Download
Abstract
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition 2.4.0.2 has been made generally available and contains fixes to version 2.4 including all predecessor fix packs
Download Description
| Sections | Description |
|---|---|
The Change history section provides an overview on what is new in this release with a description of any new functions or enhancements when applicable. |
|
The How critical is this fix section provides information related to the impact of this release to allow you to assess how your environment may be affected. |
|
The Prerequisites section provides important information to review prior to the installation of this release. |
|
The Download package section provides the direct link to obtain the download package for installation in your environment. |
|
The Installation instructions section provides the installation instructions necessary to apply this release into your environment. |
|
The Known side effects section contains a link to the known problems (open defects) identified at the time of this release. |
Review the Software prerequisites page in the IBM Knowledge Center to ensure your environment meets the minimum hypervisor and operating system requirements, especially if you are upgrading from a previous release of IBM Cloud Orchestrator. |
Review the Prerequisites tab in the system requirements report for supported versions of Data Protection and Recovery, Databases and Process Management tools. |
Installation Instructions
This fix pack can be installed as a fresh installation or as an upgrade of an existing installation. Follow the instructions in the tabs below.
Tab navigation
- Fresh Install- selected tab,
- Upgrade
- Post Install/Upgrade
Fresh installation of IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition
Step 1: Review the installation topic in the IBM Knowledge Center.
Note: See Exception for IBM Cloud Orchestrator Enterprise Edition below.
Step 2: Review the information on the Post Install/Upgrade tab above.
Exception for IBM Cloud Orchestrator Enterprise Edition
Note the following instructions about the Downloading the required image files topic in the IBM Knowledge Center:
For the IBM Cloud Orchestrator Enterprise Edition installation, replace the first two steps as follows:
- Download the following IBM Cloud Orchestrator files from IBM Fix Central:
- 2.4.0-CSI-ICO-FP0002.tgz
- 2.4.0-CSI-ICO-FP0002.README
- Copy the 2.4.0-CSI-ICO-FP0002.tgz image file to the Deployment Server, extract the contents, and copy the license files:
- a. To extract the contents of the image file into a temporary installation directory (for example, /opt/ico_install), run the following commands:
cd /opt/ico_install
tar -xvzf 2.4.0-CSI-ICO-FP0002.tgz - b. After you extract the contents of the 2.4.0-CSI-ICO-FP0002.tgz file, check that the following directories exist in the temporary installation directory (in this example, /opt/ico_install):
- ./data
- ./installer
- ./license
- ./license_EnterpriseEdition
- ./topology-templates
- ./utils
- ./versions
- c. Copy the files from the license_EnterpriseEdition directory to the license directory:
cd /opt/ico_install
cp --preserve license_EnterpriseEdition/* license/ - Complete steps 3 through 7 in the Downloading the required image files topic in the IBM Knowledge Center and continue the installation.
Upgrade of IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition
Step 1: Review the important message below to avoid potential problems during the upgrade.
Step 2: Review the Upgrading topic in the IBM Knowledge Center.
Step 3: Review the information on the Post Install/Upgrade tab above.
Important message regarding upgrades:
To avoid potential problems during the upgrade of IBM Cloud Orchestrator, perform the following procedures.
Modify the server.rb installation script on the Deployment Server
Perform the following steps:
- On the Deployment Server, after you extract the contents of the 2.4.0-CSI-ICO-FP0002.tgz file, change to the directory where the server.rb file is located:
cd ./data/installer/chef-repo/cookbooks/db2/providers
- Create a backup copy of the server.rb file:
cp --preserve server.rb server.rb_bak
- Edit the server.rb file, and add the two code blocks starting with "execute 'stop db2 sleep' do" and "execute 'start db2 sleep' do" and ending with "end" to the right place within the "if $upgrade" code block as in the following example. The "if $upgrade" code block starts at line number 175 of the server.rb file.
if $upgrade
execute 'stop db2' do
command "su - #{instance_username} -c 'db2stop force'"
ignore_failure true
end
execute 'stop db2admin' do
command "su - #{instance_username} -c '/opt/ibm/db2/V#{new_resource.version}/das/bin/db2admin stop'"
ignore_failure true
end
execute 'stop db2 sleep' do
command "sleep 180"
ignore_failure true
end
execute 'Upgrade db2' do
# -n Specifies non-interactive mode
# -b <base-install-path> Specifies the path where the DB2 database product will be installed
# -f db2lib Force installFixPack to bypass the checking on DB2 library loading
#command_upgrade = "cd #{tmp_dir}/package/$(ls #{tmp_dir}/package|head -1) && ./installFixPack -n -b /opt/ibm/db2/V#{new_resource.version}"
#puts "[INFO] going to perform db2 upgrade: #{command_upgrade}"
#command #{command_upgrade}
command "cd #{tmp_dir}/package/$(ls #{tmp_dir}/package|head -1) && ./installFixPack -n -b /opt/ibm/db2/V#{new_resource.version}"
returns returns
end
execute 'start db2admin' do
command "su - #{instance_username} -c '/opt/ibm/db2/V#{new_resource.version}/das/bin/db2admin start'"
end
execute 'start db2' do
command "su - #{instance_username} -c 'db2start'"
end
execute 'start db2 sleep' do
command "sleep 180"
ignore_failure true
end
end
- Save the server.rb file.
