Previous
Index Next
ISCS version 0.1.1
The included upgrade scripts are not cumulative, i.e., you must follow the instructions for each upgrade between the version you are currently running and this version. For example, if upgrading from an ISCS version prior to 0.0.5, one must first perform the database updates described in the 0.0.5 upgrade instructions , 0.0.6 upgrade instructions, 0.0.6.2 upgrade instructions and 0.0.6.3 upgrade instructions before executing the below instructions.
Copy new images and BaseFiles from the SPMdirs directory of the expanded tarball. Because ISCS now supports both MySQL and PostgreSQL, the login screen now has a field for database type and defaults to PostgreSQL. If you are staying with MySQL or are moving to PostgreSQL but have not yet converted your databases, please change this to MySQL before your first login.
You must reinitialize all PEPs (because of network server naming convention and basefile changes) after all changes to the DBD and SPMs have been made.
There is no way to revert an upgraded database to an pre-upgrade version because of database schema changes. If you plan to revert to an older database, you must do it BEFORE beginning this upgrade.
All PEPs must be reinitialized after running this upgrade and before any new changes.
Upgrading to this version requires MySQL >= 4.0.2 for MySQL users. We have been testing with 4.1.22 and 5.0.51 but have not yet tested 6.x.
Backup current database:
mysqldump -u username -h 192.168.223.80 -p spm_OSDC_Demo1 > OSDC_Demo1-20080213.sql
Copy in new script files (cleanDBdump, and either Mydbcopy, Mydbnew, Mydbdelete or Pgdbcopy, Pgdbnew, Pgdbdelete depending on your RDBMS) from the DBD tarball directory to overwrite old scripts (typically in /usr/bin). Copy all of the new sql files used to create initial databases for your database type (e.g., MySQL, PostgreSQL), i.e., spmskeleton, CountryCodes, models, services, SPMData from the DBD tarball directory into the /usr/local/SPM/Database/ directory.
Upgrade RDBMS if necessary (e.g., if you are running MySQL < 4.0.2).
Run the appropriate DBDUpgradeTo-0.1 upgrade SQL script, e.g.,
mysql -u username -h 192.168.223.80 -p spm_OSDC_Demo1 < DBDUpgradeTo-0.1.sql
Upgrade the existing database as above EVEN IF you are going to convert to PostgreSQL. The PostgreSQL conversion scripts require the data to use the new schema.
You must reinitialize all PEPs (because of network server naming convention and basefile changes) and reset baseline (as all reversions will fail) by dumping current data into /usr/local/SPM/spm_${DB}/data/SPMdata.{my,pg}sql, e.g.,
mysqldump -u user -p -h DBD -n -t spm_mynetwork > /usr/local/SPM/spm_mynetwork/data/SPMdata.mysql
or
pg_dump -U user -h DBD -a spm_mynetwork > /usr/local/SPM/spm_mynetwork/data/SPMdata.pgsql
Delete all directories from /usr/local/SPM/spm_mynetwork/data/ except the latest one. Edit the DbChanges file in the latest data directory to be an empty file. DO NOT DELETE THE FILE – just the contents.
Corrects entries where containsbestmatch was not set properly:
Removes possible database corruption where there are multiple BestMatch entries for a SubRange and SuperRange for a larger SuperRange.
Corrects entries where indirect networks had the nofrags flag set on.
Alters schema for new antispoof logic and models
The naming convention or Network Servers has changed. Existing Network Servers must be renamed from <PEPName>-<Network base address> to <PEPName>-<Network base address>(<Network Mask Length>)
Packets coming off the IPSec VPN interfaces are now identified by packet marking rather than the ipsec interface eliminating the need for KLIPS for Linux gateways.
Support for PostgreSQL (tested on version 8.3.3) and MySQL 5.x (tested on version 5.0.51).