Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revisionBoth sides next revision
cloudappliance/smeinplaceupgrade [2018_04_12 11:46] – external edit 127.0.0.1cloudappliance/smeinplaceupgrade [2018_08_23 18:15] steven
Line 13: Line 13:
   * Public internet access for download patches   * Public internet access for download patches
   * A complete backup / snapshot has been done of both the system and the database   * A complete backup / snapshot has been done of both the system and the database
-  * Verify API based storage providers have a valid certificate+  * Verify API based storage providers have a valid certificates (especially when upgrading from 10.x or 1705). See [[cloudproviders:certificates]] for more information.
  
 In addition, you must ensure you have full administrator access to the systems.  The following user accounts and passwords will be required: In addition, you must ensure you have full administrator access to the systems.  The following user accounts and passwords will be required:
Line 27: Line 27:
  
 Start by backing up the appliance. This upgrade will be an upgrade of both software and the database, please do not proceed without a good backup. SME does not support a database rollback, so if something does not go to plan, a system restore will be required. Start by backing up the appliance. This upgrade will be an upgrade of both software and the database, please do not proceed without a good backup. SME does not support a database rollback, so if something does not go to plan, a system restore will be required.
- 
- 
-== Checking storage certificates == 
-Version 1712 of the Enterprise File Fabric increases the security requirements for storage providers that are accessed over HTTPS. As a result, self-signed certificates and certificates with missing intermediate chains are not supported by default.  These certificates can either be corrected by the storage administrator or the Enterprise File Fabric can be set to allow these certificates. 
- 
-== Validating storage certificates == 
-Log into the Enterprise File Fabric as the "smeconfiguser" and run the following command against all storage providers accessed over HTTPS: 
- 
-<code> 
-curl https://fqdn.backendstorage.com 
-</code> 
- 
-If curl returns any error of type (60), the storage provider will no longer work with the defaults in v1712.  
- 
-Examples: 
- 
-//Broken chain// 
-<code> 
-curl https://storageFQDN 
-curl: (60) Peer's Certificate issuer is not recognized. 
-More details here: http://curl.haxx.se/docs/sslcerts.html 
-</code> 
- 
-//Self-Signed Certificate// 
-<code> 
-curl https://storageFQDN 
-curl: (60) Peer's certificate issuer has been marked as not trusted by the user. 
-</code> 
- 
-//Expired Certificate// 
-<code> 
-curl https://storageFQDN 
-curl: (60) Peer's Certificate has expired. 
-</code> 
- 
-Note:  The Enterprise File Fabric will not allow use of storage with an expired certificate 
- 
-=== Disabling certificate validation === 
-Storage Made Easy always recommends the use of valid certificates from signed public authorities.  However, to preserve functionally with storage providers added prior to v1712, the following procedure will disable certificate validation: 
- 
-For each storage type that fails curl validation an entry will need to be made in config.inc.php.  Find below the list of valid storage providers and the accompanying variable to disable provider certificate validation: 
- 
-^ Storage Type       ^ variable  ^ 
-| Amplidata |var $ssl\_certificates\_amplidata = '0'; | 
-| BlueMix Object Storage | var $ssl\_certificates\_bluemix = '0';  
-| Caringo Swarm   | var $ssl\_certificates\_caringoswarm = '0'; | 
-| Ceph       | var $ssl\_certificates\_ceph = '0'; | 
-| Cleversafe      | var $ssl\_certificates\_cleversafe = '0'; |      
-| Cloudian     | var $ssl\_certificates\_cloudian = '0'; 
-| Dell EMC Elastic Cloud Storage | var $ssl\_certificates\_dellemc = '0'; | 
-| EMC Atmos S3 |var $ssl\_certificates\_atmoss3 = '0'; 
-| HostingSolutions.it | var $ssl\_certificates\_hostsolit = '0'; 
-| HPHelion | var $ssl\_certificates\_hphelion = '0'; | 
-| IBM Cloud Object Storage| var $ssl\_certificates\_ibmcloud = '0'; 
-| Igneous | var $ssl\_certificates\_igneous = '0'; 
-| Leonovus | var $ssl\_certificates\_leonovus = '0'; | 
-| Minio Object Storage | var $ssl\_certificates\_minio = '0';|   
-| Mirantis | var $ssl\_certificates\_mirantis = '0'; |   
-| Open S3 - S3 Compatible Cloud | var $ssl\_certificates\_opens3 = '0';| 
-| OpenIO | var $ssl\_certificates\_openio = '0'; | 
-| OpenStack | var $ssl\_certificates\_openstack = '0'; 
-| SoftLayer | var $ssl\_certificates\_softlayer = '0'; 
-| Swift v3 | var $ssl\_certificates\_swift = '0'; 
-| SwiftStack | var $ssl\_certificates\_swiftstack = '0'; | 
- 
-If you wish to disable certificate validation for a storage provider that is not on this list, please contact SME at: support@storagemadeeasy.com 
- 
-Log into the SME appliance as smeconfiguser e.g. 
-<code> 
-ssh smeconfiguser@cloudfiles.company.com 
-</code> 
- 
- 
-Change user to root 
-<code> 
-su - 
-</code> 
- 
-Add the required variables to the file: /var/www/smestorage/public_html/config.inc.php below the line:  var $ssl_version = 'tls'; 
-<code> 
-vi /var/www/smestorage/public_html/config.inc.php 
-</code> 
- 
-For example, if the backend storage providers Minio and Ceph have self-signed certificates the following will be added: 
- 
-    var $ssl_version = 'tls'; 
-    var $ssl_certificates_minio = '0'; 
-    var $ssl_certificates_ceph = '0';  
- 
-Once added, save the config.inc.php file and confirm normal Enterprise File Fabric operation against altered storage providers by logging into web console as an Organization Administrator then upload and download a file. 
  
 === Upgrade === === Upgrade ===
© Copyright 2024 Nasuni.