Upgrading from 1.3-RG8 to 1.4
In order to take advantage of the latest SSL security features, we have had to upgrade the version of Java and the underlying operating system. (Java 7 to 8 and Debian 7 to 8).
This means that you will not directly be able to upgrade a 1.3 system to 1.4 from the web UI or VMCentre as the operating system and associated packages will also need to upgraded.
This article contains instructions on how to perform this upgrade from a command-line shell.
Please ensure your Access Manager instance is backed up or has a VM snapshot before performing the below.
* Your Access Manager system should be on version 1.3-RG8. If it is not, upgrade to this first (which is the final 1.3 release).
* Internet access required to download the new operating system and Access Manager packages.
* Access to VM console shell or direct SSH access.
Connect to the VMCentre shell, or via SSH with the root account. Everything in italics are typed commands:
- Stop the Access Manager service with: /etc/init.d/nervepoint stop
- To stop the service restarting during the OS upgrade, type: touch /tmp/defeat-nervepoint-restart
- Edit the apt sources file with: vi /etc/apt/sources.list
- Change all 'wheezy' to 'jessie' by typing ":1,$s/wheezy/jessie/g" (excluding the quotes) and pressing enter.
- If there are any CD-ROM sources listed, put a # at the start of the line to comment it out, as this would become useless once on the new version (press i to start typing, and ESC once finished).
- Add a new line to the end of the file by pressing G, then o. Add the following line: deb http://http.debian.net/debian jessie-backports main
- Press ESC to get back into command mode. Save the file and exit with :x
- cd /etc/apt/sources.list.d/
- rm nervepoint*
- echo "#deb http://nervepointtesting.s3.amazonaws.com excalibur main" > nervepointtesting.list
- echo "deb http://nervepointupdates.s3.amazonaws.com excalibur main" > nervepointupdates.list
- echo "#deb http://nervepointearlyaccess.s3.amazonaws.com excalibur main" > nervepointearlyacccess.list
- apt-get update (make sure there are no ERRORs, examine any WARNINGs - it might complain about some python stuff which can safely be ignored).
- apt-get dist-upgrade. There could be up to 400-500 upgrade packages, a small amount to remove, none not upgraded. Type Y to start the upgrade.
The dist-upgrade can take some time. During the upgrade you will be asked some or all of the below questions:
a) Console encoding (unlikely you will get prompted for this) but choose the best for your location, probably "western" for Europe/US for example.
b) Postfix configuration (does not always get prompted)- Choose no configuration.
c) Whether or not to allow SSH root logins with just passwords. This choice is up to you as the customer, but to keep it acting as before choose NO to NOT disable password root logins.
d) Whether or not to allow certain services to be restarted with asking. Choose Yes by using Tab or Cursor keys and Enter.
e) "Incompatible PAM profiles selected". Ignore it and press OK.
f) New versions of config files are available, such as grub for example. In general its OK to 'install the package maintainer's version.
Select all devices to install grub to /dev/sda /dev/sda1, /dev/sda2 etc with the space bar.
When the dist-upgrade completes you may see 'Errors were encountered while processing: nervepoint'. Don't worry about that as this will resolve itself on reboot, but don't reboot just yet.
To complete the upgrade:
- We need to install Java 8 and ensure it is installed: apt-get install -t jessie-backports openjdk-8-jdk
- Make sure it's the default with: update-alternatives --config java
- The Currently active JDK should have a * next to it. If its not java-8-openjdk, press the number relating to the Java-8 entry.
- You may get an error about a plugin not existing, ignore this.
- Now reboot the system by typing: reboot. The system will update the Access Manager database from 1.3 to 1.4.
- Wait for at least 5 minutes for the reboot and upgrade to occur, then reconnect to the system again.
- There is one last configuration change that the Access Manager does automatically the first time it starts up the 1.4 service, which needs a final restart. Restart the service one last time with /etc/init.d/nervepoint restart.
You should now have a working 1.4 system.