown)
Line 10: Line 10:
 
== Run update automatically ==
 
== Run update automatically ==
 
These update files, if received via '''OFTP''', have always the virtual filename
 
These update files, if received via '''OFTP''', have always the virtual filename
  Seon_UPDATE
+
  SEON-UPDATE
 
When [[Seon Core configuration#Enable automatic update mechanism?|this]] flag is set, your Seon installation tries to check the integrity and signature of this package internally. For this purpose, an event binary (configured [[Seon Core configuration#Enable_automatic_update_mechanism_.26_Seon_automatic_software_update_script|here]]) is started. This event binary (default:
 
When [[Seon Core configuration#Enable automatic update mechanism?|this]] flag is set, your Seon installation tries to check the integrity and signature of this package internally. For this purpose, an event binary (configured [[Seon Core configuration#Enable_automatic_update_mechanism_.26_Seon_automatic_software_update_script|here]]) is started. This event binary (default:
 
  /opt/seon/bin/seonupdate
 
  /opt/seon/bin/seonupdate
Line 19: Line 19:
  
 
Example:
 
Example:
  /opt/seon/bin/seonupdate -f /tmp/Seon_UPDATE
+
  /opt/seon/bin/seonupdate -f /tmp/seon3_full_pe_Linux-x86.sh.signed
  
 
== Run update semi-automatically (2) ==
 
== Run update semi-automatically (2) ==
You may have received a file which is a verified and extracted version of the "<code>Seon_UPDATE</code>" file. They have normally a file extension of "<code>.sh</code>". This file is a complete Seon installation package, which checks if it's running inside Seon. In order to do this manually, use the Seon shell "<code>[[Seon Core binaries#shox|shox]]</code>".  
+
You may have received a file which is a verified and extracted version of the "<code>SEON-UPDATE</code>" file. They have normally a file extension of "<code>.sh</code>". This file is a complete Seon installation package, which checks if it's running inside Seon. In order to do this manually, use the Seon shell "<code>[[Seon Core binaries#shox|shox]]</code>".  
  
 
Example:
 
Example:
 
  /opt/seon/bin/shox -e /tmp/seon_update_linux_x86_he.sh
 
  /opt/seon/bin/shox -e /tmp/seon_update_linux_x86_he.sh
 +
 +
'''Beware: The process started via "shox" is using a user configured in [[Seon_Core_configuration#run_Seon_programs_as_user|"Configuration" -> "Daemon" -> "running Seon programs as user"]].''' This user may not have sufficient permissions to write files in required directories.
  
 
== Run update manually (1) ==
 
== Run update manually (1) ==
Line 45: Line 47:
 
== Run update manually (2) ==
 
== Run update manually (2) ==
 
In some cases, you just receive single files, fixing a specific small problem. In this case, refer to the above method ([[Seon update#Run update manually (1)|Run update manually (1)]])
 
In some cases, you just receive single files, fixing a specific small problem. In this case, refer to the above method ([[Seon update#Run update manually (1)|Run update manually (1)]])
 +
 +
== Troubleshooting automatic updates ==
 +
In case of the following error in the system log (temporary and update package filenames will vary)
 +
<pre>
 +
Seon update: error verifying update file '/tmp/seon2_core_he_20100607_linux.sh.signed':
 +
command:
 +
$OPENSSL_BIN smime -verify -in '/tmp/seon2_core_he_20100607_linux.sh.signed' -out /opt/seon/tmp/seon.vrqilO -inform DER -CAfile $Seon_BIN_DIR/../c-works.softwareupdate.pub.cer 2>&1
 +
 +
Output:
 +
 +
Verification failure
 +
4403:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:343:Verify error:self signed certificate
 +
</pre>
 +
your local software certificate is not the actual one. You will have to download the actual file at [http://www.seon.de/c-works.softwareupdate.pub.cer http://www.seon.de/c-works.softwareupdate.pub.cer] and copy the file to your base installation of your Seon installation (mostly at "<code>/opt/seon</code>"):
 +
/opt/seon/c-works.softwareupdate.pub.cer
 +
Check that the file has read-permissions for everyone (<code>444</code>, "<code>-r--r--r--</code>").
 +
 +
To verify the software certificate validity timeframe, you can use the following command:
 +
seonbox:/opt/seon# openssl x509 -in /opt/seon/c-works.softwareupdate.pub.cer -noout -enddate
 +
notAfter='''Jun 15 18:18:53 2032 GMT'''
 +
This means the software update support certificate is valid until June 15th 2032.
 +
 +
== Post work to be done ==
 +
Starting with Seon release 2014-09-23, a [[Seon_Core_configuration#Seon_automatic_update_post_event|configurable post event]] can be defined which will be run after an updated was executed. You can implement any functionality in this process, i.e. cleanup, system information, backup or other tasks. The parameters of this event are documented [[Seon_Core_event_scripts#Seon_automatic_update_post_event|here]].

