Hi Community
As suggested by Scott, once the advanced tuning parameter (sys.direct.update.allowed=true) is set I am now able to go one step further, i.e. the firmware update package file is uploaded and visible in the LMI Available Updates page. And now the firmware 'Install' LMI method is working.
However, the Ansible RESTAPI firmware method (with Ansible roles) would still skip the 'Install' step. The cause for this is found in the JSON response below:
curl -k --user admin:***** -H "Content-Type:application/json" -H "Accept: application/json" -X GET https://appliance/updates/available.json
[{
"id": 0,
"name": "isva",
"type": "firmware",
"state": "idle",
"schedule_date": null,
"iso_scheduled_date": null,
"release_date": "2021-12-14-0329",
"version": "10.0.3.0",
"expired_install": false
}]
As one can see, the 'release_date' value includes more than just the release date. In order to get around this, you will need to use the Ansible isam-ansible-roles's install_firmware role as follow:
- role: install_firmware
install_firmware_file: "/tmp/isva_10.0.3.0_20211214-0329.pkg"
install_firmware_name: "isva"
install_firmware_release_date: "2021-12-14-0329"
install_firmware_version: "10.0.3.0"
In previous firmware roll-outs, we would typically set 'install_firmware_release_date' to just the release date (such as 2021-01-10 for 10.0.2.0).
Hoping that this note helps resolve 10.0.3.0 installation issues for most. At least it did for me.
------------------------------
Sylvain Gilbert
------------------------------
Original Message:
Sent: Sun December 19, 2021 05:41 PM
From: Scott Exton
Subject: Verify Access v10.0.3.0 released
Sylvain,
I don't think that this is a new error, and happens when your machine does not have access to the online update server (even though you are doing a manual upload of an update). Try setting the following advanced tuning parameter:
name: sys.direct.update.allowed
value: true
Thanks.
Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor
Original Message:
Sent: 12/18/2021 3:47:00 PM
From: Sylvain Gilbert
Subject: RE: Verify Access v10.0.3.0 released
Hi Community
I'm giving a try at 10.0.3.0 upgrade over 10.0.1.0 or over 10.0.2.0.
I'm getting the expected behavior while applying 10.0.3.0 over 10.0.1.0 but while applying it over 10.0.2.0, I'm obtaining a system error message "The system encountered an error while it was querying the update server". I am getting this error systematically on different 10.0.2.0 firmware.
I obtained at first the error while attempting an update using RESTAPI and Playbook but then I reverted to LMI manually method afterwards to be able to see the reported detailled error.
Has anyone encountered the same behavior ?
------------------------------
Sylvain Gilbert
Original Message:
Sent: Fri December 17, 2021 04:03 AM
From: Jon Harry
Subject: Verify Access v10.0.3.0 released
Hello everyone,
We released IBM Security Verify Access v10.0.3.0 today; it's already available for download from Docker Hub and from IBM Fix Central.
@Scott Exton has posted a video about the new capabilities in this release:
https://community.ibm.com/community/user/security/viewdocument/ibm-security-verify-ac[…]ey=e7c36119-46d7-42f2-97a9-b44f0cc89c6d&tab=librarydocuments
If you're looking to upgrade as a result of log4shell, I'll mention that (just like 10.0.1.0 and 10.0.2.0) 10.0.3.0 does NOT include the log4j jar file at all.
Wishing everyone Happy Holidays and looking forward to continuing our discussions and answering questions on the community site in 2022.
Cheers... Jon.
------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------