Are there any fixes or just new stuff ?
David
Cybersecurity
DevOps Cloud
IT Operations Cloud
If an answer to your question is correct, click on "Verify Answer" under the "More" button. The answer will now appear with a checkmark. Please be sure to always mark answers that resolve your issue as verified. Your fellow Community members will appreciate it! Learn more
Are there any fixes or just new stuff ?
David
any fixes solved, any bugs also open, any new bugs and trouble
a never ending story...
sorry, this is the verity!
we see also that python is a problem on oes, removing python2.7 was a little success, but then we had found script file or service files with pyhton and not pyhton3
Don't touch a running system...
Unfortunately on one of our servers this update was applied.
The effect - after several manual adaptations - now is, that iManager is unusable on that server, due to a java version mismatch with the eclipse packet used by iManager.
But, if you have umc-server installed and running on any server first look into /etc/ssl/servercerts, if the elliptic curve certificate serverECcert.pem and key serverECkey.pem are present there. Out of three servers only one (which was freshly installed as OES 2023) had those in this place, despite the fact, that all servers have those server certificates in eDirectory.
OES 24.1.1 adds the redis@umc.service to the umc-server and this relies only on these EC certificates. You can change the certificates used in the configuration file, but - these certificates are hard coded in the startup and config script for umc-server instead of taking the values of the configuration file and use those, which would give users the possibility to exchange certificates easily. This type of scripting is typically for test and preliminary uses, which seem to be the new OT standard for software releases.
You can quite easily put the needed certificate and key in this place - but I doubt, that those will be updated, if you update your server certificates.
And since this update iManager opens with an empty page and novell-tomcat shows the following errors:
SEVERE [ajp-nio-127.0.0.1-9009-exec-4] org.apache.catalina.core.ApplicationDispatcher.invoke Servlet.service() for servlet [jsp] threw exception
java.lang.UnsupportedClassVersionError: JVMCFRE199E bad major version 55.0 of class=org/eclipse/jdt/internal/compiler/env/INameEnvironment, the maximum supported major version is 52.0; offset=6
.....
Ups, I;m lucky one, I have UMC on separate server.
David
Same here. How to fix it?
Where do I get this serverECkey.pem certificate?
by generating certificates with imanager on server objects!
the files can be found on /etc/ssl/servercerts/serverECkey.pem, serverECcert.pem, servercert.pem, serverkey.pem
But take a look before on the place from this certificates and the symbolic links! I had false or older sym links, that i must replace manually
you can configure umc with yast2 umc or yast umc, verify this before generating new certificates...
Ditto here. Ughh. This is all reminding me of the migration from C1 to mangler. Took so long before it was usable. There are still too many things not there to kill something. Why are they forcing us at the point. If you find a bug they will not talk yo you unless you update first. Ok you update and then something else breaks. Never ending story and it just gets worst.
Since the 24.1 Update broke the UMC the 24.1.1 Release made it work again and it works fine on a OES running as a VM with TWO cores 8 GB RAM ALL features installed. In this case I must frankly say "Good work". Finally after several restarts for testing stability UMC ever worked fine. Some good news! And finally the OES Storage Services brought back my crashed disk. Some start sectors had been corrupted but by a not thoroughly performed research I can't explain why the disk works again and ALL my SYS*-Volumes are back.!
How do you got the serverECkey file created at /etc/ssl/servercerts/ ?
By exporting the certificate via iManager as *.pfx file. Afterwards you can extract the certificate and the key via openssl at the server itself or via any other certificate manipulation program on another computer. If you extract the certificate via e.g.:
openssl pkcs12 -in /*xx.pfx -nodes -clcerts -out /*xxcert.pem
you get a text file, which contains the key and the certificate concatenated. You then just need to divide this file into the *key.pem and the *cert.pem files to get your corrrect key and certificate files.
Yes , this worked. But why are this files not created automatically? This server is updated several times. At the new servers all certs are available at the filesystem.