Latest revision as of 20:10, 11 October 2015

Requirements

If you have a software support bought with your software distribution, you may receive updates from time to time via several media. These media can be:

  • Download links in the internet
  • Files via OFTP, received via
    • ISDN
    • ENX
    • Internet
    • etc.

Run update automatically

These update files, if received via OFTP, have always the virtual filename

SEON-UPDATE

When this flag is set, your Seon installation tries to check the integrity and signature of this package internally. For this purpose, an event binary (configured here) is started. This event binary (default:

/opt/seon/bin/seonupdate

is started with the parameter "-f". It checks the signature of the file and if valid, it extracts the update procedure program and executes it in an Seon shell. The update process searches for the Seon environment variables and uses them to change and update the installation.

Run update semi-automatically (1)

If you have received such a signed update file manually or you have disabled this feature and downloaded an automatic update file (with the file suffix ".sh.signed"), you are able to re-start the event program manually. For this (in a standard environment), call the update program with appropriate parameters. They are documented here.

Example:

/opt/seon/bin/seonupdate -f /tmp/seon3_full_pe_Linux-x86.sh.signed

Run update semi-automatically (2)

You may have received a file which is a verified and extracted version of the "SEON-UPDATE" file. They have normally a file extension of ".sh". This file is a complete Seon installation package, which checks if it's running inside Seon. In order to do this manually, use the Seon shell "shox".

Example:

/opt/seon/bin/shox -e /tmp/seon_update_linux_x86_he.sh

Beware: The process started via "shox" is using a user configured in "Configuration" -> "Daemon" -> "running Seon programs as user". This user may not have sufficient permissions to write files in required directories.

Run update manually (1)

You receive a gzipped TAR file which contains all files in this structure. You may exchange the binaries, scripts, programs, webinterfaces. You should do this in the following order:

  1. make a backup of everything
  2. run the Seon database schema updater "seon_dbupdate"
  3. copy all binaries to the target directory
    1. if swapping the whole directory, don't forget to copy the license file into the new directory!
  4. check if the configuration file has changed it's schema ("/etc/seon.conf")
  5. copy the webinterface for administration to it's destination
    1. check the file "database.inc.php"
  6. if Seon Enteprise is installed:
    1. copy the Seon web access client to it's target destination
    2. check the file "database.inc.php" in the Seon web access directory
    3. copy all plugins
  7. have a look at the configuration page of Seon (administrative web interface)
  8. restart the wanted daemons ("seonrd", "seonsqd", "seondebugd", "seonclientd")

Run update manually (2)

In some cases, you just receive single files, fixing a specific small problem. In this case, refer to the above method (Run update manually (1))

Troubleshooting automatic updates

In case of the following error in the system log (temporary and update package filenames will vary)

Seon update: error verifying update file '/tmp/seon2_core_he_20100607_linux.sh.signed':
command:
$OPENSSL_BIN smime -verify -in '/tmp/seon2_core_he_20100607_linux.sh.signed' -out /opt/seon/tmp/seon.vrqilO -inform DER -CAfile $Seon_BIN_DIR/../c-works.softwareupdate.pub.cer 2>&1

Output:

Verification failure
4403:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:343:Verify error:self signed certificate

your local software certificate is not the actual one. You will have to download the actual file at http://www.seon.de/c-works.softwareupdate.pub.cer and copy the file to your base installation of your Seon installation (mostly at "/opt/seon"):

/opt/seon/c-works.softwareupdate.pub.cer

Check that the file has read-permissions for everyone (444, "-r--r--r--").

To verify the software certificate validity timeframe, you can use the following command:

seonbox:/opt/seon# openssl x509 -in /opt/seon/c-works.softwareupdate.pub.cer -noout -enddate
notAfter=Jun 15 18:18:53 2032 GMT

This means the software update support certificate is valid until June 15th 2032.

Post work to be done

Starting with Seon release 2014-09-23, a configurable post event can be defined which will be run after an updated was executed. You can implement any functionality in this process, i.e. cleanup, system information, backup or other tasks. The parameters of this event are documented here.