How to unblock the IAP firmware upgrade on the secured amp
This KB is to allow the IAP firmware upgrade from the Airwave server on which we have ran the script stig.pl to secure the AMP.
Environment : Secured AMP ( stig.pl) and monitoring or managing the IAP's.
Network Topology : IAP's being managed or monitored from the secured AMP.
As of Airwave versions 8.0.1, we have this issue, when we run the script stig.pl from /root/svn/mercury/scripts to make the AMP secured. It will pretty much make the AMP isolated, in this case, if we are monitoring or managing IAP's from airwave, we will not be able to upgrade or downgrade the firmware images of IAP using Airwave.
we could do the following to enable AMP to allow the firmware upgrades.
During the firmware upgrade, Airwave will send the example URL to IAP to download the firmware file:https://<airwave IP>/flash/< IAP firmware image name>
IAP will try to access the link and download the file, that link technically will access /var/www/html/flash directory to download that image from airwave, this directory on airwave will have a symlink to " /tftpboot/ " A directory, where the firmware upgrade files will be saved, when we upload from devicesetup --> upload firmware files from the GUI of airwave. when we run the stig.pl script on airwave, script will remove the symlink. Therefore, disabling the firmware upgrade of IAP's from Airwave.
we could run the below command to establish the symlink again:
# ln -sf /tftpboot/ /var/www/html/flash