- Insert the external storage device that has the backups on it into the machine and copy over the backups to /usr/local/software.
shell> cp -r backups/ /usr/local/software
- Set up the network of the machine to match the original network settings from before the OS upgrade.
- Open the ifcfg files from the backup and compare them to the nmconnection files in Rocky 9.
- The following is an example of opening the ifcfg-eno1 file in the backup as well as its contents.
shell> vi ifcfg-eno1
# Generated by parse-kickstart
TYPE=Ethernet
DEVICE=eno1
UUID=43bd7267-dd20-4843-8520-66f71e53f42c
ONBOOT=no
BOOTPROTO=none
IPV6INIT=no
PROXY_METHOD=none
BROWSER_ONLY=no
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME="System eno1"
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPADDR=10.0.1.50
PREFIX=24
GATEWAY=10.0.1.1
DNS1=10.0.1.1
- The following is an example of opening the eno1.nmconnection file in Rocky Linux 9 as well as its contents.
shell> vi /etc/NetworkManager/system-connections
[connection]
id=eno1
uuid=46af48df-a0f6-4327-ae3b-8c530ad94e23
type=ethernet
interface-name=eno1
timestamp=1692292957
[ethernet]
[ipv4]
address1=10.0.2.241/24,10.0.2.1
dns=10.0.2.1;
method=manual
[ipv6]
addr-gen-mode=eui64
method=auto
[proxy]
- Install the same version of SAKA that was on the machine before the upgrade. First start by unzipping the saka.zip file into /usr/local/software.
shell> unzip backups/saka.zip -d /usr/local/software
- Now use a text editor such as gedit or vi to edit the following section of the install-saka.sh script to customize IP address, passwords, database size, etc.
shell> vi saka/install-saka.sh
- The first section of the install script will look like this
##########################################
# Company name for self signed certificate
COMPANY="StrongAuth Inc"
# Server Passwords
GLASSFISH_PASSWORD=adminadmin
LINUX_PASSWORD=ShaZam123
MARIA_ROOT_PASSWORD=BigKahuna
MARIA_SKLES_PASSWORD=AbracaDabra
# Batch Request user
BR1_LINUX_USERNAME=domain1
BR1_LINUX_PASSWORD=Prest099
BR1_LINUX_LOCK='Y' # Lock Batch request user?
# Servers in cluster. For larger clusters, add more lines like 'SERVER#=<FQDN>' where # = SID
SERVER1='saka01.strongkey.com'
#SERVER2='saka02.strongkey.com'
#SERVER3='saka03.strongkey.com'
#SERVER4='saka04.strongkey.com'
TPM_MFR='nuvoton' # 'nuvoton' for Dell R6414,
# 'nuvoton gen2' for Dell R7525
# 'infineon' or 'infineon gen2' for legacy HP EliteDesk mini,
# 'infineon gen3' for current HP EliteDesk mini
SAKA_PROFILE=SAKA
FIPS_MODE=N
##### CCS Domains #####
CCS_DOMAINS=0
##### Replication Module #####
HELPER_THREADS=10
##########################################
- Replace the COMPANY variable with the name of the company.
- The GLASSFISH_PASSWORD parameter is the password for the admin user for the Payara application server. Assign the server’s GLASSFISH_PASSWORD to this variable.
- The LINUX_PASSWORD parameter is the password for the strongauth user in the Linux operating system environment. Assign the server’s LINUX_PASSWORD to this variable.
- The MARIA_ROOT_PASSWORD parameter is the password for the root user of the MariaDB database. Assign the server’s MARIA_ROOT_PASSWORD To this variable.
- The MARIA_SKLES_PASSWORD parameter is the password for the skles user of the MariaDB database. Assign the server’s MARIA_SKLES_PASSWORD to this variable.
- The BR1_LINUX_USERNAME parameter is the name of the batch request user in the Linux operating system environment. Assign the server’s BR1_LINUX_USERNAME to this variable.
- The BR1_LINUX_PASSWORD parameter is the password for the domain1 user in the Linux operating system environment. Assign the server’s BR1_LINUX_PASSWORD To this variable.
- The BR1_LINUX_LOCK parameter is to determine whether the batch request user account will be locked. Assign the server’s BR1_LINUX_LOCK to this variable.
- The SERVER# variables define the servers in the SAKA cluster. Assign the FQDN of each appliance to these variables.
- If the server is using Trusted Platform Module (TPM), then set the TPM_MFR value to the correct value for the server.
- Modify the CCS_DOMAINS variable to be a comma separated list of the server’s CCS domains.
- In another section of the install script, you will see the following set of flags.
# Flags to indicate if a module should be installed
INSTALL_BC=Y
INSTALL_CRYPTOKI=N
INSTALL_CRYPTOSERVER=N
INSTALL_GLASSFISH=Y
INSTALL_FSO=N
INSTALL_TPM2=Y
INSTALL_MARIA=Y
INSTALL_OPENLDAP=Y
INSTALL_TOPAZ=Y
- If the server is using a Hardware Security Module (HSM), then set INSTALL_TPM2=N and INSTALL_CRYPTOKI=Y.
- Run the install-saka.sh script
shell> ./saka/install-saka.sh
- Move the strongauth folder that has been created after installation of SAKA.
shell> mv /usr/local/strongauth /usr/local/strongauth-newinstall
- Move the strongauth zip file from the backup to /usr/local and unzip it.
shell> mv /usr/local/backups/strongauth.zip /usr/local
shell> unzip strongauth.zip
- Update the new server with any changes that might have been made on the old server to /etc/hosts.
shell> cat /usr/local/backups/hosts
shell> vi /etc/hosts
- Update the new server with any changes that might have been made on the old server to the firewall settings.
shell> cat /usr/local/backups/public.xml
shell> vi /etc/firewalld/zones/public.xml
- Update the new server with any changes that might have been made on the old server to the rc files.
shell> cat /usr/local/backups/bashrc
shell> vi /etc/bashrc
- Update the new server with any changes that might have been made on the old server to the ssh config files.
shell> cat /usr/local/backups/ssh_config
shell> vi /etc/ssh/ssh_config
shell> cat /usr/local/backups/sshd_config
shell> vi /etc/ssh/sshd_config
- Update the new server with any changes that might have been made on the old server to the my.conf file.
shell> cat /usr/local/backups/my.cnf
shell> vi /etc/my.cnf
- Restore LDAP configurations using the restore-LDAP.sh script.
shell> ./restore-LDAP.sh
- Reboot the machine.
shell> init 6
- Set SAKA pins.
shell> KC-SetPINTool.sh
- Test SAKA and SKFS transactions to ensure that everything is working and that the database is intact.