8.3 Upgrading the Linux Access Gateway

Upgrade running time: about five minutes.

You can upgrade to 3.0 SP4 without affecting the current configuration by using the lagupgrade.sh upgrade script. This upgrade script downloads the Linux Access Gateway RPM package from the specified server address through either the HTTP or FTP protocol, and then upgrades the Access Gateway modules.

NOTE: You must use either the lagupgrade.sh script or the administration console to upgrade Linux Access Gateway. Using the CD or any other network installation method to upgrade Linux Access Gateway is not supported.

The Linux Access Gateway can be upgraded either in an interactive method, where you are prompted to enter the required parameters; or in a silent method, where all the required parameters are passed in the command line, or by using the administration console.

If you have installed SSL VPN along with the Linux Access Gateway, check for the version of SSL VPN that is currently installed on your machine. If you have the high bandwidth version of SSL VPN installed, log in to the Novell Customer Center to download the high bandwidth version. The low bandwidth version of SSL VPN is packaged with the Linux Access Gateway upgrade file.

NOTE:With the Novell Access Manager 3.0 SP3 and higher, Linux Access Gateway uses the custom error page template to customize the error pages that are published to the browser. With the 3.0 SP3 release, using the error.jsp files to customize error pages is no longer supported. If you have customized the error pages during the previous release by using the error.jsp file, you will lose all your changes. You must now customize your error pages by using the error pages template. For more information on how to customize error pages using the template, see Customizing Error Pages for the Linux Access Gateway in the Novell Access Manager 3.0 SP4 Administration Guide.

This section contains the following information:

8.3.1 Prerequisites

Before you proceed to upgrade the Linux Access Gateway, make sure you do the following:

  • Download the upgrade file from Novell and extract it.

    For the actual filename, see the Readme.

  • Copy the Linux Access Gateway upgrade file to an HTTP or an FTP server accessible by the gateway.

  • Rename the .tar.gz file to lagrpms.tar.gz.

    The file posted for download needs a specific name that reflects the version of the upgrade. The upgrade script requires that the file have a generic name: lagrpms.tar.gz.

    NOTE:By default, the Linux Access Gateway RPM package is named lagrpms.tar.gz. The RPMs are packaged with the directory name lagrpms for the lagrpms.tar.gz file. If you have downloaded and repackaged the RPMs with a different package name or directory name, make sure that the directory name matches the package name. For example, if the package name is final.tar.gz, make sure that the directory name is also final.

8.3.2 Upgrading Linux Access Gateway by Using the Interactive Method

You can interactively upgrade Linux Access Gateway by using the lagupgrade.sh script.

  1. Log in as root.

  2. Enter the following command to start the upgrade script:

    /chroot/lag/opt/novell/bin/lagupgrade.sh

  3. Specify the upgrade option to use. Enter 1 to upgrade only Linux Access Gateway, 2 to upgrade only SSLVPN, and 3 to upgrade Linux Access Gateway and SSL VPN installed on the same machine.

    NOTE:If you have installed Linux Access Gateway and the high bandwidth version of SSL VPN, select option 1 to upgrade Linux Access Gateway only, and then follow the procedure in Upgrading the High Bandwidth SSL VPN to upgrade SSL VPN. If you select option 3 to upgrade Linux Access Gateway and SSL VPN installed on the same machine, the upgrade process terminates after the Linux Access Gateway is upgraded. Follow the procedure in Upgrading the High Bandwidth SSL VPN to upgrade SSL VPN.

  4. Specify the protocol to use when downloading the RPM packages. Enter 1 to use HTTP, 2 to use FTP, and q to quit the upgrade process.

  5. (Optional) If you selected FTP, you are prompted to specify following information:

    1. Specify the FTP username.

    2. Specify the FTP password.

  6. Specify the address of the server where the RPM packages are located.

    Use either the IP address or the DNS hostname of the server.

  7. Specify the path and name of the RPM packages. For example:

    /publish/upgrades/accessgateway/SP4/lagrpms.tar.gz

    The RPM package is downloaded to your system and the upgrade begins.

  8. View the /var/log/lagupgrade.log file to verify the results of the upgrade process.

8.3.3 Upgrading Linux Access Gateway By Passing Parameters in the Command Line

The lagupgrade.sh upgrade script allows you to enter the required parameters on the command line.

  1. Log in as root.

  2. /chroot/lag/opt/novell/bin/lagupgrade.sh --url <protocol>://<hostname>/<path>/<packageName> --upgrade-option <option>

    <protocol> refers to the protocol to use when downloading the RPM packages. It can be HTTP or FTP.

    <hostname> refers to the address of the server from where the RPM packages can be downloaded. Enter either the IP address or the DNS hostname of the server at the prompt.

    <path> refers to the path to the RPM packages.

    <packageName> refers to the RPM package name.

    <option> refers to the upgrade option. By default, the script takes the LAG only option and upgrades only the Linux Access Gateway.

    • If you want to upgrade only the Linux Access Gateway, enter the following command:

      /chroot/lag/opt/novell/bin/lagupgrade.sh --url http://10.10.10.1/publish/upgrades/accessgateway/sp4/lagrpms.tar.gz

      NOTE:If you have installed Linux Access Gateway and the high bandwidth version of SSL VPN, select option 1 to upgrade Linux Access Gateway only, and then follow the steps given in Upgrading the High Bandwidth SSL VPN to upgrade SSL VPN. If you select option 3 to upgrade Linux Access Gateway and SSL VPN installed on the same machine, the upgrade process terminates after the Linux Access Gateway is upgraded. Follow the procedure in Upgrading the High Bandwidth SSL VPN to upgrade SSL VPN.