Disable the fault monitor daemon (db2fmcd) process
Perform the following steps on each IBM DB2 database server of your IBM Cloud Orchestrator environment (Deployment Server, Central Server 1, and so on).
For more information, review technote 1224009: How to disable the fault monitor daemon (db2fmcd) process.
- Check whether the DB2 fault monitor daemon is running:
ps aux | grep db2fmcd
- If the DB2 fault monitor daemon is running, make a backup copy of the DB2 fault monitor daemon configuration file and disable the daemon:
/opt/ibm/db2/V10.5/bin/db2fmcu -d
- Restart the server.
- Check whether the DB2 fault monitor daemon is running:
ps aux | grep db2fmcd
Post installation information
After you install or upgrade the IBM Cloud Orchestrator or IBM Cloud Orchestrator Enterprise Edition software, complete the following tasks.
Step 1: Resolve vulnerabilities
For vulnerability details and information about fixes, review the Impact assessment section below for details.
Step 2: Disable RC4 ciphers for IBM Java
To resolve a security issue described in CVE-2015-2808 (commonly referred to as Bar Mitzvah Attack), disable RC4 ciphers in IBM Java.
Complete the following steps to disable RC4 for IBM Java runtime instances that are used by IBM Cloud Orchestrator or IBM Cloud Orchestrator Enterprise Edition:
- On Central Server 2, where the Self-service user interface is located, change to the JRE security directory:
cd /opt/ibm/java-x86_64-70/jre/lib/security/ - Create a backup copy of the "java.security" file:
cp --preserve java.security java.security_bak - Edit the "java.security" file, and add or edit the "jdk.tls.disabledAlgorithms" property to disable RC4:
vi java.security jdk.tls.disabledAlgorithms=, RC4
NoteTo disable RC4, the text "RC4" must be included in the list of disabled ciphers that is defined by the jdk.tls.disabledAlgorithms property. - On Central Server 3, where the Workload Deployer component is located, repeat steps (1), (2), and (3).
Step 3: Disable the IBM DB2 nosql listener
To fix a known security vulnerability (MongoDB NoSQL Injection: Missing Secure Attribute in Encrypted Session (SSL) Cookie) on the DB2 database servers of your IBM Cloud Orchestrator installation, disable the DB2 nosql listener:
- Disable the nosql service:
chkconfig db2.nosql off - Stop the nosql service:
service db2.nosql stop
Note: This fix disables the Openstack Ceilometer component.
Post upgrade information
Step 1: Complete the above tasks first.
Step 2: Disable the SSLv3 protocol as described in technote 1883452: Updated instructions about disabling the SSLv3 protocol in deployed instances (POODLE attack)
Note: This task is necessary only if upgrading to IBM Cloud Orchestrator 2.4.0.2 or IBM Cloud Orchestrator Enterprise Edition 2.4.0.2. In a fresh installation of IBM Cloud Orchestrator 2.4.0.2 or IBM Cloud Orchestrator Enterprise Edition 2.4.0.2, the SSLv3 protocol is disabled by default.
The required Workload Deployer emergency fixes are included in the 2.4.0-CSI-ICO-FP0002-WORKLOAD-DEPLOYER-efixes.tgz file.
Download Package
The following sections provide detailed information related to this release.
Click the FC link below to obtain the release from Fix Central.
How critical is this fix?
| Impact | Description |
|---|---|
Corrective |
This is a maintenance release. It contains fixes for client-reported and internally found defects. This release also contains fixes to multiple security vulnerabilities. Review the Security Bulletin: Multiple vulnerabilities have been identified in IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, and in products shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise for details on which vulnerabilities have been secured. |
There are no known regressions to report. |
Problems Solved
Click the Fix List link in the table of contents above to review a list of the problems solved in this release. |
Known Side Effects
Review the Known errors and limitations section of the IBM Knowledge Center for issues related to this release. |
Additional Issues
User Interface Issues | Documentation Issues Documentation Issues The following items are not currently documented in the Knowledge Center:
|
Open defectsReview the following list of open defects for IBM Cloud Orchestrator on the IBM Support Portal. |
Change History
No new features or functions. |
Click the link in the Download Options column:
Technical Support
Follow IBM Cloud Tech Support on Twitter
Review the IBM Cloud Support BLOG article Enhance your IBM Cloud Support Experience for a complete list of the different support offerings along with a brief description on the best way to use each resource to improve your experience using IBM Cloud products and services.
Forums | Communities | Documentation | Contacting Support | Helpful Hints
Problems (APARS) fixed
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
05 April 2019
UID
swg24039948