Update from old Security Mode: Difference between revisions
Amasidlover (talk | contribs) (Created page with "Update Procedure: N.B. This procedure has been designed with minimum downtime; the UI should be fully usable up until the resecure step and largely useable (see the * below)...") |
m (Formatting changes for clarity) |
||
Line 1: | Line 1: | ||
This procedure will migrate systems onto a new security model. |
|||
⚫ | |||
⚫ | |||
This procedure has been designed with minimum downtime; the UI should be fully usable up until the resecure step and largely useable (see the * below) until the 'update_fap' step. The full resecure takes approx 1 hour on July's P&P live data. |
|||
Check if there are any systems with pure numeric sec_ids left, i.e., last config build before March 2013 (check timestamp of /etc/zymonic/[system]/cache/*) - if you identify systems with a last config build before that then check with ARM before continuing. |
Check if there are any systems with pure numeric sec_ids left, i.e., last config build before March 2013 (check timestamp of /etc/zymonic/[system]/cache/*) - if you identify systems with a last config build before that then check with ARM before continuing. |
||
<ol> |
|||
zymobuild |
|||
<li> |
|||
Zymobuild |
|||
</li><li> |
|||
Config build |
Config build |
||
</li><li> |
|||
Resecure all tables (leaves them with entries in both tables)* |
|||
⚫ | |||
</li><li> |
|||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
</li><li> |
|||
⚫ | |||
⚫ | |||
⚫ | |||
</li><li> |
|||
⚫ | |||
⚫ | |||
Config build |
Config build |
||
<pre>sudo zymonic_toolkit.pl System config_build --system SYSTEM</pre> |
|||
</li> |
|||
⚫ | |||
</ol> |
|||
<div class="boxed"> |
|||
⚫ | If at all possible adding new entries / changing existing entries in tables that are connected to 'groups' e.g. eBex areas, regions, companies and P&P clients should be avoided from the beginning of resecure until the end of the final config build - if changes are made then an additional resecure after the last config build should solve any resulting issues. |
||
From starting update_fap to completing the config build the system will be unusable as there will be no accessible pages and all the menus will be empty. |
From starting update_fap to completing the config build the system will be unusable as there will be no accessible pages and all the menus will be empty. |
||
</div> |
Revision as of 15:26, 13 November 2018
This procedure will migrate systems onto a new security model.
Update Procedure:
This procedure has been designed with minimum downtime; the UI should be fully usable up until the resecure step and largely useable (see the * below) until the 'update_fap' step. The full resecure takes approx 1 hour on July's P&P live data.
Check if there are any systems with pure numeric sec_ids left, i.e., last config build before March 2013 (check timestamp of /etc/zymonic/[system]/cache/*) - if you identify systems with a last config build before that then check with ARM before continuing.
- Zymobuild
- Config build
-
Resecure all tables (leaves them with entries in both tables)*
sudo zymonic_toolkit.pl Security resecure --system SYSTEM --zname '*' --unsecured true --debugfile=/tmp/full_resecure.log
-
Run detect security mode
sudo zymonic_toolkit.pl System detect_record_security_modes --system SYSTEM --debugfile /tmp/detect_security.log
-
do a full update_fap
sudo zymonic_toolkit.pl System update_fap --system SYSTEM --full yes
-
Config build
sudo zymonic_toolkit.pl System config_build --system SYSTEM
If at all possible adding new entries / changing existing entries in tables that are connected to 'groups' e.g. eBex areas, regions, companies and P&P clients should be avoided from the beginning of resecure until the end of the final config build - if changes are made then an additional resecure after the last config build should solve any resulting issues.
From starting update_fap to completing the config build the system will be unusable as there will be no accessible pages and all the menus will be empty.