Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
cloudappliance:smeinplaceupgrade [2018_04_12 11:46]
127.0.0.1 external edit
cloudappliance:smeinplaceupgrade [2018_08_23 18:16]
steven
Line 1: Line 1:
- +SME Inplace upgrade to 1712 
-===== SME Inplace upgrade to 1712 ===== +(Last Updated ​23 August ​2018)
-(Last Updated ​6th April 2018)+
  
 The SME Enterprise File Fabric platform is shipped as a virtual appliance, this makes it easy to deploy. The new generation of Enterprise File Fabric has a more comprehensive way to upgrade. ​ Upgrades from v10.x SME appliance or later are accomplished without the need to redeploy a new virtual machine. ​ The SME Enterprise File Fabric platform is shipped as a virtual appliance, this makes it easy to deploy. The new generation of Enterprise File Fabric has a more comprehensive way to upgrade. ​ Upgrades from v10.x SME appliance or later are accomplished without the need to redeploy a new virtual machine. ​
Line 7: Line 6:
 Please note that this procedure is written for systems that following "​standard"​ supported deployment architectures,​ for advanced deployments please contact support. Please note that this procedure is written for systems that following "​standard"​ supported deployment architectures,​ for advanced deployments please contact support.
  
-==== Prerequisites ​====+## Prerequisites
  
 Ensure the following prerequisites are met before beginning an upgrade: Ensure the following prerequisites are met before beginning an upgrade:
Line 13: Line 12:
   * Public internet access for download patches   * Public internet access for download patches
   * A complete backup / snapshot has been done of both the system and the database   * A complete backup / snapshot has been done of both the system and the database
-  * Verify API based storage providers have a valid certificate+  * Verify API based storage providers have a valid certificates (especially when upgrading from 10.x or 1705). See [[cloudproviders:​certificates]] for more information.
  
 In addition, you must ensure you have full administrator access to the systems. ​ The following user accounts and passwords will be required: In addition, you must ensure you have full administrator access to the systems. ​ The following user accounts and passwords will be required:
Line 23: Line 22:
 During the upgrade, ongoing uploads will be cancelled and the site will be unavailable for a short duration, please schedule downtime accordingly. During the upgrade, ongoing uploads will be cancelled and the site will be unavailable for a short duration, please schedule downtime accordingly.
  
-=== Prepare for the upgrade ​===+### Prepare for the upgrade
 To receive upgrades for File Fabric you will need a valid support contract. To receive upgrades for File Fabric you will need a valid support contract.
  
 Start by backing up the appliance. This upgrade will be an upgrade of both software and the database, please do not proceed without a good backup. SME does not support a database rollback, so if something does not go to plan, a system restore will be required. Start by backing up the appliance. This upgrade will be an upgrade of both software and the database, please do not proceed without a good backup. SME does not support a database rollback, so if something does not go to plan, a system restore will be required.
  
