UPGRADE to version 1.3.9 REMARKS ======= . The LES version 1.3.3 or newer requires two Megabytes of memory per port (LES2800A-16 32M, LES2800A-32 64M). Use the command "free" to see if your LES has the memory size required by this version. If your LES has less than 2 Megabytes of memory per port, you can upgrade your LES with the last version 1.1.x available only. . In this document we assume that the LES is already running the new Linux Kernel Image (1.3.3) and that it will be the version used from now on. . For more information about new features, please read the up-to-date Release Notes and the BlackBox-LES documentation. . For those who are new to Linux/Unix, we recommend reading appendix A in the BlackBox LES Manual. UPGRADING OVERVIEW ================== The LES packages may be updated from one version to another. So, if the user has a LES running an earlier version, special care should be taken regarding configuration. The user can choose to start the configuration from scratch by simply doing: echo 0 > /proc/flash/script reboot or, the user must perform all steps from all "Upgrading from actions" with version numbers equal to or greater than the original version of his LES. To run a new configuration and save it into flash the user must execute the following commands: signal_ras hup saveconf The command "saveconf" is equivalent to the Linux command: "tar -czf /proc/flash/script -T /etc/config_files" so, double check that all files which have been changed have their names in the file /etc/config_files. If any of the files /etc/inittab, /etc/rc.sysinit, or any user's shell script executed by /etc/rc.sysinit were changed, the LES must be rebooted for them to take effect. Upgrading from 1.3.8 Actions ============================ - The file /etc/rc.sysinit was changed. It was removed the activation of inetd. If there is one saved in flash it must be replaced/merged with /etc/rc.sysinit.save. - The file /etc/inittab was changed. The activation of the services snmpd, sshd, ntpclient, pmd, and syslog-ng were removed. Their activation are done by the shell script daemon.sh. If there is one saved in flash it must be replaced/merged with /etc/inittab.save. - The file ntpclient.sh was removed. The ntpclient now is started by the shell script "daemon.sh", if it's enabled in the file /etc/ntpclient.conf - The file /etc/ntpclient.conf was changed. If there is one saved in flash it must be replaced/merged with /etc/ntpclient.save - The f_kernel and f_alerts in /etc/syslog-ng/syslog-ng.conf were changed. Please verify the change in /etc/syslog-ng/syslog-ng.save file. Upgrading from 1.3.6 Actions ============================ - In LES2800A-1, LES110, and SM100 the file /etc/inittab was changed. If there is one saved in flash it must be replaced/merged with /etc/inittab.save. - The file /etc/inetd.conf was changed. If there is one saved in flash it must be replaced/merged with /etc/inetd.conf.save. - The shell script /etc/rc.sysinit was changed. If there is one saved in flash it must be replaced/merged with /etc/rc.sysinit.save. - The example about snmptrap in /etc/syslog-ng/syslog-ng.conf was changed. Please verify the change in /etc/syslog-ng/syslog-ng.save file. - The file /etc/network/firewall has changed. If there is one saved in flash it must be replaced/merged with /etc/network/firewall.saves and the command "fwset restore" executed. - The file /etc/portslave/pslave.conf has new parameters. If there is one saved in flash it must be replaced/merged with /etc/portslave/pslave.save. - The file /etc/pam.conf has changed (ldapdownlocal/sshd). If there is one saved in flash it must be replaced/merged with /etc/pam.conf.save. - The shell script /bin/handle_dhcp was changed. If there is one saved in flash it must be removed from flash. - The shell script /etc/network/dhcpcd_cmd was changed. If there is one saved in flash, it must be merged with /etc/network/dhcpcd_cmd.save. - The shell script /etc/network/st_routes was changed. The parameter "metric 3" was inserted in the route add of the default route. - The file /etc/pm.BlackBox was changed to be compatible with the AlterPath-PM version 1.0.8. If an older version of the AlterPath-PM is used, the user should save the /etc/pm.BlackBox from the 1.3.6 version before the upgrade: >echo /etc/pm.BlackBox>>/etc/config_files >saveconf Upgrading from 1.3.5 Actions ============================ - The meaning of the parameter DTR_reset in pslave.conf file was changed. Please, read the documentation to set it to the proper value. - The sshd program needs a new configuration file to fix a problem with sftp. If the file /etc/ssh/sshd_config was not changed just replace it with the file /etc/ssh/sshd_config.save. Otherwise the user should merge these files. Upgrading from 1.3.4 Actions ============================ - The web user management has changed, and, because of that, the file /etc/websum.conf has changed. In order for make the web server work, the user must do the following steps: From the prompt, type #cp /etc/websum.conf.save /etc/websum.conf #saveconf #reboot After the reboot, open a browser and point