23.0 Upgrade Assistant

The following video demonstrates how you can register and upgrade to Upgrade Assistant using both RHEL and SLES.

The Online Update Service enables you to get the latest Access Manager product updates. The Upgrade Assistant feature simplifies the usage of this Update Service.

Using the Upgrade Assistant, you can perform the following actions on the Administration Console:

  • Register to Update Service for all the devices

  • Receive updates when a new release of Access Manager is available

  • View the list of all devices, available updates, their versions, and registration status

  • Invoke the Update Service registration for an individual device

  • Deregister Update Service

The following diagram illustrates how to use this feature:

NOTE:Upgrade Assistant supports the following upgrades:

  • A major release version to a service pack (such as 5.0 to 5.0.1)

  • A service pack to a service pack (such as 5.0.1 to 5.0.2)

  • A service pack to a major release version (such as 5.0.3 to 5.1)

Upgrade Assistant does not support a patch upgrade to a service pack or major release version.

NOTE:For troubleshooting information, see Troubleshooting Upgrade Assistant.

How Upgrade Assistant Works

To use the Upgrade Assistant feature, you must register to one of the following services:

  • Micro Focus Customer Center on SLES

  • Register using Local Repository on RHEL

When you register to any of these services, all the devices get registered to Update Service. The new devices are also auto-registered as part of the import process.

Auto-registration while adding a new device into Administration Console works only when the device and the Administration Console have the same Access Manager versions installed. Auto-registration does not work in a hybrid environment.

If a device is not registered for the update, you can register it on the Device Status page. For more information, see Registering a Single Device to Update Service.

When a new Access Manager Release is available, you can view the release details in Available Updates table.

Click Device Status to view various statuses of each device, such as whether the device is on the latest version or any update is pending.

If updates are pending on a device, you can update the device to the latest available Access Manager release version. Follow steps in Upgrading Access Manager through Upgrade Assistant.

You can deregister the service for all the devices or an individual device by clicking Deregister on the Upgrade Assistant page or on the Device Status page respectively. After deregistering, you can re-register.

Prerequisites

Ensure that you have read and implemented the following prerequisites before performing any operation using the Upgrade Assistant User Interface.

  • The Upgrade Assistant is enabled only on the Access Manager with complete license.

  • Before starting the registration or upgrade process, ensure that the Tomcat service and JCC service are up and running on all the devices.

  • All the devices should be time synchronized for completing the registration or upgrade successfully.

  • Ensure that the Upgrade Assistant agent service is up and running before you start the upgrade process using the systemctl status novell-ua-agent command.

  • A new port 9968 should be opened in firewall and should only be used to communicate internally (within Administration Console). This port must not be accessible from the external network due to security reason.

  • Ensure that no zypper or yum process, zypper or yum cron job is running on the system when the registration or upgrade process is initiated or if the registration or upgrade process is in progress.

  • If you are planning to register to Micro Focus Customer Center, then ensure that you have obtained the activation key for the product from Micro Focus Customer care.

Important Notes

  • The Upgrade Assistant can be used Access Manager 5.0 release onwards only.

  • It is recommended to use Upgrade Assistant from Primary Administration Console only.

  • For SLES setups, it is recommended to open only one Administration Console tab in any browser. Opening the Administration Console in multiple browsers at same time may cause issues in managing am.prod symbolic link. For more details on am.prod symbolic link, refer to Managing am.prod Symbolic Link on SLES.

  • Upgrading Access Manager 5.0.x to Access Manager 5.0 Service Pack 2 must be done from command line only. For more information, see Registration in Access Manager 5.0 Release or in Access Manager 5.0 Service Pack 1 Release.

  • Upgrading Access Manager 4.5.x to Access Manager 5.0.x must be done using tar.gz.

Registering to Micro Focus Customer Center on SLES

Ensure that you have obtained the activation code for Access Manager from Micro Focus Customer Center.

Perform the following steps to register to Micro Focus Customer Center:

  1. On the Administration Console Dashboard, click Upgrade Assistant > Register.

  2. Specify the following details:

    Field

    Description

    Channel Type

    Select the Micro Focus Customer Center.

    Email

    Specify your email address to which the updates will be sent.

    Activation Key

    Specify the activation key that you have obtained for the product from Software Licenses and Downloads.

  3. Click OK.

    NOTE:If you are registering in Access Manager 5.0 or in Access Manager 5.0 Service Pack 1, you need to manage am.prod symbolic link. For more information, see Managing am.prod Symbolic Link on SLES.

