|
---|
Release type: | P-patch |
Release date: | 2018-05-31 |
OS update support: | None |
Technote: | None |
Documentation: | None |
Popularity: | 266 viewed downloaded |
Download size: | 30.37 MB |
Checksum: | 3466459159 |
CloudPoint 2.0.2 On Ubuntu 16.04 x86-64
|
None.
|
3949481
|
None.
|
* * * READ ME * * * * * * Veritas CloudPoint 2.0.2 * * * * * * Identity-Management-Service 2.0.2.489 * * * * * * Hot Fix 1 * * * Patch Date: 2018-05-30 This document provides the following information: * PATCH NAME * OPERATING SYSTEMS SUPPORTED BY THE PATCH * BASE PRODUCT VERSION FOR THE PATCH * SUMMARY OF INCIDENTS FIXED BY THE PATCH * DETAILS OF INCIDENTS FIXED BY THE PATCH * INSTALLING THE PATCH * KNOWN ISSUES * NOTE PATCH NAME ---------- Veritas CloudPoint Veritas CloudPoint 2.0.2 Identity-Management-Service 2.0.2.489 Hot Fix 1 OPERATING SYSTEMS SUPPORTED BY THE PATCH ---------------------------------------- Ubuntu 16.04 x86-64 BASE PRODUCT VERSION FOR THE PATCH ----------------------------------- * Veritas CloudPoint 2.0.2 SUMMARY OF INCIDENTS FIXED BY THE PATCH --------------------------------------- Patch 2.0.2 - Identity Management Service 2.0.2.489: * C3PM-5495: (C3PM-5735) Enable LDAP over SSL DETAILS OF INCIDENTS FIXED BY THE PATCH -------------------------------------------- This patch fixes the following JIRA incidents: Patch 2.0.2 - Identity Management Service 2.0.2.489: * C3PM-5495: (C3PM-5735) Enable LDAP over SSL Symptom: LDAP over ssl does not work Description: All ldap queries were only happening over ldap simple authentication with ssl disabled. Resolution : While configuring AD , There can be passed an ssl flag that says whether ssl is to be used or not. There is also a mechanism to import the customer AD's certificate to the idm_store that can be used to speak to AD securely over ssl. INSTALLING THE PATCH -------------------- I. Before patching: 1. Copy the 'deb' package identity_manager_service-2.0.2.489.deb to /cloudpoint directory on your CloudPoint host. # cp <path to deb pkg>/identity_manager_service-2.0.2.489.deb /cloudpoint 2. Run this as root to check all containers are up and running healthy: # docker ps 3. Make note of the 'Container ID' or 'Names' of the identity-manager-service container. (Most likely the name should be 'flexsnap-identity-manager-service') II. Patching: 1. Run the following command as root (To enter the identity-manager-service container) # docker exec -it flexsnap-identity-manager-service bash OR # docker exec -it <container-id/image-name(if other)> bash 2. Run the following commands inside the identity-manager-service container you just entered: Run this command to check the current version installed: # dpkg --list | grep identity_manager Run these commands to install the patch version package in your container: # dpkg -i /cloudpoint/identity_manager_service-2.0.2.489.deb # sed -i "s/localhost/flexsnap-rabbitmq/g" /opt/VRTScloudpoint/services/identity_manager_service/config/amqpconfig.properties && \ # sed -i "s/127.0.0.1/flexsnap-mongodb/g" /opt/VRTScloudpoint/services/identity_manager_service/config/mongo.properties && \ # sed -i "s/127.0.0.1/0.0.0.0/g" /opt/VRTScloudpoint/services/identity_manager_service/config/application.properties Run this command again to verify the current version of identity-manager-service installed is the patch version 2.0.2.489: # dpkg --list | grep identity_manager Then exit the container: # exit 3. Run the following command after exiting the container as root on CLoudPoint host: # docker restart flexsnap-identity-manager-service OR docker restart <container-id/image-name(if other)> III. After patching: 1. Wait for 15-20 seconds for the 'flexsnap-identity-manager-service' container to completely restart the service with the new installation. 