to the LES IP address. Log in as root (password = tslinux). Go to the link Web User Management->Users, change the root password and create the users, classifying according to the privilege allowed to them (root, admin, monitor or user). Go to the link Web User Management->Load/Save Web Configuration and click the "Save Configuration" button. Go to the link Administration->Load/Save Configuration and click the "Save to Flash" button. - The syslog-ng.conf file (syslog-ng configuration) was changed. This configuration allows syslog-ng to receive syslog messages from the Kernel. The user must copy /etc/syslog-ng/syslog-ng.save over /etc/syslog-ng/syslog-ng.conf and make his own changes again, if any. - The configuration of the snmpd (/etc/snmp/snmpd.conf file) was changed. The upgrade has to be done in two steps: . First step. .. Save the file /etc/snmp/snmpd.conf, if it was changed. .. Edit the file /etc/config_files and remove the line related to snmp. .. Execute the command "saveconf" and reboot the LES. . Second step. .. if the file /etc/snmp/snmpd.conf was changed the user should make his own changes again. .. Edit the file /etc/config_files and insert the line "/etc/snmp/snmpd.conf" .. Execute the command "saveconf". Upgrading from 1.3.3 Actions ============================ - The new way to activate "ntpclient" requires a new "inittab" file. If /etc/config_files does not contain an entry for /etc/inittab, the user can skip this step, otherwise, he can use /etc/inittab.save to merge the new changes with the current /etc/inittab. - Merge or copy /etc/config_files.save over /etc/config_files. - The new feature, ldap, has been added as another authentication method. Users should merge or copy /etc/pam.conf.save over /etc/pam.conf. - /etc/portslave/pslave.conf has two new parameters. They are: all.DB_mode and all.DTR_reset. For more infomation, please refer to the manual. Merge or copy /etc/portslave/pslave.save over /etc/portslave/pslave.conf. - In clustering with sniff session, the parameter, all.admin_users, needs to be configured. - /etc/network/dhcpcd_cmd has been changed. User must merge or copy /etc/network/dhcpcd_cmd.save over /etc/network/dhcpcd_cmd in order for dhcp to work properly. Upgrading from 1.3.2 Actions ============================ - The new feature "Alarm" needs the new "inittab" file. If /etc/config_files does not contain an entry for /etc/inittab, the user can skip this step, otherwise, he must copy /etc/inittab.save over /etc/inittab, and make his own changes again, if any, unless this was already done in the previous (1.3.1) actions. - The parameters "conf.syslog","all.syslog_level" and "all.console_level" were removed from PortSlave configuration. The user needs to delete the lines in the pslave.conf file. - The syslog-ng.conf (in the /etc/syslog-ng directory) has the syslog configuration. If the user has a remote syslog server (old conf.syslog parameter), he needs to edit the syslog-ng.conf. - All users who will use the command "su" must belong to the group "wheel". This group must be created in the file /etc/group. Ex. wheel::zzz:steve PAM will grant "su" access to user "steve" only. - The new ssh, version 3.4p1, requires a local user "sshd" in order to perform the authentication. Add the following line in the file /etc/passwd: sshd:*:xxx:yyy:sshd privsep:/var/empty:/bin/false And the next one in the file /etc/group sshd::yyy: Where xxx and yyy are any number greater than 500, and not used yet by any user or group. Upgrading from 1.3.1 Actions ============================ - The Openssh needs a new set of configuration files. The upgrade has to be done in two steps: . First step. .. Save the files /etc/ssh/sshd_config and /etc/ssh/ssh_config, if they were changed. .. Edit the file /etc/config_files and remove all lines related to ssh. .. Execute the command "saveconf" and reboot the LES. . Second step. .. if any of the files /etc/ssh/sshd_config or /etc/ssh/ssh_config were changed the user should make his own changes again. - The new feature "Alarm" needs the new "inittab" file. If /etc/config_files does not contain an entry for /etc/inittab, the user can skip this step, otherwise, he must copy /etc/inittab.save over /etc/inittab, and make his own changes again, if any. - If the user does not have a file /etc/rc.sysinit saved in flash and he did not make any changes to it he must skip this step. Otherwise, he must copy /etc/rc.sysinit.save over /etc/rc.sysinit and make his own changes again, if any. - The user must copy /etc/config_files.save over /etc/config_files and make his own changes again, if any. Upgrading from 1.3.0 Actions ============================ - None Upgrading from 1.2.0 Actions ============================ - The file /etc/portslave/pslave.conf has a new parameter conf.DB_facility which will define the syslog facility used by the data buffering process. If the user has the syslog data buffering active, it is necessary to configure this parameter. NOTE: BlackBox strongly recommends that the user has read the latest user's manual available in BlackBox' ftp site before using this new firmware.