Thursday, February 18, 2010

IPSO Upgrade Procedure

Upgrading to IPSO 4.2

You might already have a previous IPSO release installed on your Nokia platform and simply want to upgrade to IPSO 4.2. You can upgrade directly to Nokia IPSO 4.2 from the following IPSO versions:
3.7, 3.7.1,3.8, 3.8.1, 3.9, 4.0, 4.0.1, 4.1
Notes from the Underground…
Words of Caution When Upgrading
As with any software, there might be some caveats or warnings you should review before starting the upgrade process. Nokia IPSO is no exception and has some issues you should know about before proceeding with an upgrade.

Upgrading from IPSO 3.7.1 and Earlier
If you upgrade to IPSO 4.2 from IPSO 3.7, IPSO 3.7.1, or earlier and want to use disk mirroring, you must first install the 4.2 boot manager and then install IPSO 4.2 from the new boot manager. If you do not, you might receive messages that show the mirror set is 100 percent complete or that the sync process is complete when in fact the disks are still syncing. You do not need to follow this procedure if you upgrade to IPSO 4.2 from IPSO 3.8, 3.8.1, 3.9, 4.0, 4.0.1, or 4.1.

Upgrading from IPSO 4.1

Avoid using the IPSO boot manager to install IPSO 4.2 on a platform running IPSO 4.1 Build 016 or 019 if you installed the 4.1 build using the boot manager. If you attempt to upgrade in this way, the system might repeatedly panic and reboot. To upgrade these systems to IPSO 4.2, use Network Voyager, the CLI, or the newimage shell command.

Space Requirements
You need at least 140MB of free disk space in your root partition to install an IPSO 4.2 image. To determine the available disk space, log in to the IPSO shell through a terminal or console connection and enter df -k. If the first number in the Avail column (which shows the available space in the root partition) is less than 140000Kbytes, you should make more space available by deleting the temporary files specified in the following command if they are present. (These files might not be present, depending on how the upgrades were done on your system.) Execute the following commands to delete the list of unwanted files:

mount -uw /
rm -f /image/*/bootmgr/*.sav
rm -f /image/*/bootmgr/*.tmp
sync
mount -ur /

If you use the df command after you install IPSO 4.2 as a third image, you might see that the root partition is more than 100-percent full. If no errors were displayed while you installed IPSO 4.2, you can safely ignore this output from df.

Other upgrade-specific issues are covered in greater detail in the Getting Started and Release Notes for IPSO 4.2 document available on the Checkpoint support site:
http://support.checkpoint.com

There are several ways to copy the IPSO installation image used to upgrade your Nokia
IPSO version to your Nokia appliance. You can:

1. Use the Nokia Network Voyager to fetch the IPSO image from a remote FTP server.
2. Use the Nokia Network Voyager to upload the IPSO image from a local workstation using HTTP.
3. Use an FTP client to push the IPSO image to the Nokia appliance (if the FTP server is enabled).
4. Use secure copy (SCP) to push the IPSO image to the Nokia appliance (if the SSH server is enabled).
5. Use secure copy (SCP) to pull the IPSO image to the Nokia appliance from another server.
6. Use a floppy or CD-ROM to copy the image to the Nokia appliance (if the appliance has a floppy or CD-ROM drive).

As you can see, there is no shortage of installation image transfer mechanisms. Upgrading the image using Nokia Network Voyager (options 1 and 2) is covered in detail in Chapter 4. If you decide to transfer the IPSO image manually (options 3, 4, 5, and 6) you can use the newimage command to upgrade from the CLI. The syntax of the newimage command is as
follows:

newimage [[-i | -l localfile] [-b] [-R | -T]] [-r | -t imagename]

newimage Command-Line Switches

Switch Description
-b Force upgrade of bootmanager.
-i Load a new image interactively.
-l localfile Extract the new image from an extant file.
-r imagename Specify imagename to run at the next boot.
-t imagename Specify imagename to run at the next test boot.
-R Use a newly installed image to run at the next boot.
-T Test boot using a newly installed image.
-k Do not deactivate existing packages.
-v Verbose ftp.

Note
On some appliances, installing the image can take some time. The newimage command might display the message “Setting up new image…” for several minutes with no other sign of activity.

The test boot option -t imagename is a method to test the newly installed image when you reboot your Nokia appliance. If it fails to boot, your Nokia appliance reverts to the previous IPSO image the next time it is started.

To add an IPSO image from the local file system, use the following newimage syntax:

NOKIA_IPSO[admin]# newimage -k -l ipso.tgz
You should see a response similar to the following:
ipso.tgz Validating image. . .done.
Version tag stored in image: IPSO-4.2-BUILD029-releng-1515-01.05.2007-222742
Installing new image. . .done [example]

You are then prompted to choose the image to load after the next reboot. At the
prompt, reboot your platform. If for some reason the package is not present, you will see
a message similar to the following when trying to run the newimage command:

NOKIA_IPSO[admin]# newimage -k -l ipso.tgz
tar: can’t open archive /var/emhome/admin/ipso.tgz : No such file or directory
tar: child returned status 3
tar: VERSION not found in archive
No version file in /var/emhome/admin/ipso.tgz. Possibly corrupted. Exiting
Jul 27 12:13:44 NOKIA_IPSO [LOG_ERR] Upgrade: No version file in
/var/emhome/admin/ipso.tgz. Possibly corrupted. Exiting. . .

If the IPSO image is corrupt, you will see an image similar to the following when trying
to run the newimage command:

NOKIA_IPSO[admin]# newimage -k -l ipso.tgz
gzip: stdin: unexpected end of file
tar: child returned status 1
tar: VERSION not found in archive
No version file in /var/emhome/admin/ipso.tgz. Possibly corrupted. Exiting
Jul 27 12:15:52 NOKIA_IPSO [LOG_ERR] Upgrade: No version file in /var/emhome/admin/ipso.
tgz. Possibly corrupted. Exiting. . .

To verify the integrity of an IPSO image archive you can use the openssl command as
follows:

NOKIA_IPSO[admin]# openssl sha1 ipso.tgz
You should see a response that displays the same SHA1 value that matches the SHA1
value shown at the Nokia support site. For example, you should see something like the
following:
SHA1 (ipso.tgz)=390366ED8C53A9F1F516D2DC742331E7FE5A11C0

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.