Issue: Updating between minor UTM version releases is failing
First seen in: Sophos UTM
Cause: All updates on the UTM are applied sequentially. For example, a UTM running 9.200 updates to 9.201 before updating to 9.202. Upgrading issues can arise when an upgrade path between two minor versions is offered, for example 9.2 to 9.3.
Dependent on the speed in which the updates are installed to your UTM, you may be left with two upgrade paths, one of which may be invalid. An example of this would be if your UTM has downloaded the upgrade file between 9.209 and 9.300, but hasn't applied it. The update files would remain on your system. After a few weeks, 9.209 to 9.210 may be released, creating a second path based on a revision version rather than minor version. If you install this update, the scripts will also try to install 9.209 to 9.300, which is no longer valid because you are already running on a more recent version.
Note: since 9.211 was released, the upgrade package from 9.210 to 9.304 was removed. You now need to upgrade from 9.210 to 9.211, and then to 9.304.
# rm -rf /var/up2date/sys-install/*
# rm /var/up2date/sys/*
# rm /var/up2date/.queue/*
# cd /var/up2date/sys
# wget http://download.astaro.com/UTM/v9/up2date/u2d-sys-9.211003-304009.tgz.gpg
If your UTM is using High Availability, you may also need to remove these same files from the slave node as well. When remotely accessing an HA cluster you can move to the slave node through the command ha_utils ssh, and when prompted, enter the passwords.
The same procedure as above can then be used to resolve the updating issues, but with the difference that the update files need to be downloaded on the master, and then copied to the slave using SCP. From the master, after you run wget to obtain the up2date files, run the command 'hs' to identify the 'cluster IP' of the Slave node, which will either end with a 1 or 2 depending on which node is the Master. The output will look similar to this:
<M> fw1:/root # hs Current mode: CLUSTER MASTER with id 1 in state ACTIVE -- Nodes ----------------------------------------------------------------------- MASTER: 1 node1 198.19.250.1 9.210020 ACTIVE since Sat Jan 24 17:40:43 2015 SLAVE: 2 Node2 198.19.250.2 9.210020 UP2DATE since Thu Jan 29 13:03:58 2015
Taking the slave's IP run the SCP command below from the directory in which the up2date files you wish to copy to the slave are located:
scp u2d-sys-9.210020-304009.tgz.gpg firstname.lastname@example.org:/home/login
Then, enter the password for loginuser - Note that whilst the slave is in status 'up2date,' no config changes are synced across, so if the shell passwords were changed after the problem occurred, the slave will still be using the old password
After the files are copied across, use the command 'ha_utils ssh' to switch to the slave, then move the files copied from the master, to the up2date location as follows:
mv /home/login/u2d-sys-9.210020-304009.tgz.gpg /var/up2date/sys
Now you can run auisys.plx on the slave, and the update should install correctly.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.