KB Article #177390
APPLIANCE: Installing security updates with zypper
Article last updated on 29/3/2016:
Statement under "Network requirements" that Axway Repositories accept secured HTTPS connections is added.
Table of contents
Introduction
Starting with Appliance Platform 6.7.1, the Axway Appliance can be updated using online package repository. It is no longer needed to manually download update archives, unzip them and run upgrade scripts in order to obtain the latest security updates.
As Appliance Platform 6.7.1 is a prerequisite, Axway Support should be contacted for instructions how to get Appliance Platform 6.7.1. To check the current platform level, run the command below. The platform level is also displayed in the login banner over SSH to the OS:
cat /etc/platform.conf | grep AP_VERSION
Appliance platform version check
A tool called zypper
is used to connect to the Axway repository servers and download updated packages with full dependency check. The zypper
tool would only download and install packages that have been updated in the online repository.
Network requirements and HTTP proxy
All Axway Appliances must be able to connect to https://appliance-repo.axway.com
on port 443 in order to download updates.
In case your repository configuration is still using the plain HTTP addresses, refer to KB 177817 for instructions how to change to HTTPS.
Check connectivity to the Axway repo over HTTPS
Configuring the HTTP proxy
The zypper
tool can connect through a HTTP proxy if direct connection to the Axway repository is not possible. To configure HTTP proxy configuration on the appliance, run the following command on the server's console:
yast proxy
The proxy configuration is global to the OS and all network aware tools might use it. SecureTransport however will ignore that configuration as it has its own proxy settings.
Updating the appliances
The zypper
tool is used to download and install the latest updates. It can be used to list the updates, download and install the updates or just download the updates, without installing them.
List the available updates
This command will only print information about the available updates to the console, without downloading or installing them:
zypper list-updates
Listing the available update packages
Install the available updates
This command is used to download and immediately start the installation of the update packages:
zypper update
Download and install the available update packages
Only download the available update packages without installing them
This command is used to download the packages for installation at a later time:
zypper update --download-only
Download the available update packages
Once downloaded, the packages will be saved to subfolders under /var/cache/zypp/packages
. Each repository will have a separate subfolder. To install those packages, while preserving a backup copy of the original ones, navigate into each repo subfolder and execute the following command:
rpm –Uvh --repackage *.rpm
Install the downloaded update packages, creating a backup of the originals
Repository configuration
In order to download updates, Axway appliances maintain an offline list of repositories to connect to. This list is automatically created on Appliance Platform 6.7.1. In case of changes, however, the repositories can be recreated. The first step is to remove all currently configured repositories:
rm -Rf /etc/zypp/repos.d/*.repo
Then the following commands should be executed to recreate the repositories:
zypper addrepo --type rpm-md --name SLES-LATEST-UPDATES --no-gpgcheck --refresh --no-keep-packages https://appliance-repo.axway.com/os/sles11-sp3/updates SLES-LATEST-UPDATES zypper addrepo --type rpm-md --name SLES-HAE-LATEST-UPDATES --no-gpgcheck --refresh --no-keep-packages https://appliance-repo.axway.com/os/sles11-hae-sp3/updates SLES-HAE-LATEST-UPDATES zypper addrepo --type rpm-md --name AP-APPLIANCE-UPDATES --no-gpgcheck --refresh --no-keep-packages https://appliance-repo.axway.com/products/ap/latest/updates AP-APPLIANCE-UPDATES