Tag Archive update

mm ByYOBICLOUD TEAM

Upgrade SysPass from 2.1 to 3.0

Hi Tech Guys,

SysPass It’s one of the best powerful Free and Open Source web application that provides a password management in a secure and collaborative way with intuitive web UI and several useful features.
More informations on the official website syspass.org.
In this tutorial are going to upgrade step by step from version 2.1 to 3.0, and if you installed previously with php 5.6, we will upgrade on version 7.0 because is supported from the application.
There are important changes in the version 3.0, a fully database structure change, “config” directory is moved off to “/app/config”, Composer PHP package manager is used to install and keep up-to-date sysPass dependencies.

Requirements:

-Centos 7.3 server with minimal hardware configuration (depends of your needs).
-Syspass version 2.1 installed.
-ROOT permission on server.
-Internet connection to download all needed packages.
-Good IT basic knowledge and a bit of patience…

Let’s Start!

Stop Apache web server before start, is not mandatory but we prefer to stop it so no one can use the application in the while.

systemctl stop httpd.service

Backup everything and if you can, snapshot your system (just in case).

There are three general ways to backup with mysqldump, choose what you prefer:

shell> mysqldump [options] db_name [tbl_name ...]
shell> mysqldump [options] --databases db_name ...
shell> mysqldump [options] --all-databases

move on /tmp (we backup twice, never enough):

mysqldump -p --all-databases > all_databases.sql

mysqldump -p syspass > syspass.sql

in additions for precautions save on your local pc, so execute those command with scp:

scp root@[syspass_srv_ip]:/tmp/all_databases.sql /(your local path for backup)

scp root@[syspass_srv_ip]:/root/syspass.sql /(your local path for backup)

copy /config folder on your pc

scp -r root@[syspass_ip]:/var/www/html/sysPass/config (your local path for backup)

and on /tmp as well so will be ready at copy time

cp /var/www/html/sysPass/config /tmp

(optional) If your bakup folder is populated and you wish to hold the previous folder, copy also the backup

cp /var/www/html/sysPass/backup /tmp

(optional) only if you have an old php version and would like to switch to 7.0 remove all older php pkgs

yum remove -y php*

once you can, and you are on it, update all server pkgs

yum update -y

install epel to get extras repository and utils tools

yum install epel-release yum-utils -y

and repo to download and activate php 7.0 pkgs, otherwise you will download last version not supported from syspass.

yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm

yum-config-manager --enable remi-php70

install all required php 7.0 pkgs

yum install php php-common php-opcache php-mcrypt php-cli php-gd php-curl php-mysql php-xml php-devel php-intl php-mbstring php-bcmath php-pdo php-ldap

also install this pkgs required from composer

yum install git zip unzip php7.0-zip -y

be sure maria db and apache are updated to latest version, once you touch the server

yum upgrade -y httpd mariadb-server mariadb

Move on /tmp, download last version of sysPass (if in the time a newer update of version 3 used in this tutorial was released, change the paths) decompress, remove all old folders (or rename if you are not sure) and move the new folder on apache html folder.

cd /tmp
wget https://github.com/nuxsmin/sysPass/archive/3.0.5.19020701.tar.gz
tar -xvzf 3.0.5.19020701.tar.gz
mv sysPass-3.0.5.19020701 sysPass
rm 3.0.5.19020701.tar.gz
rm -rf /var/www/html/sysPass
cp -rf sysPass /var/www/html/.
rm -rf /tmp/sysPass

Move the original syspass config folder that contain “config.xml”, “key.pem” , “pubkey.pem” and “syspass.log” if you want to keep old logs, to the new path

cp /tmp/config/* /var/www/html/sysPass/app/config/.

Change permission to whole folder

chown apache -R /var/www/html/sysPass
chmod 750 /var/www/html/sysPass/app/config /var/www/html/sysPass/app/backup

Be careful at /app/config because contain important information, however you can use .htaccess to make it not accessible to all world (if is on public network).

