Product Documentation

    Step 2: On the Same Machine after Installing Rocky 9.2

    Now that you have replaced the operating system on the machine, you can begin the process of restoring all of the data.

     

    1. Insert the external storage device that has the backups on it into the machine and copy over the backups to /usr/local/software.
       
      shell> cp -r backups/ /usr/local/software
    2. Set up the network of the machine to match the original network settings from before the OS upgrade.
      1. Open the ifcfg files from the backup and compare them to the nmconnection files in Rocky 9.
      2. The following is an example of opening the ifcfg-eno1 file in the backup as well as its contents. 
        shell> vi ifcfg-eno1

        # Generated by parse-kickstart
        TYPE=Ethernet
        DEVICE=eno1
        UUID=43bd7267-dd20-4843-8520-66f71e53f42c
        ONBOOT=no
        BOOTPROTO=none
        IPV6INIT=no
        PROXY_METHOD=none
        BROWSER_ONLY=no
        DEFROUTE=yes
        IPV4_FAILURE_FATAL=no
        NAME="System eno1"
        IPV6_DEFROUTE=yes
        IPV6_FAILURE_FATAL=no
        IPADDR=10.0.1.50
        PREFIX=24
        GATEWAY=10.0.1.1
        DNS1=10.0.1.1
      3. The following is an example of opening the eno1.nmconnection file in Rocky Linux 9 as well as its contents. 
        shell> vi /etc/NetworkManager/system-connections

        [connection]
        id=eno1
        uuid=46af48df-a0f6-4327-ae3b-8c530ad94e23
        type=ethernet
        interface-name=eno1
        timestamp=1692292957

        [ethernet]

        [ipv4]
        address1=10.0.2.241/24,10.0.2.1
        dns=10.0.2.1;
        method=manual

        [ipv6]
        addr-gen-mode=eui64
        method=auto

        [proxy]

       

    3. Install the same version of SAKA that was on the machine before the upgrade. First start by unzipping the saka.zip file into /usr/local/software. 
      shell> unzip backups/saka.zip -d /usr/local/software
    4. Now use a text editor such as gedit or vi to edit the following section of the install-saka.sh script to customize IP address, passwords, database size, etc. 
      shell> vi saka/install-saka.sh
      1. The first section of the install script will look like this 
        ##########################################
        # Company name for self signed certificate
        COMPANY="StrongAuth Inc"

        # Server Passwords
        GLASSFISH_PASSWORD=adminadmin
        LINUX_PASSWORD=ShaZam123
        MARIA_ROOT_PASSWORD=BigKahuna
        MARIA_SKLES_PASSWORD=AbracaDabra

        # Batch Request user
        BR1_LINUX_USERNAME=domain1
        BR1_LINUX_PASSWORD=Prest099
        BR1_LINUX_LOCK='Y'                      # Lock Batch request user?

        # Servers in cluster. For larger clusters, add more lines like 'SERVER#=<FQDN>' where # = SID
        SERVER1='saka01.strongkey.com'
        #SERVER2='saka02.strongkey.com'
        #SERVER3='saka03.strongkey.com'
        #SERVER4='saka04.strongkey.com'

        TPM_MFR='nuvoton'                       # 'nuvoton' for Dell R6414,
                                                # 'nuvoton gen2' for Dell R7525
                                                # 'infineon' or 'infineon gen2'                                     for legacy HP EliteDesk mini,
                                                # 'infineon gen3' for current HP                                 EliteDesk mini

        SAKA_PROFILE=SAKA

        FIPS_MODE=N

        ##### CCS Domains #####
        CCS_DOMAINS=0

        ##### Replication Module #####
        HELPER_THREADS=10

        ##########################################
      2. Replace the COMPANY variable with the name of the company.
      3. The GLASSFISH_PASSWORD parameter is the password for the admin user for the Payara application server. Assign the server’s GLASSFISH_PASSWORD to this variable.
      4. The LINUX_PASSWORD parameter is the password for the strongauth user in the Linux operating system environment. Assign the server’s LINUX_PASSWORD to this variable.
      5. The MARIA_ROOT_PASSWORD parameter is the password for the root user of the MariaDB database. Assign the server’s MARIA_ROOT_PASSWORD To this variable.
      6. The MARIA_SKLES_PASSWORD parameter is the password for the skles user of the MariaDB database. Assign the server’s MARIA_SKLES_PASSWORD to this variable.
      7. The BR1_LINUX_USERNAME parameter is the name of the batch request user in the Linux operating system environment. Assign the server’s BR1_LINUX_USERNAME to this variable.
      8. The BR1_LINUX_PASSWORD parameter is the password for the domain1 user in the Linux operating system environment. Assign the server’s BR1_LINUX_PASSWORD To this variable.
      9. The BR1_LINUX_LOCK parameter is to determine whether the batch request user account will be locked. Assign the server’s BR1_LINUX_LOCK to this variable.
      10. The SERVER# variables define the servers in the SAKA cluster. Assign the FQDN of each appliance to these variables.
      11. If the server is using Trusted Platform Module (TPM), then set the TPM_MFR value to the correct value for the server.
      12. Modify the CCS_DOMAINS variable to be a comma separated list of the server’s CCS domains.
    5. In another section of the install script, you will see the following set of flags. 
      # Flags to indicate if a module should be installed
      INSTALL_BC=Y
      INSTALL_CRYPTOKI=N
      INSTALL_CRYPTOSERVER=N
      INSTALL_GLASSFISH=Y
      INSTALL_FSO=N
      INSTALL_TPM2=Y
      INSTALL_MARIA=Y
      INSTALL_OPENLDAP=Y
      INSTALL_TOPAZ=Y
      1. If the server is using a Hardware Security Module (HSM), then set INSTALL_TPM2=N and INSTALL_CRYPTOKI=Y.
    6. Run the install-saka.sh script 
      shell> ./saka/install-saka.sh
    7. Move the strongauth folder that has been created after installation of SAKA. 
      shell> mv /usr/local/strongauth /usr/local/strongauth-newinstall
    8. Move the strongauth zip file from the backup to /usr/local and unzip it. 
      shell> mv /usr/local/backups/strongauth.zip /usr/local
      shell> unzip strongauth.zip
    9. Update the new server with any changes that might have been made on the old server to /etc/hosts. 
      shell> cat /usr/local/backups/hosts
      shell> vi /etc/hosts
    10. Update the new server with any changes that might have been made on the old server to the firewall settings. 
      shell> cat /usr/local/backups/public.xml
      shell> vi /etc/firewalld/zones/public.xml
    11. Update the new server with any changes that might have been made on the old server to the rc files. 
      shell> cat /usr/local/backups/bashrc
      shell> vi /etc/bashrc
    12. Update the new server with any changes that might have been made on the old server to the ssh config files. 
      shell> cat /usr/local/backups/ssh_config
      shell> vi /etc/ssh/ssh_config
      shell> cat /usr/local/backups/sshd_config
      shell> vi /etc/ssh/sshd_config
    13. Update the new server with any changes that might have been made on the old server to the my.conf file. 
      shell> cat /usr/local/backups/my.cnf
      shell> vi /etc/my.cnf
    14. Restore LDAP configurations using the restore-LDAP.sh script. 
      shell> ./restore-LDAP.sh
    15. Reboot the machine. 
      shell> init 6
    16. Set SAKA pins. 
      shell> KC-SetPINTool.sh
    17. Test SAKA and SKFS transactions to ensure that everything is working and that the database is intact.