- +## Upgrade
-== Checking storage certificates == +
-Version 1712 of the Enterprise File Fabric increases the security requirements for storage providers that are accessed over HTTPS. As a result, self-signed certificates and certificates with missing intermediate chains are not supported by default. ​ These certificates can either be corrected by the storage administrator or the Enterprise File Fabric can be set to allow these certificates. +
- +
-== Validating storage certificates == +
-Log into the Enterprise File Fabric as the "​smeconfiguser"​ and run the following command against all storage providers accessed over HTTPS: +
- +
-<​code>​ +
-curl https://​fqdn.backendstorage.com +
-</​code>​ +
- +
-If curl returns any error of type (60), the storage provider will no longer work with the defaults in v1712.  +
- +
-Examples: +
- +
-//Broken chain// +
-<​code>​ +
-curl https://​storageFQDN +
-curl: (60) Peer's Certificate issuer is not recognized. +
-More details here: http://​curl.haxx.se/​docs/​sslcerts.html +
-</​code>​ +
- +
-//​Self-Signed Certificate//​ +
-<​code>​ +
-curl https://​storageFQDN +
-curl: (60) Peer's certificate issuer has been marked as not trusted by the user. +
-</​code>​ +
- +
-//Expired Certificate//​ +
-<​code>​ +
-curl https://​storageFQDN +
-curl: (60) Peer's Certificate has expired. +
-</​code>​ +
- +
-Note:  The Enterprise File Fabric will not allow use of storage with an expired certificate +
- +
-=== Disabling certificate validation === +
-Storage Made Easy always recommends the use of valid certificates from signed public authorities. ​ However, to preserve functionally with storage providers added prior to v1712, the following procedure will disable certificate validation:​ +
- +
-For each storage type that fails curl validation an entry will need to be made in config.inc.php. ​ Find below the list of valid storage providers and the accompanying variable to disable provider certificate validation:​ +
- +
-^ Storage Type       ^ variable ​ ^ +
-| Amplidata |var $ssl\_certificates\_amplidata = '​0';​ | +
-| BlueMix Object Storage | var $ssl\_certificates\_bluemix = '​0'; ​ |  +
-| Caringo Swarm   | var $ssl\_certificates\_caringoswarm = '​0';​ | +
-| Ceph       | var $ssl\_certificates\_ceph = '​0';​ | +
-| Cleversafe ​     | var $ssl\_certificates\_cleversafe = '​0';​ |      +
-| Cloudian ​    | var $ssl\_certificates\_cloudian = '​0';​ |  +
-| Dell EMC Elastic Cloud Storage | var $ssl\_certificates\_dellemc = '​0';​ | +
-| EMC Atmos S3 |var $ssl\_certificates\_atmoss3 = '​0';​ |  +
-| HostingSolutions.it | var $ssl\_certificates\_hostsolit = '​0';​ |  +
-| HPHelion | var $ssl\_certificates\_hphelion = '​0';​ | +
-| IBM Cloud Object Storage| var $ssl\_certificates\_ibmcloud = '​0';​ |  +
-| Igneous | var $ssl\_certificates\_igneous = '​0';​ |  +
-| Leonovus | var $ssl\_certificates\_leonovus = '​0';​ | +
-| Minio Object Storage | var $ssl\_certificates\_minio = '​0';​| ​  +
-| Mirantis | var $ssl\_certificates\_mirantis = '​0';​ |   +
-| Open S3 - S3 Compatible Cloud | var $ssl\_certificates\_opens3 = '​0';​| +
-| OpenIO | var $ssl\_certificates\_openio = '​0';​ | +
-| OpenStack | var $ssl\_certificates\_openstack = '​0';​ |  +
-| SoftLayer | var $ssl\_certificates\_softlayer = '​0';​|  +
-| Swift v3 | var $ssl\_certificates\_swift = '​0';​ |  +
-| SwiftStack | var $ssl\_certificates\_swiftstack = '​0';​ | +
- +
-If you wish to disable certificate validation for a storage provider that is not on this list, please contact SME at: support@storagemadeeasy.com +
- +
-Log into the SME appliance as smeconfiguser e.g. +
-<​code>​ +
-ssh smeconfiguser@cloudfiles.company.com +
-</​code>​ +
- +
- +
-Change user to root +
-<​code>​ +
-su - +
-</​code>​ +
- +
-Add the required variables to the file: /​var/​www/​smestorage/​public_html/​config.inc.php below the line:  var $ssl_version = '​tls';​ +
-<​code>​ +
-vi /​var/​www/​smestorage/​public_html/​config.inc.php +
-</​code>​ +
- +
-For example, if the backend storage providers Minio and Ceph have self-signed certificates the following will be added: +
- +
-    var $ssl_version = '​tls';​ +
-    var $ssl_certificates_minio = '​0';​ +
-    var $ssl_certificates_ceph = '​0';​  +
- +
-Once added, save the config.inc.php file and confirm normal Enterprise File Fabric operation against altered storage providers by logging into web console as an Organization Administrator then upload and download a file. +
- +
-=== Upgrade ​===+
  
 Log into the SME appliance as smeconfiguser e.g.  Log into the SME appliance as smeconfiguser e.g.