Comprehensive data protection for all workloads
Post Reply
SAFA_IT
Enthusiast
Posts: 49
Liked: 14 times
Joined: Jun 22, 2020 1:08 pm
Contact:

V11a hardened repository upgrade

Post by SAFA_IT »

Hi,

I upgraded to 11a today and encountered a new issue for me. This was the first upgrade since adding a hardened repository and the upgrade of the transport components failed, which is fine as I am using single use credentials.
I managed to get it sorted out by logging in locally to the repository, temporarily adding the single use credentials back to the sudo group and enabling ssh. This allowed the components to install and I then reversed the changes made to the user and ssh.

The next time I upgrade I plan to do this before the install to make the process smoother.

Perhaps it might be worth highlighting this issue on the install page or release notes, or have I just missed this / got it all wrong?
Gostev
Chief Product Officer
Posts: 32761
Liked: 7971 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: V11a hardened repository upgrade

Post by Gostev »

Hello. From what I remember from when we designed this, the components upgrade wizard should ask interactively for credentials with root privileges, and use them to update components without storing them anywhere. But yes, you do need to enable SSH Server temporarily. Thanks!
SAFA_IT
Enthusiast
Posts: 49
Liked: 14 times
Joined: Jun 22, 2020 1:08 pm
Contact:

Re: V11a hardened repository upgrade

Post by SAFA_IT »

Thanks for the reply - I had tried the root credentials and it allowed me to progress a little, then I got some error messages and the repository remained offline.
I decided to try the sudo method for the single use credentials before contacting support and fortunately it worked, so I didn't have to.
pwalsh
Novice
Posts: 4
Liked: 2 times
Joined: Jun 24, 2015 10:29 am
Full Name: Paul Walsh
Contact:

Re: V11a hardened repository upgrade

Post by pwalsh » 2 people like this post

Gostev wrote: Oct 11, 2021 1:40 pm Hello. From what I remember from when we designed this, the components upgrade wizard should ask interactively for credentials with root privileges, and use them to update components without storing them anywhere. But yes, you do need to enable SSH Server temporarily. Thanks!
you are indeed correct, the wizard will ask if you are ready to enter the correct singleuser credentials, so have ssh enabled, the account added to sudoers and perform the upgrade, once the upgrade is completed, remove the account from sudoers and disable/uninstall ssh.
SAFA_IT
Enthusiast
Posts: 49
Liked: 14 times
Joined: Jun 22, 2020 1:08 pm
Contact:

Re: V11a hardened repository upgrade

Post by SAFA_IT »

Thanks Paul - I remember putting in the single user credentials this morning and it all went wrong from there - I will be better prepared next time!
SAFA_IT
Enthusiast
Posts: 49
Liked: 14 times
Joined: Jun 22, 2020 1:08 pm
Contact:

Re: V11a hardened repository upgrade

Post by SAFA_IT » 1 person likes this post

I think it would be helpful if the KB associated with a patch indicated whether or not the transport components are updated during an upgrade.
Example: KB ID: 4245 (P20220302). This installed without enabling ssh, adding account to sudoers etc.
This is a minor issue, but if I had known that in advance I could have upgraded without going on site.
Post Reply

Who is online

Users browsing this forum: Amazon [Bot] and 42 guests