Solved

OS Updates Access Node and MediaAgent (FREL) 2022E

  • 29 November 2022
  • 5 replies
  • 239 views

Userlevel 1
Badge +12

Hi All,

 

we are using Access Node and MediaAgent (FREL) 2022E .

 

The docu says:

 

Automatic OS updates: Select this option to enable automatic OS updates.

By default, automatic updates are applied daily for security updates. To modify the security level, perform the following steps after the File Recovery Enabler has been deployed:

 

That was the reason why we are using 15 of these proxy in our wxrail enviroment. 

 

The Update is failing because the FREL is behind an firewall. 

 

I opend an Case 221121-292 to find out what we need but the awnser was…..

 

  1. For internet access, on FREL machine you can open port 80 - HTTP and 443 - HTTPS

Than i asked for the urls and the awnser…..

 

  1. Unfortunately, we won't be able to provide the exact URL's. I confirmed this with Tier 2 as well.

    This needs to be looked into with the help of your network team.

     

    You can open those ports, run wireshark during OS updates download to check which requests on which ports are denied.

 

This is not what we want to do :) The ova is provide by commvault and my opinion is that commvault should know wich ports must allow to make os updates. 

 

allow port 80 and 443 for any urls is not an option.

 

Mybe you have an list of urls wich are needed to be allowd for os updates ?

 

 

icon

Best answer by Mike Struening RETIRED 29 November 2022, 17:29

View original

5 replies

Userlevel 7
Badge +23

@SSchmidt I can see that the case owner was not able to provide the urls, though I know some SMEs I can ping.

Userlevel 1
Badge +12

hi thanks

Userlevel 7
Badge +23

Sure thing!

Here’s what I heard back:

Security updates are allowed on the OS. Ideally, never let the OS reach out and they would control a production environment and thus they would leverage their own local mirror. They would establish a monthly maintenance to be in control of their environment.

https://docs.oracle.com/en/operating-systems/oracle-linux/software-management/sfw-mgmt-UpdateSoftwareonOracleLinux.html#controlled-updates

they should be using dnf update --security

You can also set up a yum server:

https://docs.oracle.com/en/operating-systems/oracle-linux/software-management/sfw-mgmt-ConfigureaSystemtoUseOracleLinuxYumServer.html#config-proxy-with-yum

Let me know if that helps.

Userlevel 5
Badge +8

Hello,

Check yum.repos.d on those OVA deployed Linux Access nodes. if its FR28’s OEL based then will use these oracle-linux-ol8.repo and uek-ol8.repo repos for OS updates.

If its CentOS based, then uses centos and elrepo repos.

 

Regards

Gopinath

 

Userlevel 1
Badge +12

Hi,

 

we decided to switch to windows core. 

Reply