If selinux is not disabled and is in enforcing mode use those command to allow the program to write its configuration and some other files, so Change SELinux’s context and user

setsebool -P httpd_can_connect_ldap 1
chcon -R -t httpd_sys_rw_content_t /var/www/html/syspass/app/{config,backup,cache,temp}

Go back in the main app folder

cd /var/www/html/sysPass

Download and install composer PHP package manager, used to install and keep up-to-date sysPass dependencies

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === '48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"
php composer.phar install --no-dev

In conclusion restart Apache service

systemctl start httpd.service

Point your browser to https://[ip_or_hostname]/sysPass/index.php   or   https://[ip_or_hostname]/sysPass/index.php?r=login

more information at official RTD official site

—>>> ENJOY!!! <<<—

mm ByYOBIHAT TEAM

Update OTRS from v5.x.x+ to v6.x.x+ on centos7

Hi Tech Guys,

Sometimes OTRS need some care to be up-to-date and secure, than here you can find a right and easy way to update OTRS from v5 to v6 (IMPORTANT: only from any v5.x.x to any v6.x.x)

We recommend to test in a clone or test machine before to move and do any edit in a production environment (avoid disaster please).

The database migration from OTRS 5 to 6 performs significant changes to database tables and data. Be sure that there is enough storage space available to complete the migration. You cannot update from any OTRS version directly to OTRS 6. For example, if you come from OTRS 3.0, you first have to full update to OTRS 3.1, then to 3.2, 3.3, 4, 5 and finally to OTRS 6. If you have any custom Perl or XML configuration files in Kernel/Config/Files, these need to be converted to the new formats supported by OTRS 6 before running the migration script.

Requirements:

-Centos 7.3 server with minimal hardware configuration (depends of your needs).

-ROOT permission on server.

-Internet connection to download all needed packages.

-Good IT basic knowledge and a bit of patience…

Let’s Start!

Stop all services used by the ticketing system before proceding

systemctl stop crond
systemctl stop postfix
systemctl stop httpd

Move in the main path and stop daemon as otrs user

cd /opt/otrs/
su -c "/opt/otrs/bin/otrs.Daemon.pl stop" -s /bin/bash otrs
su -c "/opt/otrs/bin/Cron.sh stop" -s /bin/bash otrs

Backup otrs database and /opt/otrs/ folder, i prefer to keep safe everything on other location than the working server

mysqldump -p otrs > otrsdbbackup.sql
scp root@otrs.yobicloud.local:/root/otrsdbbackup.sql (your local path for backup)
scp -r root@otrs.yobicloud.local:/opt/otrs (your local path for backup)

Rename the old folder because you will need some files of your previous configuration, download the packages of the newer version (in this case the v5.0.21) decompress and rename the folder as the oldest, without the version number

yum update -y
cd /opt/
mv otrs otrs-old
wget http://ftp.otrs.org/pub/otrs/otrs-6.0.14.tar.gz
tar -xzf otrs-6.0.14.tar.gz
mv otrs-6.0.14 otrs

Move your olds config and ticket numbers files, from the backup folder to the new

cp /opt/otrs-old/Kernel/Config.pm /opt/otrs/Kernel/
cp /opt/otrs-old/Kernel/Config/Files/ZZZAuto.pm /opt/otrs/Kernel/Config/Files/

(Optional) If you store article data in the filesystem you have to restore the article folder, or the specified folder in the SysConfig if is tuned

(Optional) 
cp -rf /opt/otrs-old/var/article/ /opt/otrs/var/.

(Optional) Restore already installed default statistics. If you have additional packages with default statistics you have to restore the stats xml files with the suffix *.installed to /opt/otrs/var/stats.

(Optional) 
cd OTRS-BACKUP/var/stats
cp *.installed /opt/otrs/var/stats

Set the permission as root user, will detect the correct user and group settings needed for your setup

cd /opt/otrs/
bin/otrs.SetPermissions.pl

Check if some PERL modules are missing, and install any modules that might be needed for your configuration

