**This is an old revision of the document!**
SME Inplace upgrade to 1712
(Last Updated 6th April 2018)
The SME Enterprise File Fabric platform is shipped as a virtual appliance, this makes it easy to deploy. The new generation of Enterprise File Fabric has a more comprehensive way to upgrade. Upgrades from v10.x SME appliance or later are accomplished without the need to redeploy a new virtual machine.
Please note that this procedure is written for systems that following “standard” supported deployment architectures, for advanced deployments please contact support.
Prerequisites
Ensure the following prerequisites are met before beginning an upgrade:
- SME version 10.0.X or 1705.X is installed and functional
- Public internet access for download patches
- A complete backup / snapshot has been done of both the system and the database
- Verify API based storage providers have a valid certificate
In addition, you must ensure you have full administrator access to the systems. The following user accounts and passwords will be required:
- smeconfiguser
- root
- appladmin
- organizational admin(s) of your organization
During the upgrade, ongoing uploads will be cancelled and the site will be unavailable for a short duration, please schedule downtime accordingly.
Prepare for the upgrade
To receive upgrades for File Fabric you will need a valid support contract.
Start by backing up the appliance. This upgrade will be an upgrade of both software and the database, please do not proceed without a good backup. SME does not support a database rollback, so if something does not go to plan, a system restore will be required.
Checking storage certificates
Version 1712 of the Enterprise File Fabric increases the security requirements for storage providers that are accessed over HTTPS. As a result, self-signed certificates and certificates with missing intermediate chains are not supported by default. These certificates can either be corrected by the storage administrator or the Enterprise File Fabric can be set to allow these certificates.
Validating storage certificates
Log into the Enterprise File Fabric as the “smeconfiguser” and run the following command against all storage providers accessed over HTTPS:
curl https://fqdn.backendstorage.com
If curl returns any error of type (60), the storage provider will no longer work with the defaults in v1712.
Examples:
Broken chain
curl https://storageFQDN curl: (60) Peer's Certificate issuer is not recognized. More details here: http://curl.haxx.se/docs/sslcerts.html
Self-Signed Certificate
curl https://storageFQDN curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
Expired Certificate
curl https://storageFQDN curl: (60) Peer's Certificate has expired.
Note: The Enterprise File Fabric will not allow use of storage with an expired certificate
Disabling certificate validation
Storage Made Easy always recommends the use of valid certificates from signed public authorities. However, to preserve functionally with storage providers added prior to v1712, the following procedure will disable certificate validation:
For each storage type that fails curl validation an entry will need to be made in config.inc.php. Find below the list of valid storage providers and the accompanying variable to disable provider certificate validation:
Storage Type | variable |
---|---|
Amplidata | var $ssl_certificates_amplidata = '0'; |
BlueMix Object Storage | var $ssl_certificates_bluemix = '0'; |
Caringo Swarm | var $ssl_certificates_caringoswarm = '0'; |
Ceph | var $ssl_certificates_ceph = '0'; |
Cleversafe | var $ssl_certificates_cleversafe = '0'; |
Cloudian | var $ssl_certificates_cloudian = '0'; |
Dell EMC Elastic Cloud Storage | var $ssl_certificates_dellemc = '0'; |
EMC Atmos S3 | var $ssl_certificates_atmoss3 = '0'; |
HostingSolutions.it | var $ssl_certificates_hostsolit = '0'; |
HPHelion | var $ssl_certificates_hphelion = '0'; |
IBM Cloud Object Storage | var $ssl_certificates_ibmcloud = '0'; |
Igneous | var $ssl_certificates_igneous = '0'; |
Leonovus | var $ssl_certificates_leonovus = '0'; |
Minio Object Storage | var $ssl_certificates_minio = '0'; |
Mirantis | var $ssl_certificates_mirantis = '0'; |
Open S3 - S3 Compatible Cloud | var $ssl_certificates_opens3 = '0'; |
OpenIO | var $ssl_certificates_openio = '0'; |
OpenStack | var $ssl_certificates_openstack = '0'; |
SoftLayer | var $ssl_certificates_softlayer = '0'; |
Swift v3 | var $ssl_certificates_swift = '0'; |
SwiftStack | var $ssl_certificates_swiftstack = '0'; |
If you wish to disable certificate validation for a storage provider that is not on this list, please contact SME at: support@storagemadeeasy.com
Log into the SME appliance as smeconfiguser e.g.
ssh smeconfiguser@cloudfiles.company.com
Change user to root
su -
Add the required variables to the file: /var/www/smestorage/publichtml/config.inc.php below the line: var $sslversion = 'tls';
vi /var/www/smestorage/public_html/config.inc.php
For example, if the backend storage providers Minio and Ceph have self-signed certificates the following will be added:
var $ssl_version = 'tls'; var $ssl_certificates_minio = '0'; var $ssl_certificates_ceph = '0';
Once added, save the config.inc.php file and confirm normal Enterprise File Fabric operation against altered storage providers by logging into web console as an Organization Administrator then upload and download a file.
Upgrade
Log into the SME appliance as smeconfiguser e.g.
ssh smeconfiguser@cloudfiles.company.com
Change user to root
su -
Update the File Fabric repository
yum install https://download.storagemadeeasy.com/sme-repo-release-latest.rpm
Clear the yum cache, and rebuild it.
yum clean all; yum makecache
To verify the repository is installed and enabled, you can execute the following command:
yum repolist enabled
and search for “sme-enterprise” in the results. If you don't see it, abandon the upgrade process and contact Support at Storage Made Easy.
Now update the appliance with the following command
yum install sme-upgradeto1712 sme-release -y
Next install the 1712.02 hotfix
su - smestorage cd patches wget https://s3.amazonaws.com/smevm/1712/patch_public_html_1712.02.tar.gz ./patch -patch patch_public_html_1712.02.tar.gz exit
After the update is complete, please reboot the system.
reboot