SORT

Veritas™ Services and Operations Readiness Tools (SORT)

cloudpoint-ubuntu1604_x86_64-2.0.2_HF2
Go to Download Center to download.

 Basic information
Release type: P-patch
Release date: 2018-05-31
OS update support: None
Technote: None
Documentation: None
Popularity: 266 viewed    downloaded
Download size: 30.37 MB
Checksum: 3466459159

 Applies to one or more of the following products:
CloudPoint 2.0.2 On Ubuntu 16.04 x86-64

 Obsolete patches, incompatibilities, superseded patches, or other requirements:
None.

 Fixes the following incidents:
3949481

 Patch ID:
None.

Readme file
                          * * * READ ME * * *
                 * * * Veritas CloudPoint 2.0.2 * * *
           * * * Identity-Management-Service 2.0.2.489 * * *
                         * * * Hot Fix 1 * * *
                         Patch Date: 2018-05-30


This document provides the following information:

   * PATCH NAME
   * OPERATING SYSTEMS SUPPORTED BY THE PATCH
   * BASE PRODUCT VERSION FOR THE PATCH
   * SUMMARY OF INCIDENTS FIXED BY THE PATCH
   * DETAILS OF INCIDENTS FIXED BY THE PATCH
   * INSTALLING THE PATCH
   * KNOWN ISSUES
   * NOTE


PATCH NAME
----------
Veritas CloudPoint Veritas CloudPoint 2.0.2 Identity-Management-Service 2.0.2.489 Hot Fix 1

OPERATING SYSTEMS SUPPORTED BY THE PATCH
----------------------------------------
Ubuntu 16.04 x86-64


BASE PRODUCT VERSION FOR THE PATCH
-----------------------------------
   * Veritas CloudPoint 2.0.2


SUMMARY OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
Patch 2.0.2 - Identity Management Service 2.0.2.489:
* C3PM-5495: (C3PM-5735) Enable LDAP over SSL


DETAILS OF INCIDENTS FIXED BY THE PATCH
--------------------------------------------
This patch fixes the following JIRA incidents:

Patch 2.0.2 - Identity Management Service 2.0.2.489:
* C3PM-5495: (C3PM-5735) Enable LDAP over SSL

Symptom: LDAP over ssl does not work

Description: All ldap queries were only happening over ldap simple authentication with ssl disabled.

Resolution : While configuring AD , There can be passed an ssl flag that says whether ssl is to be used or not. There is also a mechanism to import the   customer AD's certificate to the idm_store that can be used to speak to AD securely over ssl.



INSTALLING THE PATCH
--------------------
I. Before patching:
  1. Copy the 'deb' package identity_manager_service-2.0.2.489.deb to /cloudpoint directory on your CloudPoint host.
    # cp <path to deb pkg>/identity_manager_service-2.0.2.489.deb /cloudpoint
  2. Run this as root to check all containers are up and running healthy:
    # docker ps
  3. Make note of the 'Container ID' or 'Names' of the identity-manager-service container. (Most likely the name should be 'flexsnap-identity-manager-service')

II. Patching:
  1. Run the following command as root (To enter the identity-manager-service container)
    # docker exec -it flexsnap-identity-manager-service bash OR # docker exec -it <container-id/image-name(if other)> bash
  2. Run the following commands inside the identity-manager-service container you just entered:
     
      Run this command to check the current version installed:
    # dpkg --list | grep identity_manager

      Run these commands to install the patch version package in your container:

    # dpkg -i /cloudpoint/identity_manager_service-2.0.2.489.deb
    # sed -i "s/localhost/flexsnap-rabbitmq/g" /opt/VRTScloudpoint/services/identity_manager_service/config/amqpconfig.properties && \
    # sed -i "s/127.0.0.1/flexsnap-mongodb/g"  /opt/VRTScloudpoint/services/identity_manager_service/config/mongo.properties && \
    # sed -i "s/127.0.0.1/0.0.0.0/g"           /opt/VRTScloudpoint/services/identity_manager_service/config/application.properties

      Run this command again to verify the current version of identity-manager-service installed is the patch version 2.0.2.489:
    # dpkg --list | grep identity_manager

      Then exit the container:
    # exit
  3. Run the following command after exiting the container as root on CLoudPoint host:
    # docker restart flexsnap-identity-manager-service OR docker restart <container-id/image-name(if other)>

III. After patching:
  
  1. Wait for 15-20 seconds for the 'flexsnap-identity-manager-service' container to completely restart the service with the new installation.
  
  2. Copy AD Server's public certificate <certificate.cer> to /cloudpoint/keys
    # cp <path_to_certificate.cer> /cloudpoint/keys/


  3. Go into flexsnap_identity_manager container
    # docker exec -it flexsnap-identity-manager-service bash
  
  4. Run command to navigate to /cloudpoint/keys directory
    # cd /cloudpoint/keys
  
  5. Import certificate into idm_store truststore for IDM
    # keytool -importcert -file certificate.cer -keystore idm_store -alias "AD_Server"

  6. Enter truststore password as secret and enter yes to the prompt
  
  7. Make sure the AD Server is configured so as to allow Context creation and querying using email.

  8. Use exit to exit the docker container

  9. Run the following curl command to login
    # curl -v -H "Content-Type: application/json" -H "Accept:application/json" -X POST -d '{"email":"<Cloudpoint-Admin-email>","password" : "<Cloudpoint-admin-password>" }' -k  https://<Cloudpoint-Server-IP>/cloudpoint/api/v2/idm/login

  10. Run the following curl command to create an AD Configuration over SSL.
    # curl -X PUT \
      https://<Cloudpoint-Server-IP>/cloudpoint/api/v2/idm/config/ad \
      -H 'Authorization: Bearer <Authz token>' \
      -H 'Cache-Control: no-cache' \
      -H 'Content-Type: application/json' \
      -d '{
            "ssl": true,
            "ldapUsername":"<AD-Admin-Username>",
            "ldapPassword":"<AD-Admin-Password>",
            "ldapUrl":"<AD-Server-Url>",
            "ldapPort":"<AD-Server-port-serving-ldap>" ,
            "ldapBaseDN":"<Base DN for searching>",
            "ldapEmailDomain":"<Email Domain with which users log in>"
          }'

  

NOTE
----
1. Roll back to the previous version of identity-manager-service if needed.
  a. Run the following command as root (To enter the identity-manager-service container)
    # docker exec -it flexsnap-identity-manager-service bash OR # docker exec -it <container-id/image-name(if other)> bash
  b. Run the following commands inside the identity-manager-service container you just entered
    # dpkg -i /root/identity_manager_service-<version>.deb
    # sed -i "s/localhost/flexsnap-rabbitmq/g" /opt/VRTScloudpoint/services/identity_manager_service/config/amqpconfig.properties
    # sed -i "s/127.0.0.1/flexsnap-mongodb/g"  /opt/VRTScloudpoint/services/identity_manager_service/config/mongo.properties
    # sed -i "s/127.0.0.1/0.0.0.0/g"           /opt/VRTScloudpoint/services/identity_manager_service/config/application.properties

      Run this command to verify the current version of identity-manager-service installed is the original version (what it was before installing the patch in the container in Step II(2) of "Installing the Patch"):
    # dpkg --list | grep identity_manager

      Then exit the container:
    # exit
  c. Run the following command after exiting the container as root on CLoudPoint host:
    # docker restart flexsnap-identity-manager-service OR docker restart <container-id/image-name(if other)>