/opt/otrs/bin/otrs.CheckModules.pl

The output will be something like this:

o Apache::DBI................................ok (v1.12)
o Apache2::Reload............................ok (v0.13)
o Archive::Tar...............................ok (v1.92)
o Archive::Zip...............................ok (v1.30)
o Crypt::Eksblowfish::Bcrypt.................ok (v0.009)
o Crypt::SSLeay..............................ok (v0.64)
o Date::Format...............................ok (v2.24)
o DateTime...................................Not installed! Use: 'yum install "perl(DateTime)"' (required)
o DBI........................................ok (v1.627)
o DBD::mysql.................................ok (v4.023)
o DBD::ODBC..................................Not installed! (optional - Required to connect to a MS-SQL database.)
o DBD::Oracle................................Not installed! (optional - Required to connect to a Oracle database.)
o DBD::Pg....................................Not installed! Use: 'yum install "perl(DBD::Pg)"' (optional - Required to connect to a PostgreSQL database.)
o Digest::SHA................................ok (v5.85)
o Encode::HanExtra...........................Not installed! Use: 'yum install "perl(Encode::HanExtra)"' (optional - Required to handle mails with several Chinese character sets.)
o IO::Socket::SSL............................ok (v1.94)
o JSON::XS...................................ok (v3.01)
o List::Util::XS.............................ok (v1.27)
o LWP::UserAgent.............................FAILED! Not all prerequisites for this module correctly installed.
o Mail::IMAPClient...........................ok (v3.37)
o IO::Socket::SSL............................ok (v1.94)
o Authen::SASL...............................ok (v2.15)
o Authen::NTLM...............................ok (v1.09)
o ModPerl::Util..............................ok (v2.000010)
o Net::DNS...................................ok (v0.72)
o Net::LDAP..................................ok (v0.56)
o Template...................................ok (v2.24)
o Template::Stash::XS........................ok (undef)
o Text::CSV_XS...............................ok (v1.00)
o Time::HiRes................................ok (v1.9725)
o XML::LibXML................................ok (v2.0018)
o XML::LibXSLT...............................ok (v1.80)
o XML::Parser................................ok (v2.41)
o YAML::XS...................................ok (v0.54)

This is an update, than the installation of other modules are not necessary except for “perl(DateTime)”, because all you need was already installed, until you need to change DB.

The module “perl(DateTime)” is required from version 6 of otrs for the new features, otherwise the installation cannot proceed.

In my case i will not install any DB modules but only the required (note that LWP::UserAgent will be automagically installed after DateTime)

yum install "perl(DateTime)"

You can re-check the modules with the script

/opt/otrs/bin/otrs.CheckModules.pl

and if the missing will be only the DB packages other than your, you can proceed with the migration.

Is time to migrate…

This is required only If you have any custom Perl or XML configuration files in Kernel/Config/Files from previus version and need to be converted to the new formats supported by OTRS 6 before running the migration script more information here.

Important: Kernel/Config/Files/ZZZAuto.pm has been merged into Kernel/Config/Files/ZZZAAuto.pm.

If Between the folder /opt/otrs/Kernel/Config/Files/ and /opt/otrs-old/Kernel/Config/Files/ there are differents files .pm, copy the missing files from /opt/otrs-old/Kernel/Config/Files/ to /opt/otrs/Kernel/Config/Files/ except ZZZAuto.pm, if there are different .XML files, copy them in /opt/otrs/Kernel/Config/Files/

In my case, as you can see in the video i moved the files from my production envirorment to test the migration, you can move it from otrs-old folder if there are.

scp (your local path for backup)xmlotrs/* root@otrs.yobicloud.local:/opt/otrs/Kernel/Config/Files/

OTRS 6 uses a new XML configuration file format and the location of configuration files moved from Kernel/Config/Files to Kernel/Config/Files/XML. To convert existing XML configuration files to the new format and location, you can use the following tool that is part of the OTRS framework:

cd /opt/otrs/
su -c "bin/otrs.Console.pl Dev::Tools::Migrate::ConfigXMLStructure --source-directory Kernel/Config/Files/" -s /bin/bash otrs

Now is time to apply the database changes and update schema as otrs user NOT as root.

cd /opt/otrs
su -c "scripts/DBUpdate-to-6.pl" -s /bin/bash otrs

Last step is to update the installed packages because from OTRS 5 are not compatible with OTRS 6 and have to be updated.

