Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
cloudappliance/smeinplaceupgrade [2018_04_12 11:46] – external edit 127.0.0.1 | cloudappliance/smeinplaceupgrade [2018_08_23 18:16] – steven | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | + | # SME Inplace upgrade to 1712 | |
- | ===== SME Inplace upgrade to 1712 ===== | + | (Last Updated |
- | (Last Updated | + | |
The SME Enterprise File Fabric platform is shipped as a virtual appliance, this makes it easy to deploy. The new generation of Enterprise File Fabric has a more comprehensive way to upgrade. | The SME Enterprise File Fabric platform is shipped as a virtual appliance, this makes it easy to deploy. The new generation of Enterprise File Fabric has a more comprehensive way to upgrade. | ||
Line 7: | Line 6: | ||
Please note that this procedure is written for systems that following " | Please note that this procedure is written for systems that following " | ||
- | ==== Prerequisites | + | ## Prerequisites |
Ensure the following prerequisites are met before beginning an upgrade: | Ensure the following prerequisites are met before beginning an upgrade: | ||
Line 13: | Line 12: | ||
* Public internet access for download patches | * Public internet access for download patches | ||
* A complete backup / snapshot has been done of both the system and the database | * A complete backup / snapshot has been done of both the system and the database | ||
- | * Verify API based storage providers have a valid certificate | + | * Verify API based storage providers have a valid certificates (especially when upgrading from 10.x or 1705). See [[cloudproviders: |
In addition, you must ensure you have full administrator access to the systems. | In addition, you must ensure you have full administrator access to the systems. | ||
Line 23: | Line 22: | ||
During the upgrade, ongoing uploads will be cancelled and the site will be unavailable for a short duration, please schedule downtime accordingly. | During the upgrade, ongoing uploads will be cancelled and the site will be unavailable for a short duration, please schedule downtime accordingly. | ||
- | === Prepare for the upgrade | + | ### Prepare for the upgrade |
To receive upgrades for File Fabric you will need a valid support contract. | To receive upgrades for File Fabric you will need a valid support contract. | ||
Start by backing up the appliance. This upgrade will be an upgrade of both software and the database, please do not proceed without a good backup. SME does not support a database rollback, so if something does not go to plan, a system restore will be required. | Start by backing up the appliance. This upgrade will be an upgrade of both software and the database, please do not proceed without a good backup. SME does not support a database rollback, so if something does not go to plan, a system restore will be required. | ||
- | + | ## Upgrade | |
- | == Checking storage certificates == | + | |
- | Version 1712 of the Enterprise File Fabric increases the security requirements for storage providers that are accessed over HTTPS. As a result, self-signed certificates and certificates with missing intermediate chains are not supported by default. | + | |
- | + | ||
- | == Validating storage certificates == | + | |
- | Log into the Enterprise File Fabric as the " | + | |
- | + | ||
- | < | + | |
- | curl https:// | + | |
- | </ | + | |
- | + | ||
- | If curl returns any error of type (60), the storage provider will no longer work with the defaults in v1712. | + | |
- | + | ||
- | Examples: | + | |
- | + | ||
- | //Broken chain// | + | |
- | < | + | |
- | curl https:// | + | |
- | curl: (60) Peer's Certificate issuer is not recognized. | + | |
- | More details here: http:// | + | |
- | </ | + | |
- | + | ||
- | // | + | |
- | < | + | |
- | curl https:// | + | |
- | curl: (60) Peer's certificate issuer has been marked as not trusted by the user. | + | |
- | </ | + | |
- | + | ||
- | //Expired Certificate// | + | |
- | < | + | |
- | curl https:// | + | |
- | curl: (60) Peer's Certificate has expired. | + | |
- | </ | + | |
- | + | ||
- | Note: The Enterprise File Fabric will not allow use of storage with an expired certificate | + | |
- | + | ||
- | === Disabling certificate validation === | + | |
- | Storage Made Easy always recommends the use of valid certificates from signed public authorities. | + | |
- | + | ||
- | For each storage type that fails curl validation an entry will need to be made in config.inc.php. | + | |
- | + | ||
- | ^ Storage Type ^ variable | + | |
- | | Amplidata |var $ssl\_certificates\_amplidata = ' | + | |
- | | BlueMix Object Storage | var $ssl\_certificates\_bluemix = ' | + | |
- | | Caringo Swarm | var $ssl\_certificates\_caringoswarm = ' | + | |
- | | Ceph | var $ssl\_certificates\_ceph = ' | + | |
- | | Cleversafe | + | |
- | | Cloudian | + | |
- | | Dell EMC Elastic Cloud Storage | var $ssl\_certificates\_dellemc = ' | + | |
- | | EMC Atmos S3 |var $ssl\_certificates\_atmoss3 = ' | + | |
- | | HostingSolutions.it | var $ssl\_certificates\_hostsolit = ' | + | |
- | | HPHelion | var $ssl\_certificates\_hphelion = ' | + | |
- | | IBM Cloud Object Storage| var $ssl\_certificates\_ibmcloud = ' | + | |
- | | Igneous | var $ssl\_certificates\_igneous = ' | + | |
- | | Leonovus | var $ssl\_certificates\_leonovus = ' | + | |
- | | Minio Object Storage | var $ssl\_certificates\_minio = ' | + | |
- | | Mirantis | var $ssl\_certificates\_mirantis = ' | + | |
- | | Open S3 - S3 Compatible Cloud | var $ssl\_certificates\_opens3 = ' | + | |
- | | OpenIO | var $ssl\_certificates\_openio = ' | + | |
- | | OpenStack | var $ssl\_certificates\_openstack = ' | + | |
- | | SoftLayer | var $ssl\_certificates\_softlayer = ' | + | |
- | | Swift v3 | var $ssl\_certificates\_swift = ' | + | |
- | | SwiftStack | var $ssl\_certificates\_swiftstack = ' | + | |
- | + | ||
- | If you wish to disable certificate validation for a storage provider that is not on this list, please contact SME at: support@storagemadeeasy.com | + | |
- | + | ||
- | Log into the SME appliance as smeconfiguser e.g. | + | |
- | < | + | |
- | ssh smeconfiguser@cloudfiles.company.com | + | |
- | </ | + | |
- | + | ||
- | + | ||
- | Change user to root | + | |
- | < | + | |
- | su - | + | |
- | </ | + | |
- | + | ||
- | Add the required variables to the file: / | + | |
- | < | + | |
- | vi / | + | |
- | </ | + | |
- | + | ||
- | For example, if the backend storage providers Minio and Ceph have self-signed certificates the following will be added: | + | |
- | + | ||
- | var $ssl_version = ' | + | |
- | var $ssl_certificates_minio = ' | + | |
- | var $ssl_certificates_ceph = ' | + | |
- | + | ||
- | Once added, save the config.inc.php file and confirm normal Enterprise File Fabric operation against altered storage providers by logging into web console as an Organization Administrator then upload and download a file. | + | |
- | + | ||
- | === Upgrade | + | |
Log into the SME appliance as smeconfiguser e.g. | Log into the SME appliance as smeconfiguser e.g. |