Difference between revisions of "Patch Swivel Install"
(No difference)
|
Revision as of 10:26, 14 April 2015
Contents
Overview
How to update Swivel software on the appliance using a patch file issued by Swivel Secure. The Swivel software is released on a regular basis and updates may be applied by the customer or reseller. Upgrades are cumulative, and not mandatory. The Combined patch includes upgrades for User Portal, and have options to remove ChangePIN and ResetPIN and configure the User Portal.
Prerequisites
Appliance Patch Version 2.0.16.
An SFTP client, Swivel suggest using WinSCP
Swivel appliance running smenu (CMI).
The appliance must be upgraded to the most appropriate release prior to upgrading the Swivel Solution see Appliance Patch Install
Only one patch may be applied at a time.
Patch file (see below)
Backup custom changes. Custom changes such as Single Channel images may be overwritten on an upgrade and should be backed up and restored after the upgrade
Check which database is being used, if it is not 'Internal' or 'MySQL', see External DB used
Backup Swivel and the appliance, using the Backup option with the CMI.
Applying upgrade patches
1. Copy the the patch file (patch.pxxx.tar.gz) to the appliance using SFTP.
- (Change the uppercase 'P' at the beginning of the filename to be lowercase or else this file will not be detected in step 4)
2. Upload to the "/backups/upload" directory.
3. Login as "admin" on the console.
4. Select "Update Appliance/Swivel" from the "Advanced" menu.
- (This option only appears when the upgrade file has been uploaded and the file is all in lower case)
5. Select "Import patch file {filename}".
6. Select "Display Patch Information" and read the release notes.
7. Select "Install new patch file". The combined patch install file will ask for additional options relating to the User Portal and removing old ResetPIN and ChangePIN, see below for more information.
8. Confirm the patch upgrade successfully completed.
9. Select "Remove patch temporary files".
10. Restart Tomcat from the "Tomcat" menu.
Upgrading to Swivel version 3.10.x
Prior to upgrading the Swivel software to version 3.10.x the Swivel appliance must, at a minimum, be at version 2.0.16. See Version Information. To upgrade the appliance see Patch Appliance Install.
The Swivel patch upgrade file, will not install on an appliance running anything older than 2.0.16.
IMPORTANT:
- If a database other than 'Internal' or 'MySQL' is used, see External DB used
- If you are using Session Sharing see Swivel will not start
Combined Patch Installation
The combined patch will in addition to updating the Swivel core, remove old instances of the User Portal, Proxy Server and install new versions.
The additional options for the combined patch are as follows:
Please enter the server details for displaying TURing images in the User Portal:
Use https (Y/N)? : Select Y for https or N for a http connection. For appliances this is usually https with a valid certificate.
Please enter the server name or IP address : Enter the DNS entry or IP address for the User Portal e.g. turing.swivelseure.com (For external access this must be a publicly accessible address). For appliances this is usually the external DNS with a valid certificate.
Please enter the server port (e.g. 8080 or 8443): The port used for the image. Foe appliances this is usually 8443 or 443 may also be used if configured.
Please enter the server context (e.g. pinsafe or proxy): The installation context. For appliances this will be proxy.
Remove resetpin application? (Yes/No): ResetPIN is on the appliance by default. Select Y to remove the ResetPIN application.
Remove the changepin application? (Yes/No): ChangePIN is on the appliance by default. Select Y to remove the ChangePIN application.
Swivel Upgrade Known Issues
If the Swivel Administration console has not started after 5 minutes, restart Tomcat, and wait 5 minutes to test again.
If Session Multicast is being used then the cache.xml will need to be manually copied (see Troubleshooting below).
Troubleshooting
Login as admin, and check the patch has correctly applied.
Ensure the Swivel version number has incremented.
The appliance version requires upgrading before updating PINsafe.
The appliance is required to be at the appropriate level. Check the appliance version and if necessary upgrade, see Patch Appliance Install.
Swivel version listed as "el"
The Swivel 3.10 patch will incorrectly display the Swivel version as "el", although it does not display the correct version, this can be ignored if the Swivel Administration console displays the correct version. Appliance patch 2.0.16 will resolve this issue.
Patch file not located
Ensure that the patch file name starts with a lower case p, and not upper case P.
No upgrade option in the CMI
This options is only available when the patch file is present on the system, see also case above.
Also if the file name has been modified in another way such as replacing . with _ this can stop the menu item appearing
External DB used
- If you are using a database other than 'Internal' or 'MySQL', the Java JDBC database drivers are NOT copied across from the previous Swivel application. The easiest way to ensure that the database drivers are included is to copy them to the Tomcat common library. Make sure you do this BEFORE you apply this patch. If you forget, and Swivel gives an error after upgrading, copy the drivers to the specified location and then restart Tomcat. Ensure that you set the owner and group for the file to swivel if necessary. It is suggested to use an SFTP client to copy the files.
Source: | /usr/local/tomcat/webapps/pinsafe/WEB-INF/lib |
Destination: | /usr/local/tomcat/common/lib |
Swivel will not start
Restart Tomcat. If the Swivel RADIUS erver has not completed shutting down, it may prevent RADIUS from starting.
Check the latest /var/log/tomcat logs for errors, the catalina.out file may show the following message:
RADIUS server failed to start, error: com.theorem.radserver3.RADIUSServerException: RADIUS authentication server receiver thread failed to start: Failed to create RADIUS server socket on port 1812: java.net.BindException: Address already in use.
Check the latest /var/log/tomcat logs for errors, the catalina.out file may show the following message:
Servlet /pinsafe threw load() exception java.io.FileNotFoundException: /home/swivel/.swivel/conf/cache.xml (No such file or directory)
If there is an error regarding cache.xml not found then use an SFTP client to copy the multicast-cache.xml to cache.xml as below:
Source: | /usr/local/tomcat/webapps/pinsafe/WEB-INF/classes/multicast-cache.xml |
Destination: | /usr/local/tomcat/webapps/pinsafe/WEB-INF/classes/cache.xml |
Helpdesk cannot see users
If upgrading from an older Swivel version, then the Helpdesk permissions may need to be set. Login to the Swivel administration console as an admin user, on the bottom of the Repository -> Groups page you will see a button entitled 'Group Rights'. When you click this button it will open the 'Helpdesk Group Management' screen. The table allows allocation of Helpdesk users to manage particular user groups, or, from the drop down there are specific options too e.g. 'Helpdesk users all groups'. See also Helpdesk Configuration Guide