Hi,
I upgraded to 11a today and encountered a new issue for me. This was the first upgrade since adding a hardened repository and the upgrade of the transport components failed, which is fine as I am using single use credentials.
I managed to get it sorted out by logging in locally to the repository, temporarily adding the single use credentials back to the sudo group and enabling ssh. This allowed the components to install and I then reversed the changes made to the user and ssh.
The next time I upgrade I plan to do this before the install to make the process smoother.
Perhaps it might be worth highlighting this issue on the install page or release notes, or have I just missed this / got it all wrong?
-
SAFA_IT
- Enthusiast
- Posts: 44
- Liked: 12 times
- Joined: Jun 22, 2020 1:08 pm
- Full Name: David Thomson
- Contact:
-
Gostev
- Chief Product Officer
- Posts: 31806
- Liked: 7299 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: V11a hardened repository upgrade
Hello. From what I remember from when we designed this, the components upgrade wizard should ask interactively for credentials with root privileges, and use them to update components without storing them anywhere. But yes, you do need to enable SSH Server temporarily. Thanks!
-
SAFA_IT
- Enthusiast
- Posts: 44
- Liked: 12 times
- Joined: Jun 22, 2020 1:08 pm
- Full Name: David Thomson
- Contact:
Re: V11a hardened repository upgrade
Thanks for the reply - I had tried the root credentials and it allowed me to progress a little, then I got some error messages and the repository remained offline.
I decided to try the sudo method for the single use credentials before contacting support and fortunately it worked, so I didn't have to.
I decided to try the sudo method for the single use credentials before contacting support and fortunately it worked, so I didn't have to.
-
pwalsh
- Novice
- Posts: 4
- Liked: 2 times
- Joined: Jun 24, 2015 10:29 am
- Full Name: Paul Walsh
- Contact:
Re: V11a hardened repository upgrade
you are indeed correct, the wizard will ask if you are ready to enter the correct singleuser credentials, so have ssh enabled, the account added to sudoers and perform the upgrade, once the upgrade is completed, remove the account from sudoers and disable/uninstall ssh.Gostev wrote: ↑Oct 11, 2021 1:40 pm Hello. From what I remember from when we designed this, the components upgrade wizard should ask interactively for credentials with root privileges, and use them to update components without storing them anywhere. But yes, you do need to enable SSH Server temporarily. Thanks!
-
SAFA_IT
- Enthusiast
- Posts: 44
- Liked: 12 times
- Joined: Jun 22, 2020 1:08 pm
- Full Name: David Thomson
- Contact:
Re: V11a hardened repository upgrade
Thanks Paul - I remember putting in the single user credentials this morning and it all went wrong from there - I will be better prepared next time!
-
SAFA_IT
- Enthusiast
- Posts: 44
- Liked: 12 times
- Joined: Jun 22, 2020 1:08 pm
- Full Name: David Thomson
- Contact:
Re: V11a hardened repository upgrade
I think it would be helpful if the KB associated with a patch indicated whether or not the transport components are updated during an upgrade.
Example: KB ID: 4245 (P20220302). This installed without enabling ssh, adding account to sudoers etc.
This is a minor issue, but if I had known that in advance I could have upgraded without going on site.
Example: KB ID: 4245 (P20220302). This installed without enabling ssh, adding account to sudoers etc.
This is a minor issue, but if I had known that in advance I could have upgraded without going on site.
Who is online
Users browsing this forum: Bing [Bot], Google [Bot], mkretzer and 200 guests