2. Copy AD Server's public certificate <certificate.cer> to /cloudpoint/keys # cp <path_to_certificate.cer> /cloudpoint/keys/ 3. Go into flexsnap_identity_manager container # docker exec -it flexsnap-identity-manager-service bash 4. Run command to navigate to /cloudpoint/keys directory # cd /cloudpoint/keys 5. Import certificate into idm_store truststore for IDM # keytool -importcert -file certificate.cer -keystore idm_store -alias "AD_Server" 6. Enter truststore password as secret and enter yes to the prompt 7. Make sure the AD Server is configured so as to allow Context creation and querying using email. 8. Use exit to exit the docker container 9. Run the following curl command to login # curl -v -H "Content-Type: application/json" -H "Accept:application/json" -X POST -d '{"email":"<Cloudpoint-Admin-email>","password" : "<Cloudpoint-admin-password>" }' -k https://<Cloudpoint-Server-IP>/cloudpoint/api/v2/idm/login 10. Run the following curl command to create an AD Configuration over SSL. # curl -X PUT \ https://<Cloudpoint-Server-IP>/cloudpoint/api/v2/idm/config/ad \ -H 'Authorization: Bearer <Authz token>' \ -H 'Cache-Control: no-cache' \ -H 'Content-Type: application/json' \ -d '{ "ssl": true, "ldapUsername":"<AD-Admin-Username>", "ldapPassword":"<AD-Admin-Password>", "ldapUrl":"<AD-Server-Url>", "ldapPort":"<AD-Server-port-serving-ldap>" , "ldapBaseDN":"<Base DN for searching>", "ldapEmailDomain":"<Email Domain with which users log in>" }' NOTE ---- 1. Roll back to the previous version of identity-manager-service if needed. a. Run the following command as root (To enter the identity-manager-service container) # docker exec -it flexsnap-identity-manager-service bash OR # docker exec -it <container-id/image-name(if other)> bash b. Run the following commands inside the identity-manager-service container you just entered # dpkg -i /root/identity_manager_service-<version>.deb # sed -i "s/localhost/flexsnap-rabbitmq/g" /opt/VRTScloudpoint/services/identity_manager_service/config/amqpconfig.properties # sed -i "s/127.0.0.1/flexsnap-mongodb/g" /opt/VRTScloudpoint/services/identity_manager_service/config/mongo.properties # sed -i "s/127.0.0.1/0.0.0.0/g" /opt/VRTScloudpoint/services/identity_manager_service/config/application.properties Run this command to verify the current version of identity-manager-service installed is the original version (what it was before installing the patch in the container in Step II(2) of "Installing the Patch"): # dpkg --list | grep identity_manager Then exit the container: # exit c. Run the following command after exiting the container as root on CLoudPoint host: # docker restart flexsnap-identity-manager-service OR docker restart <container-id/image-name(if other)> |
Why Register?
Get notifications about ASLs/APMs, HCLs, patches, and high availability agents
As a registered user, you can create notifications to receive updates about NetBackup Future Platform and Feature Plans, NetBackup hot fixes/EEBs in released versions, Array Support Libraries (ASLs)/Array Policy Modules (APMs), hardware compatibility lists (HCLs), patches and high availability agents. In addition, you can create system-specific notifications customized to your environment.
Compare configurations
The Compare Configurations feature lets you compare different system scans by the data collector. When you sign in, you can choose a target system, compare reports run at different times, and easily see how the system's configuration has changed.
Save configurations
After logging in, you can retrieve past reports, share reports with colleagues, review notifications you received, and retain custom settings. Anonymous users cannot access these features.
Bulk uploader
As a registered user,you can upload multiple reports, using the Bulk Uploader.