You can use the command below to update all installed packages. This works for all packages that are available from online repositories. You can update other packages later via the package manager from GUI.

cd /opt/otrs/
su -c "bin/otrs.Console.pl Admin::Package::UpgradeAll" -s /bin/bash otrs

Restart your services

systemctl start httpd
systemctl start postfix
systemctl start crond

Start the daemon as otrs user.

su -c "/opt/otrs/bin/otrs.Daemon.pl start" -s /bin/bash otrs
su -c "/opt/otrs/bin/Cron.sh start" -s /bin/bash otrs

delete install packages, my sql backup, and otrs-old folder locate in /opt for the production server, to clean the machine or leave more space.

here the link for the official docs

—>>> ENJOY!!! <<<—

mm ByYOBIHAT TEAM

Update OTRS from v4.x.x+ to v5.x.x+ on centos7

Hi Tech Guys,

Sometimes OTRS need some care to be up-to-date and secure, than here you can find a right and easy way to update OTRS from v4 to v5 (IMPORTANT: only from any v4.x.x to any v5.x.x)

We recommend to test in a clone or test machine before to move and do any edit in a production environment (avoid disaster please).

Requirements:

-Centos 7.3 server with minimal hardware configuration (depends of your needs).

-ROOT permission on server.

-Internet connection to download all needed packages.

-Small IT basic knowledge and a bit of patience…

Let’s Start!

 

Stop all services used by the ticketing system before proceding

systemctl stop crond
systemctl stop postfix
systemctl stop httpd

Move in the main path and stop daemon

cd /opt/otrs
su -c "bin/Cron.sh stop" -s /bin/bash otrs
su -c "bin/otrs.Scheduler.pl -a stop" -s /bin/bash otrs

Backup otrs database and /opt/otrs/ folder, i prefer to keep safe everything on other location than the working server

mysqldump -p otrs > otrsdbbackup.sql
scp root@10.0.0.58:/root/otrsdbbackup.sql /home/user/otrs/.
scp -r root@10.0.0.58:/opt/otrs /home/user/otrs

Rename the old folder because you will need some files of your previous configuration, download the packages of the newer version (in this case the v5.0.21) decompress and rename the folder as the oldest, without the version number

cd /opt/
mv otrs otrs-old
wget ftp://ftp.otrs.org/pub/otrs/otrs-5.0.21.tar.gz
tar -xzf otrs-5.0.21.tar.gz
mv otrs-5.0.21 otrs

Move your olds config and ticket numbers files, from the backup folder to the new

cp /opt/otrs-old/Kernel/Config.pm /opt/otrs/Kernel/
cp /opt/otrs-old/Kernel/Config/GenericAgent.pm /opt/otrs/Kernel/Config/
cp /opt/otrs-old/Kernel/Config/Files/ZZZAuto.pm /opt/otrs/Kernel/Config/Files/
cp /opt/otrs-old/var/log/TicketCounter.log /opt/otrs/var/log/

(Optional) If you store article data in the filesystem you have to restore the article folder, or the specified folder in the SysConfig if is tuned

(Optional) cp -rf  /opt/otrs-old/var/article/ /opt/otrs/var/.

Set the permission for Centos or Red Hat (Webserver with apache user)

cd /opt/otrs
bin/otrs.SetPermissions.pl --web-group=apache

Check if some PERL modules are missing, and install any modules that might be needed for your configuration

/opt/otrs/bin/otrs.CheckModules.pl

The output will be something like this:

