Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Maarten_Sjouw
Champion
Champion

CPUSE acting up today

Today I ran into a really weird problem on a VSX cluster. I was trying to run installer with jumbo 154, and the installer kept telling me there was a need to upgrade as the version was not the latest, it was 1573.

All morning in an chat and trying to get past this point, in the beginning of the afternoon, after lunch and a reboot all the sudden there was a different message, please update to the later version 1577 (the CPUSE SK was still saying 1573 was the latest), so installer agent update, but still it cannot get the update file. Problem was the same on both members.

Maybe someone at Check Point was to quick in setting the version number on the update server?

On 1 of the 2 members I completely removed the deployment agent with rpm and then reinstalled, stopped clishd and confd as instructed. Now all the sudden I could use the imported packed (had to import again) package for Jumbo 154, Only issue was it needed to uninstall the Jumbo 103 before the Jumbo 154 could be installed and it failed as the jumbo 103 was no longer available in the CPUSE repository. According to sk115243 you can easily add it back in by adding the folder and the package file in a directory in /var/log/CPda/repository. When i followed the instructions in this SK and as a final step started the DAClient again, it instantly removes the folder again, bringing you back to square 1.

Tomorrows another day and I will try again to get the deployment agent to stop acting up.

Regards, Maarten
19 Replies
JozkoMrkvicka
Authority
Authority

Some questions are answered here:

Jumbo Hotfix Accumulator FAQ 

According to FAQ, you should be able to install the latest R80.10 Take without uninstalling the current (older) Take in case you did exactly the same procedure as for the older one (CPUSE or Legacy CLI method).

Do you have some custom hotfixes (portfixes) installed on the VSX ?

Kind regards,
Jozko Mrkvicka
0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

Actually I have seen on couple of occasions when packages mysteriously disappear from repository. In my case it was non-VSX from memory (at least the last one)

Normally copying them back fixed it but it may have taken few attempts. And there was a trick to either do it with CLI or WebUI but for some reason it was failing with one even though it shouldn't make a difference

As you said - it does act really weird occasionally, I mean CPUSE. Not a lot of help though.. Smiley Happy

Hopefully it works tomorrow Smiley Happy

0 Kudos
Maarten_Sjouw
Champion
Champion

I'll see what TAC has to say and try again tomorrow to see what happens. I hope the 1577 now will be available to download so I can apply it.

The one where I did not remove the deployment agent with rpm still has the 103 in the repository, it is the other one that is acting up.

@Jozko, no it was really nagging the Jumbo 103 package is not available for uninstall, see the SK, and no there were no other packages.

Regards, Maarten
0 Kudos
Maarten_Sjouw
Champion
Champion

this is really weird, we found http was blocked, we got that allowed and before that I got this error:

Operation canceled, Before you continue with CPUSE actions, update to the latest Deployment Agent version.

Now it is allowed and this is what we see:

FW-01:0> installer agent update
Info: Initiating CPUSE self update...
Deployment Agent: agent is up to date
FW-01:0> show installer status
Agent: enabled
Build number: 1573 (agent build is up to date)
Network connection: connected
Update from cloud: last updated on Thu Nov 22 07:37:33 2018
License: valid
FW-01:0> installer install
** ************************************************************************* **
** Hotfixes **
** ************************************************************************* **
Num Display name Type
1 R80.10 Jumbo Hotfix Accumulator General Availability (Take 154) Hotfix
FW-01:0> installer install 1
The machine will automatically reboot after install.
Do you want to continue? ([y]es / [n]o / [s]uppress reboot) y

Info: Initiating install of Check_Point_R80_10_JUMBO_HF_Bundle_T154_sk116380_FULL.tgz...
Interactive mode is enabled. Press CTRL + C to exit (this will not stop the operation)
Result: A new critical update was found (DeploymentAgent_000001577_1.tgz), please download and install it first

So again, back to square 1.

Regards, Maarten
0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

Thought I give it a go on mine non-vsx, looking promising..

Maarten_Sjouw
Champion
Champion

I was told to remove the agent again, reboot and then install again, have kicked it up the ladder in TAC.

Regards, Maarten
0 Kudos
JozkoMrkvicka
Authority
Authority

Can you try it without internet connection ?

Kind regards,
Jozko Mrkvicka
0 Kudos
JozkoMrkvicka
Authority
Authority

0 Kudos
Maarten_Sjouw
Champion
Champion

Today I was able to run the update on 1 of the 2 members, no more reference about/need to install version 1577,.