    • If you want to upgrade both the Linux Access Gateway and SSL VPN that is installed in the same machine, enter the following command:

      /chroot/lag/opt/novell/bin/lagupgrade.sh --url http://10.10.10.1/publish/upgrades/accessgateway/sp4/lagrpms.tar.gz --upgrade-option LAG and SSLVPN

    • If you want to upgrade only SSL VPN that is installed along with Linux Access Gateway, enter the following command:

      For example, /chroot/lag/opt/novell/bin/lagupgrade.sh --url http://10.10.10.1/publish/upgrades/accessgateway/sp4/lagrpms.tar.gz --upgrade-option SSLVPN only

  3. The RPM package is downloaded to your system and the upgrade begins.

  4. View the /var/log/lagupgrade.log file to verify the results of the upgrade process.

8.3.4 Upgrading the Linux Access Gateway by Using the Administration Console

You can upgrade the Linux Access Gateway by using the Administration Console.

  1. In the Administration Console, click Access Manager > Access Gateways > <Name of Server> > Upgrade.

  2. In the Upgrade URL field, specify the URL from which to download the upgraded version of the server. The URL must begin with a scheme and end with the filename. For example:

    http://updates.company.com/lag/linux/lagrpms.tar.gz

  3. Select either Upgrade Now and continue with Step 4, or select Schedule Upgrade and skip to Step 7.

  4. Click OK to start the upgrade.

  5. Click Command Status, then select the command to view more information about the upgrade.

    If the Administration Console successfully sent the upgrade command to the Access Gateway, the command displays Succeeded. This does not mean that the upgrade is done, only that the command has been received.

  6. Continue with Step 12.

  7. Click OK.

  8. Fill in the following fields:

    • Name Scheduled Command: Specify a name for the command. This name is used to identify the command on the Command Status page and in log files.

    • Description: Specify additional information about the command, if any. This field is optional.

    • Date & Time: Specify the date and time to execute the upgrade command. You can select the day, month, year, hour, and minute from the respective drop-down lists.

  9. Click OK.

  10. Click Command Status to view more information about the command.

  11. The status of the scheduled command changes from pending to executing when the upgrade begins.

  12. To check the status of upgrade, do one of the following:

    • Click Access Gateways > <Name of Server> > Upgrade > View Upgrade Log to view the upgrade log.

    • Check the health of the Access Gateway. When the upgrade command is successfully sent, the Access Gateway should be in a green state. As the upgrade proceeds, the health should turn red when the Access Gateway is stopped, white when the Access Gateway is disconnected and rebooting, then green.

  13. The following details on the Upgrade page are not updated until the Administration Console performs its regularly scheduled health check:

    • Current Running Version: The version that is currently running on the Access Gateway.

    • Upgrade State: The current state of the upgrade process.

    It can take up to twenty minutes before these fields are refreshed with the current values.

  14. (Conditional) If the Health status does not turn green, click the Health icon.

    If NTP is configured but not synchronized, click Access Gateways > Edit > Date & Time.

    If you are using the default NTP server (pool.ntp.org), either you need to wait a few minutes (or longer) for time to synchronize, or you can configure the Access Gateway to use a different NTP server.

8.3.5 Installing the Latest Linux Patches

Novell Linux Access Gateway installs a customized version of SLES 9 SP 3. If you want to install the latest patches as they become available, you must have a Novell user account for receiving Linux updates.

WARNING:The Linux Access Gateway is an appliance. Installing additional packages other than security updates breaks your support agreement with Novell. If you encounter a problem, Novell Technical Support can require you to remove the additional packages and to reproduce the problem before receiving any help with your problem.

The following sections describe steps to install Linux patches:

NOTE:If you have installed Linux Access Gateway for the first time on your system, log in as root and run lagupgrade.sh before you proceed with the following sections.

Installing the Security Patches

To install the latest available Linux patches:

  1. Log in as root.

  2. Enter the following command to launch YaST:

    you

  3. In the Installation source option, select Novell Accounts Only, then tab to Next and press Enter.

  4. When you are prompted to log in, specify the credentials of your registered Novell user account.

    Enable the Keep Authentication Data check box, then tab to Login and press Enter.

  5. Select Filter > Installable Patches.

  6. Select the security patches of type Security, then press Enter.

    NOTE:

    • Make sure that the selected security patches display the + sign.

    • Make sure you select only the Security patches.

  7. Click OK to proceed with the installation, after you have selected all the security patches.

  8. If a Security update for Linux Kernel warning message is displayed, then select Install Patch to proceed.

  9. If a Security update for subdomain-parser warning message is displayed, then Select Install Patch to proceed.

  10. Click OK to finish the installation process.

  11. Restart the Linux Access Gateway for the Linux kernel update to take effect.

  12. Enter the following to check the logs:

    tailf /var/log/YaST2/y2log

Performing Periodic Installation of Security Patches

After you have installed the security patches as explained in Installing the Security Patches, you can follow the procedure given below to update the security patches periodically:

  1. Log in as root.

  2. Enter the following command to start the YaST online update:

    you

  3. In the Installation source option, select Novell Accounts Only, then tab to Next and press Enter.

  4. Select Filter > Installable Patches.

    If the installed version is current, then no security patches are listed.

  5. Select the security patches of type Security, then press Enter.

    NOTE:

    • Make sure that the selected security patches display the + sign.

    • Make sure you select only the Security patches.

  6. Click OK to proceed with the installation, after you have selected all the security patches.

  7. Click OK to finish the installation process.