o Apache::DBI......................ok (v1.12) 
o Apache2::Reload..................ok (v0.13)
o Archive::Tar.....................ok (v1.92)
o Archive::Zip.....................ok (v1.30)
o Crypt::Eksblowfish::Bcrypt.......Not installed! Use: 'yum install "perl(Crypt::Eksblowfish::Bcrypt)"' (optional - For strong password hashing.)
o Crypt::SSLeay....................ok (v0.64)
o Date::Format.....................ok (v2.24)
o DBI..............................ok (v1.627)
o DBD::mysql.......................ok (v4.023
o DBD::ODBC........................Not installed! (optional - Required to connect to a MS-SQL database.)
o DBD::Oracle......................Not installed! (optional - Required to connect to a Oracle database.)
o DBD::Pg..........................Not installed! Use: 'yum install "perl(DBD::Pg)"' (optional - Required to connect to a PostgreSQL database.)
o Digest::SHA......................ok (v5.85)
o Encode::HanExtra.................Not installed! Use: 'yum install "perl(Encode::HanExtra)"' (optional - Required to handle mails with several Chinese character sets.)
o IO::Socket::SSL..................ok (v1.94)
o JSON::XS.........................Not installed! Use: 'yum install "perl(JSON::XS)"' (optional - Recommended for faster AJAX/JavaScript handling.)
o List::Util::XS...................ok (v1.27)
o LWP::UserAgent...................ok (v6.13)
o Mail::IMAPClient.................Not installed! Use: 'yum install "perl(Mail::IMAPClient)"' (optional - Required for IMAP TLS connections.)
o IO::Socket::SSL................ok (v1.94)
o Authen::SASL...................ok (v2.15)
o Authen::NTLM...................Not installed! Use: 'yum install "perl(Authen::NTLM)"' (optional - Required for NTLM authentication mechanism in IMAP connections.)
o ModPerl::Util....................Not installed! Use: 'yum install "perl(ModPerl::Util)"' (optional - Improves Performance on Apache webservers dramatically.)
o Net::DNS.........................ok (v0.72)
o Net::LDAP........................ok (v0.56)
o Template.........................ok (v2.24)
o Template::Stash::XS..............ok (undef)
o Text::CSV_XS.....................Not installed! Use: 'yum install "perl(Text::CSV_XS)"' (optional - Recommended for faster CSV handling.)
o Time::HiRes......................ok (v1.9725)
o Time::Piece......................ok (v1.20_01)
o XML::LibXML......................ok (v2.0018)
o XML::LibXSLT.....................ok (v1.80)
o XML::Parser......................ok (v2.41)
o YAML::XS.........................Not installed! Use: 'yum install "perl(YAML::XS)"' (required - Very important)

As you can see, all checked modules are followed by a comment that will help you in the installation. Not all modules are necessary to you, for example if you have a my-sql DB (DBD::mysql module already install), the “perl(DBD::Pg)” or “perl(DBD::ODBC)” or  “perl(DBD::Oracle)” are not required to OTRS, instead if you have a PG DB than follow the comments and install with the command shown below, an so on…

 example: yum install "perl(DBD::Pg)"

In my case i will not install any DB modules other than my-sql, but i’ll proceed with the missing tagged like required, optional and recommended needed to me (so analyze your needs before continue and install your needs )

yum install "perl(XML::LibXSLT)" 
yum install "perl(Authen::NTLM)" 
yum install "perl(YAML::XS)"
yum install "perl(Text::CSV_XS)"
yum install "perl(ModPerl::Util)"
yum install "perl(Mail::IMAPClient)
yum install "perl(JSON::XS)"
yum install "perl(Crypt::Eksblowfish::Bcrypt)"

You can re-check the modules with the script:

/opt/otrs/bin/otrs.CheckModules.pl

Now is time to apply the database changes and update schema as otrs user NOT as root.

cd /opt/otrs

cat scripts/DBUpdate-to-5.mysql.sql | mysql -p -f -u root otrs
su -c "bin/otrs.Console.pl Maint::Database::Check" -s /bin/bash otrs
su -c "scripts/DBUpdate-to-5.pl" -s /bin/bash otrs

Always as otrs user delete caches and refresh the configuration

su -c "bin/otrs.Console.pl Maint::Config::Rebuild" -s /bin/bash otrs
su -c "bin/otrs.Console.pl Maint::Cache::Delete" -s /bin/bash otrs

Restart your services

systemctl start httpd
systemctl start postfix
systemctl start crond

Start the daemon as otrs user.

su -c "/opt/otrs/bin/otrs.Daemon.pl start" -s /bin/bash otrs

The defaults OTRS cron files are located in /opt/otrs/var/cron/*.dist, they assicuring that the OTRS Daemon is running. They need to be activated by copying them without the “.dist” filename extension, and than use the script Cron.sh as OTRS user to schedule these jobs.

cd /opt/otrs/var/cron for foo in *.dist; do cp $foo `basename $foo .dist`; done
su -c "/opt/otrs/bin/Cron.sh start" -s /bin/bash otrs

delete the install packages, my sql backup, and otrs-old folder locate in /opt for the production server

here the link for the official docs

—>>> ENJOY!!! <<<—