However the other member, where I uninstalled the CPUSE agent, I still get the message that the 103 jumbo cannot be uninstalled as it is not in the repository.

Running the commands from SK115243 result in the fact that the directory just created, is removed again as soon as you issue DAClient start.

Import of the jumbo 103 package is also not working as it is already installed. 

So now I'm waiting for TAC to give me a resolution for this.

Regards, Maarten
0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

Have you tried manual copy of repository contents (if 103 is still there) from working node to non-working. Or maybe you have it somewhere else on other VSXes? I think that did the trick for me

0 Kudos
Maarten_Sjouw
Champion
Champion

The file itself is not the problem, that is available, the problem is that you can create the directory and add the file, but as soon as you start CPUSE, it will delte the directory and the file.

Regards, Maarten
0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

OK, found one of my gateways could not update to the latest CPINFO version using CPUSE for the same reason - couldn't find old package in repository. And I observed the same issue with directory disappearing after DA restart.

So in addition to steps described in SK, I ended up fixing file permissions and ownership and it seemed to work.

Create required directory first for required package i.e this was for CPINFO ver 182

mkdir /var/log/CPda/repository/CheckPoint#CPUpdates#All#6.0#4#8#BUNDLE_CPINFO#T33

Copy in files from somewhere i.e. another gateway that has it available in the repository

Change file and directory permissions and ownership

chmod 700 /var/log/CPda/repository/CheckPoint#CPUpdates#All#6.0#4#8#BUNDLE_CPINFO#T33

chown admin:root /var/log/CPda/repository/CheckPoint#CPUpdates#All#6.0#4#8#BUNDLE_CPINFO#T33

chmod 664 /var/log/CPda/repository/CheckPoint#CPUpdates#All#6.0#4#8#BUNDLE_CPINFO#T33/*

chown admin:root /var/log/CPda/repository/CheckPoint#CPUpdates#All#6.0#4#8#BUNDLE_CPINFO#T33/*

Create soft link and set ownership

ln -s /var/log/CPda/repository/CheckPoint#CPUpdates#All#6.0#4#8#BUNDLE_CPINFO#T33 CheckPoint#CPUpdates#All#6.0#4#8#BUNDLE_CPINFO#T33

chown -h admin:root /opt/CPda/repository/CheckPoint#CPUpdates#All#6.0#4#8#BUNDLE_CPINFO#T33

Stop start DA (i did via clish installer agent disable/enable)

0 Kudos
Maarten_Sjouw
Champion
Champion

Kaspars, I get a no file or dir on the last line, as I do not see any reference anywhere to /opt/CPda do you need to change dir to that dir before you run the ln -s?

Regards, Maarten
0 Kudos
Maarten_Sjouw
Champion
Champion

Yep that was the one missing link!!!

You need to move to the other dir before you create the link, this what I overlooked in that SK....

Sometimes you just see what you want to see while reading. 

Regards, Maarten
0 Kudos
Maarten_Sjouw
Champion
Champion

the file is now in the repository but

FW1:0> installer uninstall 1

The machine will automatically reboot after uninstall.
Do you want to continue? ([y]es / [n]o / [s]uppress reboot) y

Info: Initiating uninstall of Check_Point_R80_10_JUMBO_HF_Bundle_T103_sk116380_FULL.tgz...
Interactive mode is enabled. Press CTRL + C to exit (this will not stop the operation)
Result: Uninstall of package Check_Point_R80_10_JUMBO_HF_Bundle_T103_sk116380_FULL.tgz Failed
Backup file not found.
Contact Check Point Technical Services for further assistance.

Regards, Maarten
0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

I'll check tomorrow, today was way too busy Smiley Sad

0 Kudos
Maarten_Sjouw
Champion
Champion

there should be a backup dir in the /opt/CPda/ this also was lost, I could not get it from the other box anymore as it was removed there after the upgrade to Jumbo 154 so had to use another system that had plain R80.10 on it, install Jumbo 103 and collect the backup dir, copy it to the system and now it is happily removing Jumbo 103. 

This is described in sk114592 

Installing the Jumbo 154 now. - Finished successfully.

Thanks for the Help and I'm happy this one is also ticked off.

Regards, Maarten
0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

Smiley Happy

0 Kudos
Boaz_Orshav
Employee
Employee

Deployment Agent 1577 was indeed released as gradual release which means that some machines identified the new package while others still identified 1573 as latest.

This situation exists in any Deployment Agent release for several days until it is released to all machines and previous build is removed.

Both versions (previous and newest) are fine. The new versions usually include support for next releases as well as new features (can be viewed in SK92449)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events