Registration Using Local Repository on RHEL

On RHEL system, you need to create a local repository of the Access Manager Product. Perform the following steps to register to the local repository:

  1. On the Administration Console Dashboard, click Upgrade Assistant > Register.

  2. Specify the following details:

    Field

    Description

    Repository Name

    Default Repository Name is AM-5.0-Product.

    Base URL

    Specify Access Manager’s local URL to which you want to register.

    The valid URL format is:

    • https://<Mirror_ID>:<Repository_key>@nu.novell.com/repo/$RCE/AM-5.0-Product/sle-15-x86_64/

    The URL is appended with ‘repodata/repomd.xml’ automatically and it is verified for its validity. An error is displayed on the user interface if the URL is invalid.

    Repositories with below formats are not supported:

    • ftp://path/to/repo

    • file:///path/to/local/repo

    Repository is Enabled

    By default, Access Manager’s repository (AM-5.0-Product) used for getting Online Updates will be enabled post-registration.

    GPG Check

    By default, GPG check for Access Manager’s repository is disabled.

  3. Click OK.

You can use this Upgrade Assistant user interface from Access Manager 5.0 Service Pack 2 release onwards. To register in Access Manager 5.0 release or in Access Manager 5.0 Service Pack 1 release, see Registration in Access Manager 5.0 Release or in Access Manager 5.0 Service Pack 1 Release.

Registration in Access Manager 5.0 Release or in Access Manager 5.0 Service Pack 1 Release

If you are using Access Manager 5.0 or Access Manager 5.0 Service Pack 1 on RHEL server, perform the following steps on each device:

  1. Create file /etc/yum.repos.d/nam.repo and update below information:

    [AM-5.0-Product]
    name=AM-5.0-Product
    baseurl=https://<Mirror_ID>:<Repository_key>@nu.novell.com/repo/$RCE/AM-5.0-Product/sle-15-x86_64/
    enabled=1
    gpgcheck=0
  2. Assign the novlwww:novlwww ownership to the file using command:

    chown novlwww:novlwww /etc/yum.repos.d/nam.repo
  3. Assign the below mentioned permission:

    chmod 644 /etc/yum.repos.d/nam.repo
  4. Verify if the Access Manager repository is added successfully using the command:

    yum repolist

    The AM-5.0-Product will be listed in the repository list.

  5. Verify if AM-5.0-Product is able to fetch the available updates using the command:

    yum list updates | grep AM-5.0-Product

Perform the following procedure if you have registered to Access Manager’s Online Update Service in Access Manager 5.0 release or in Access Manager 5.0 Service Pack 1 release and you have upgraded to Access Manager 5.0 Service Pack 2 release.

  1. Verify /etc/yum.repos.d/nam.repo has nowlwww:novlwww ownership and 644 file permission, using command:

    ll /etc/yum.repos.d/nam.repo

    The sample output will look similar to the following:

    -rw-r-----. 1 novlwww novlwww 143 Mar 11 10:35 /etc/yum.repos.d/nam.repo
  2. If /etc/yum.repos.d/nam.repo file ownership and file permission are not as expected, then execute below commands:

    To assign expected ownership:

    chown novlwww:novlwww /etc/yum.repos.d/nam.repo

    To assign file permission on each device:

    chmod 644 /etc/yum.repos.d/nam.repo
  3. If a repository is created with name such as, xyz.repo instead of nam.repo, then delete the file from all devices.

  4. Log in to the Administration Console and register using Upgrade Assistant user interface by following the procedure mentioned in Registration Using Local Repository on RHEL. Use the same base URL which you used in Access Manager 5.0 release or in Access Manager 5.0 Service Pack 1.

After successful synchronization of registration information into Administration Console, Post Access Manager 5.0 Service Pack 2 release, you can use Upgrade Assistant to receive future Access Manager release updates and to update devices to latest Access Manager release version.

Registering a Single Device to Update Service

You can invoke the registration for an individual device in the following scenarios:

  • If a new secondary Administration Console is added.

  • An issue occurred during the auto-registration of a device.

Perform the following steps to register an individual device:

  1. On the Administration Console Dashboard, click Upgrade Assistant > Device Status.

  2. Click the Register icon associated with the device which you require to register to Update Service.

Upgrading Access Manager through Upgrade Assistant

Whenever a new Access Manager release is available, you can view the new release details, like latest Access Manager release version and its description, on Upgrade Assistant User Interface. You can also view the latest available version for each of the devices on Upgrade Assistant > Device Status page.When the Access Manager release updates are available for any of the devices, the Update icon on Device Status page is enabled for the respective devices. Clicking on the Update icon will start the update process in a new tab called Upgrade Console. Once the update process is complete successfully, the Update Status of the device will display as Up to date in green color on Device Status page.

