Versions Compared

Version Old Version 4 New Version Current
Changes made by

Amit Munwes

Amit Munwes

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Make sure to follow Preparing for Upgrade before applying the upgrade.

...

Install Additional Packages

Note

This section should be applied before upgrading from 1.0.21.0 to 1.0.22.0

...

note

.

Version 1.0.22.0 includes new features that are based on additional packages that need to be installed on the operating system before applying the upgrade.

  • For DPOD Appliance Mode users

...

  • :

...

  • Please follow now the instructions documented in the Special Step 1 page.

  • For DPOD Non-Appliance Mode users:

    • Make sure the following packages (RPMs) are installed and up-to-date from the official Red Hat/Rocky Linux repositories:
      bc, chrony, cjose, curl, fontconfig, hiredis, httpd, initscripts, jansson, lz4, mailcap, mod_ssl, nmon, numactl, policycoreutils-python-utils, tuned, unzip, wget, xmlstarlet.

    • Note: The EPEL repository (e.g.: dnf install epel-release) may be required to install the packages hiredis and nmon.

    • The installation is usually performed by executing dnf:

      Code Block
      dnf install bc chrony cjose curl fontconfig hiredis httpd initscripts jansson lz4 mailcap mod_ssl nmon numactl policycoreutils-python-utils tuned unzip wget xmlstarlet

    • If the command fails to find the packages, you may manually download the RPM files and install them.

Obtain the Software Upgrade

  • Download the CEF file and its md5 checksum file from IBM Fix Central (file name is DPOD-fixpack-<version number>.cef).
    Verify the CEF file integrity by calculating its md5 checksum and comparing it to the downloaded md5 checksum file.

  • The upgrade is packaged as a CEF (Compressed Executable Format) file.

  • The CEF file may be executed from any directory that meets the following requirements (e.g.: /installs/update/fix/TODO):

    • The directory is NOT mounted with noexec flag (e.g.: in /etc/fstab).

    • The directory is NOT one of the following: /app, /logs, /data, /tmp.

  • Copy the CEF file into the chosen directory.

...

  • Execute the following commands:
    Note: Starting from DPOD 1.0.22.0, it is possible to use a user with sudo permissions instead of running the upgrade by the root user itself.

    Code Block
    mkdir -p /installs/backups
cd <CEF_DIRECTORY>
chmod 755 <CEF_FILE>
sudo ./<CEF_FILE>

  • By default, the installation will extract temporary files to /app/tmp directory. To change the destination directory, use the option --staging-path <directory>.

  • Do not interrupt the software update process after it has started.
    If SSH connection is lost during upgrade, the upgrade will still continue. Reconnect to the server and check the log files for the process status and outcome.

  • Note: Once the upgrade to 1.0.22.0 is completed, DPOD no longer requires the root user for performing administrative tasks via the server CLI (e.g.: using SSH).
    Most of the administration of DPOD should be performed with the non-administrative user that is also running the DPOD services (usually dpodsvc or storeadm), such as starting/stopping services, configuring LDAP, export/import, etc. These tasks can also be accomplished from the Admin Console.
    However, since DPOD also configures the operating system (the httpd service, OS limits, firewall rules, services in /etc/init.d, etc.), some actions require sudo, such as the installation, upgrading DPOD, backup, restore and generating a mustgather file.

  • Note: Once the upgrade to 1.0.22.0 is completed, CLI commands need to be executed with their full path.
    e.g.: Use /app/scripts/app-utils.sh instead of app-util.sh.

...

Upgrade OS of DPOD Appliance Mode

Note

For This section should be applied by DPOD Appliance Mode users only: after upgrading from 1.0.21.0 to 1.0.22.0.

It is required to migrate the operating system from CentOS to Rocky Linux after applying the upgrade. Please follow now the instructions documented in the Special Step 2 page.

Restore Certificates of Web & Admin Consoles

...

Note

This section should be applied after upgrading from 1.0.21.0 to 1.0.22.0

...

.

Due to a bug in the upgrade process of version 1.0.22.0, the configuration of custom certificates for the Web Console and Admin Console (see Replacing Certificates of Web & Admin Consoles) is lost during the upgrade.

If custom certificates have been configured before the upgrade, please you may re-configure them using the same procedure, or alternatively follow the steps below to restore that configuration:

  • Extract the custom certificates from the backup that was automatically created during the upgrade:

    Code Block
    tar xvf /installs/backups/.../system-backup.tar.gz etc/httpd/conf/certs/custom_cer.pem etc/httpd/conf/certs/custom_key.pem etc/httpd/conf/certs/custom_key_passphrase.sh

  • Copy the files custom_cer.pem, custom_key.pem and custom_key_passphrase.sh (if exists) to /etc/httpd/conf/certs.

  • Execute the following commands:

    Code Block
    sudo touch /tmp/sudo.tmp
SSL_CERT_FILE="/etc/httpd/conf/certs/custom_cer.pem"
[[ -f "${SSL_CERT_FILE}" ]] && sudo /app/utils/yq e -i ".httpd.httpdSslCertFile = \"${SSL_CERT_FILE}\"" /app/config/config.yaml && sudo sed -i "s#^SSLCertificateFile .*#SSLCertificateFile \"${SSL_CERT_FILE}\"#g" /etc/httpd/conf/httpd.conf 
SSL_CERT_KEY_FILE="/etc/httpd/conf/certs/custom_key.pem" 
[[ -f "${SSL_CERT_KEY_FILE}" ]] && sudo /app/utils/yq e -i ".httpd.httpdSslKeyFile = \"${SSL_CERT_KEY_FILE}\"" /app/config/config.yaml && sudo sed -i "s#^SSLCertificateKeyFile .*#SSLCertificateKeyFile \"${SSL_CERT_KEY_FILE}\"#g" /etc/httpd/conf/httpd.conf
SSL_PASSPHRASE_FILE="/etc/httpd/conf/certs/custom_key_passphrase.sh"
[[ -f "${SSL_PASSPHRASE_FILE}" ]] && sudo sed -i "/^SSLCertificateKeyFile /a SSLPassPhraseDialog exec: \"${SSL_PASSPHRASE_FILE}\"" /etc/httpd/conf/httpd.conf
sudo systemctl restart httpd

Fix httpd Error in SELinux-Enabled Systems

Note

This section should be applied after upgrading from 1.0.22.0 to 1.0.22.1.

If SELinux is enabled on the system, the httpd service might fail to start with the following error:

Code Block
# systemctl status httpd

● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2025-03-24 15:23:47 IST; 14s ago
     Docs: man:httpd.service(8)
  Process: 1785 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 1785 (code=exited, status=1/FAILURE)
   Status: "Reading configuration..."
Mar 24 15:23:47 RHEL8 systemd[1]: Starting The Apache HTTP Server...
Mar 24 15:23:47 RHEL8 httpd[1785]: (13)Permission denied: AH00091: httpd: could not open error log file /logs/httpd/error_log.
Mar 24 15:23:47 RHEL8 httpd[1785]: AH00015: Unable to open logs
Mar 24 15:23:47 RHEL8 systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Mar 24 15:23:47 RHEL8 systemd[1]: httpd.service: Failed with result 'exit-code'.
Mar 24 15:23:47 RHEL8 systemd[1]: Failed to start The Apache HTTP Server.

To fix it, execute the following commands:

Code Block
getenforce | grep Enforcing >/dev/null && sudo semanage fcontext -a -t httpd_log_t '/logs/httpd(/.*)?' && sudo restorecon -vvRF /logs/httpd
sudo systemctl restart httpd