Differences
This shows you the differences between two versions of the page.
Next revisionBoth sides next revision | |||
cloudappliance/smeinplaceupgrade [2018_04_12 11:46] – external edit 127.0.0.1 | cloudappliance/smeinplaceupgrade [2018_08_23 18:15] – steven | ||
---|---|---|---|
Line 13: | Line 13: | ||
* Public internet access for download patches | * Public internet access for download patches | ||
* A complete backup / snapshot has been done of both the system and the database | * A complete backup / snapshot has been done of both the system and the database | ||
- | * Verify API based storage providers have a valid certificate | + | * Verify API based storage providers have a valid certificates (especially when upgrading from 10.x or 1705). See [[cloudproviders: |
In addition, you must ensure you have full administrator access to the systems. | In addition, you must ensure you have full administrator access to the systems. | ||
Line 27: | Line 27: | ||
Start by backing up the appliance. This upgrade will be an upgrade of both software and the database, please do not proceed without a good backup. SME does not support a database rollback, so if something does not go to plan, a system restore will be required. | Start by backing up the appliance. This upgrade will be an upgrade of both software and the database, please do not proceed without a good backup. SME does not support a database rollback, so if something does not go to plan, a system restore will be required. | ||
- | |||
- | |||
- | == Checking storage certificates == | ||
- | Version 1712 of the Enterprise File Fabric increases the security requirements for storage providers that are accessed over HTTPS. As a result, self-signed certificates and certificates with missing intermediate chains are not supported by default. | ||
- | |||
- | == Validating storage certificates == | ||
- | Log into the Enterprise File Fabric as the " | ||
- | |||
- | < | ||
- | curl https:// | ||
- | </ | ||
- | |||
- | If curl returns any error of type (60), the storage provider will no longer work with the defaults in v1712. | ||
- | |||
- | Examples: | ||
- | |||
- | //Broken chain// | ||
- | < | ||
- | curl https:// | ||
- | curl: (60) Peer's Certificate issuer is not recognized. | ||
- | More details here: http:// | ||
- | </ | ||
- | |||
- | // | ||
- | < | ||
- | curl https:// | ||
- | curl: (60) Peer's certificate issuer has been marked as not trusted by the user. | ||
- | </ | ||
- | |||
- | //Expired Certificate// | ||
- | < | ||
- | curl https:// | ||
- | curl: (60) Peer's Certificate has expired. | ||
- | </ | ||
- | |||
- | Note: The Enterprise File Fabric will not allow use of storage with an expired certificate | ||
- | |||
- | === Disabling certificate validation === | ||
- | Storage Made Easy always recommends the use of valid certificates from signed public authorities. | ||
- | |||
- | For each storage type that fails curl validation an entry will need to be made in config.inc.php. | ||
- | |||
- | ^ Storage Type ^ variable | ||
- | | Amplidata |var $ssl\_certificates\_amplidata = ' | ||
- | | BlueMix Object Storage | var $ssl\_certificates\_bluemix = ' | ||
- | | Caringo Swarm | var $ssl\_certificates\_caringoswarm = ' | ||
- | | Ceph | var $ssl\_certificates\_ceph = ' | ||
- | | Cleversafe | ||
- | | Cloudian | ||
- | | Dell EMC Elastic Cloud Storage | var $ssl\_certificates\_dellemc = ' | ||
- | | EMC Atmos S3 |var $ssl\_certificates\_atmoss3 = ' | ||
- | | HostingSolutions.it | var $ssl\_certificates\_hostsolit = ' | ||
- | | HPHelion | var $ssl\_certificates\_hphelion = ' | ||
- | | IBM Cloud Object Storage| var $ssl\_certificates\_ibmcloud = ' | ||
- | | Igneous | var $ssl\_certificates\_igneous = ' | ||
- | | Leonovus | var $ssl\_certificates\_leonovus = ' | ||
- | | Minio Object Storage | var $ssl\_certificates\_minio = ' | ||
- | | Mirantis | var $ssl\_certificates\_mirantis = ' | ||
- | | Open S3 - S3 Compatible Cloud | var $ssl\_certificates\_opens3 = ' | ||
- | | OpenIO | var $ssl\_certificates\_openio = ' | ||
- | | OpenStack | var $ssl\_certificates\_openstack = ' | ||
- | | SoftLayer | var $ssl\_certificates\_softlayer = ' | ||
- | | Swift v3 | var $ssl\_certificates\_swift = ' | ||
- | | SwiftStack | var $ssl\_certificates\_swiftstack = ' | ||
- | |||
- | If you wish to disable certificate validation for a storage provider that is not on this list, please contact SME at: support@storagemadeeasy.com | ||
- | |||
- | Log into the SME appliance as smeconfiguser e.g. | ||
- | < | ||
- | ssh smeconfiguser@cloudfiles.company.com | ||
- | </ | ||
- | |||
- | |||
- | Change user to root | ||
- | < | ||
- | su - | ||
- | </ | ||
- | |||
- | Add the required variables to the file: / | ||
- | < | ||
- | vi / | ||
- | </ | ||
- | |||
- | For example, if the backend storage providers Minio and Ceph have self-signed certificates the following will be added: | ||
- | |||
- | var $ssl_version = ' | ||
- | var $ssl_certificates_minio = ' | ||
- | var $ssl_certificates_ceph = ' | ||
- | |||
- | Once added, save the config.inc.php file and confirm normal Enterprise File Fabric operation against altered storage providers by logging into web console as an Organization Administrator then upload and download a file. | ||
=== Upgrade === | === Upgrade === |