When a user initiates an upgrade from Upgrade Assistant, by default, a configuration backup is taken during the upgrade process at /root/nambkup/. If you need to restore using the backup file, use password as the password of the backup file.

Upgrading from Access Manager 5.0 or Access Manager 5.0 Service Pack 1

To upgrade from Access Manager 5.0 to Access Manager 5.0 Service Pack 2, follow step 1-5.

To upgrade from Access Manager 5.0 Service Pack 1 to Access Manager 5.0 Service Pack 2, follow step 2-5.

  1. Navigate to the /opt/novell/channel directory. You can install the meta.rpm for the Administration Console, Access Gateway, Analytics Dashboard, and Identity server manually using the following procedure. On the SLES setup, change the symbolic link to am.prod file before proceeding with the following steps. For more information, see Managing am.prod Symbolic Link on SLES.

    • For Administration Console, run the command [SLES] zypper install nam-ac-channel-meta or [RHEL] yum install nam-ac-channel-meta

    • For Identity Server, run the command [SLES] zypper install nam-idp-channel-meta or [RHEL] yum install nam-idp-channel-meta

    • For Access Gateway, run the command [SLES] zypper install nam-ag-channel-meta or [RHEL] yum install nam-ag-channel-meta

    • For Analytics Dashboard, run the command [SLES] zypper nam-dashboard-channel-meta or [RHEL] yum install nam-dashboard-channel-meta. If you are upgrading from Access Manager 5.0 or Access Manager 5.0 SP1 then remove the old meta RPM and install the new meta RPM. Remove the old meta RPM using the command, zypper rm -y nam-dashboard-meta for SLES and yum remove -y nam-dashboard-meta for RHEL.

      NOTE:After performing the step 1, the /opt/novell/channel/upgrade_assistant folder will not be present as this is an expected behavior. The folder will be ready after step 3.

  2. The following upgrade procedure is identical for all the components. After upgrading the Administration Console, repeat the same process for Identity Server, Access Gateway, and Analytics Server. Open a terminal window and log in as the root user.

    Navigate to the /opt/novell/channel directory.

  3. Run the./upgrade_nam.sh command.

  4. Follow the on-screen prompts to complete the upgrade.

Managing am.prod Symbolic Link on SLES

  1. Change the base product symbolic link to am.prod for all the devices using the following command:

    ln -sf /etc/products.d/am.prod /etc/products.d/baseproduct
  2. Register using the Micro Focus Customer Center. For more information, see Registering to Micro Focus Customer Center on SLES.

  3. Verify if any product upgrades are available.

  4. Run the /opt/novell/channel/upgrade_nam.sh script.

  5. After the upgrade is complete for all the devices, change the symbolic link to SLES.prod for all the devices.

  6. For using Upgrade Assistant for Access Manager 5.0 Service Pack 2, deregister and re-register from the user interface using the following command:

    ln -sf /etc/products.d/SLES.prod /etc/products.d/baseproduct
  7. View Device Status to see any updates and continue with upgrade.

    NOTE:If you are facing issues with receiving operating system updates after installing or upgrading to Access Manager 5.0 or Access Manager 5.0 Service Pack 1, see An Issue with SLES Registration and Updates After Installing or Upgrading Access Manager

Known Limitations

  • If the registration is already done successfully but later the Access Manager product repository is deleted from the back- end, the Upgrade Assistant user interface will continue to display status as registered but there might be disruption in receiving updates from Access Manager Online Update Service. To start receiving the updates again, you must deregister and then re-register from the Upgrade Assistant user interface.

  • The Upgrade Assistant is not supported on setup where the Administration Console and the Identity Server are deployed on the same machine.

  • The Upgrade Assistant is not supported on Access Gateway Appliance, Access Manager Appliance, and Access Manager deployed using docker containers. For more information, see Upgrading Access Manager Appliance and Upgrading Access Manager Containers.

  • The Identity Server details are displayed in Upgrade Assistant's device status page even after Identity Server is uninstalled using the uninstall.sh script.

    To overcome this issue, you must delete the Identity Server after the uninstall.sh script is executed successfully. To delete Identity Server, click Devices > Identity Server > Servers > Actions Delete.

    After deleting Identity Server, details from Upgrade Assistant's device status page will be removed.

  • Dashboard registration across operating system platforms is not supported. For example, a dashboard installed on the RHEL cannot be registered to Access Manager Online Update Service if it is imported in a SLES Administration Console.