Security

Reply
Contributor II
Posts: 40
Registered: ‎05-27-2014

ClearPass CLI update

Hello there.

So here is the situation.

We have the master .33 and the standby.66

Somehow, the Master has been updated and not the controller so now the version do not match and the sync stopped.

I was trying to update the stanbdy to 6.4.1 but every steps I found involve the GUI (to import the .bin update file).

 

The issue is that we do not have access to the standby GUI anymore. We tried all pasword possible (even the eTIPS123) but it wouldn't connect.

SSH works fine though.

So I was wondering what would be the command to import my

CPPM-x86_64-20140917-clearpass-6.4-updates-1-64-patch.signed.bin

to  /var/avenda/platform/store/updates/

so I can run the update through CLI

 

Or is there an equivalent to the GUI auto update but CLI only ?

 

Thanks

Guru Elite
Posts: 8,000
Registered: ‎09-08-2010

Re: ClearPass CLI update

[ Edited ]

Easiest way would be to download the upgrade file from the support site, upload it to an internal web server and then use the upgrade command at the cli pointing to the web address.

 

system upgrade http://hostname/<filepath>

 

 

 


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor II
Posts: 40
Registered: ‎05-27-2014

Re: ClearPass CLI update

Thanks,

I tried but it gives me Extracting image...
ERROR - Validating upgrade image failed

Checksum is good though :(

The file is

CPPM-x86_64-20140917-clearpass-6.4-updates-1-64-patch.signed.bin

Guru Elite
Posts: 8,000
Registered: ‎09-08-2010

Re: ClearPass CLI update

Try using the update command instead of upgrade.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor II
Posts: 40
Registered: ‎05-27-2014

Re: ClearPass CLI update

same :(

Guru Elite
Posts: 8,000
Registered: ‎09-08-2010

Re: ClearPass CLI update

Hm. It might be faster to open a TAC case at this point.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor II
Posts: 40
Registered: ‎05-27-2014

Re: ClearPass CLI update

Yes, I also, did , but it takes for ever to get an engineer available :(

 

But your help is much appreciated

Guru Elite
Posts: 8,000
Registered: ‎09-08-2010

Re: ClearPass CLI update

Your other option would be to just reset the database on the subscriber, upgrade it, then rejoin it to the cluster.

 

You'll want to make sure you have a copy of the server certificate and private key before you do this.

 

 

cluster reset-database

 


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Aruba
Posts: 1,536
Registered: ‎06-12-2012

Re: ClearPass CLI update

Did you try restarting the services. Is there an error when you restart http service?

 

Also if you do an upgrade on the cli you need have a secure connection. 

 

What version are you upgrading from.

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor II
Posts: 40
Registered: ‎05-27-2014

Re: ClearPass CLI update

Hi ,

I just finished a conversation with TAC.

The file was originaly download on the subscriber but because of a DC issue couple days ago the update failed.

That said the file was still there but couldn't be use for the upgrade as the name wasn't the same than the orginal one.

TAC used the backdoor to check the current name of the .bin file

then forced the udpate

then clear the database completely

and then re-add as a subscriber (we already dropped it yesterday).

 

Everything is up and running ,

TAC confirmed that I had no other choice than talking to them to get the exact file name.

 

Thank you all.

Search Airheads
Showing results for 
Search instead for 
Did you mean: