-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot patch new Portal security 2024 u1 linux #381
Comments
@df-sloughton, can you share the contents of I ran through this and was not able to replicate the issue. Chef Debug Run Log:
Contents of .ESRI_P_PATCH_LOG:
Patch Notification Result
|
Thanks cat /opt/arcgis/portal/.ESRI_P_PATCH_LOG#START #START #START #START |
Hi @df-sloughton, Are you using Chef to download the patches or are the patches being downloaded/staged by another means? Looks like there are 3 patches that have been made obsolete and replaced with new ones:
So that leaves us with these 5 patches:
Chef will check the However, when you tried manually applying the patch it does throw this error which is interesting: I believe it is looking for I notice the Target OS is Ubuntu 22.02. Both the cookbooks v4.0.0 and ArcGIS Enterprise 10.9.1 are not supported/certified on Ubuntu 22.04 LTS:
Perhaps the issue stems from something weird or different with Ubuntu 22. Can you try on Ubuntu 20.04 LTS? Thanks, |
Hi @df-sloughton, I think we may have figured out why the ArcGIS-1091-PFA-SEC2024U1-Patch-linux.tar patch is being skipped or not installed. When I remove ArcGIS-1091-PFA-SEC2024U1-Patch-linux.tar file from my patch directory Chef logs the following message:
This is the same message you are receiving. It should actually log a warning or message that the file was not found. In your json config file can you ensure the following is added: arcgis-cookbook/templates/arcgis-portal/10.9.1/linux/arcgis-portal-patches-apply.json Lines 5 to 7 in a614054
Otherwise it is going to look for the patch in the default location of |
I had both "patches" and "local_patches" in an attempt to download patches on the fly rather than have them pre-downloaded. Its not clear what the relationship is. My patch order was by date, I am yet to try your order above. I had another issue elsewhere on Linux where the order was important.
|
I tried on Ubuntu 20.04 - same result. I interrupted the build and had a look at the /opt/software/archives/patches folder and it simply does not download it. I did not run out of room either, df reported 16GB free still.
Chef uses https://downloads.esri.com/patch_notification/patches.json
|
Could you try using cookbooks v4.2.0? I believe there was a regression introduced in v4.0.0 with the patch download filtering when a change was made to the "Products" field within https://downloads.esri.com/patch_notification/patchesPretty.json. Changed:
To:
I think this could be why the patch is not downloading. Thanks, |
I have not tested 4.2.0 yet. But the workaround if yo uhave to patch manually is create the $HOME/esri.properties.* file:
then run the patch process or download and install each missing patch manually: |
The $Home/.ESRI.properties file gets created by the portal setup during installation. It must've been there at some point otherwise I would expect the other patches to not have installed as well. Is this an environment in AWS? We have some logic in the cookbooks system recipe to rename the .ESRI.properties file in aws specifically when it comes to images. For example, if portal is installed and an AMI is created then that .ESRI.properties file will contain the hostname/ip of the original machine where the image was created. Then when that AMI is used in a new EC2 instance that has a different ip/hostname the file needs to be renamed to match. Perhaps something got clobbered during this process causing the file to disappear: arcgis-cookbook/cookbooks/arcgis-enterprise/recipes/system.rb Lines 90 to 107 in a614054
I would be interested in the full chef debug logs if you have them. Thanks, |
I have not been able to test on 4.2.0+ yet, however an update - the Chrome/Edge 127 patch works on 4.0.0, namely ArcGIS-1091-PFA-AD-Patch-linux.tar. However if you then manually run patchnotification, the now older problematic patch will install out of order to this new patch, and you will have a mixed environment. We had users not seeing Chrome/Edge 127 issues and some did see issues, until I uninstalled both manually and installed them in order manually. |
Hi
Im interested in all the patches for Portal on Linux, including getting past any recent patch installer/Enterprise Sites patching issues if they exist on Linux.
Packer + Chef seem to say it installed, or was already there (says "upto date")? But when deployed image patchnotification says its available still to install.
Target OS: Ubuntu Linux 22.02
ArcGIS Enterprise 10.9.1
Chef ArcGIS Cookbooks 4.0.0
packer:1.9.1 on GitHub Cloud > Actions Runner
Chef JSON snippet (trying also to get the order right):
Chef logs via Packer via Github Action Runner snippet
Patchnotification output:
This might be another problem or related, but right now I cant manually patch either:
The text was updated successfully, but these errors were encountered: