Linux-UNIX: Upgrading an S-TAP agent with GIM Setup by Client

Use the GIM tool to upgrade your S-TAP agent.

Before you begin

Verify the following before you begin.

About this task

  • Before starting a GIM Set up by Client upgrade, you can check whether any of the database servers need to be rebooted during the S-TAP upgrade. This check is for GIM Set up by Client upgrades only; it does not cover any other upgrade scenarios. If the bundles were installed from the managed unit, run the S-TAP Agent Upgrade Pre-Check report on the managed unit. If all clients are managed by the central manager (all GIM clients point to the central manager, which is best practice and the recommended setup), run the S-TAP Agent Upgrade Pre-Check report from the central manager. The reboot status of GIM clients that point to a managed unit is not captured in a report that is run on the central manager. Verify that the GIM agent is installed on the database server before you run the report. (None of the other modules or bundles need to be installed). All database servers that are listed in the report will need reboot. Reboot is required in this scenario:
    • Upgrading with a non-live upgrade (KTAP_LIVE_UPGRADE=N), irrespective of whether the source and target versions are the same.
  • To upgrade from a shell installed S-TAP to a GIM-controlled S-TAP: Upgrade the S-TAP using shell, to the target version. Then install the bundle-GIM STAP installer. Reboot is not required.
  • In a GIM upgrade, there are two scenarios you must avoid: A-TAP users are active (causing the upgrade to fail), and maintenance is running on the databases. A typical scenario is: database server maintenance is planned for 12 midnight and you want to upgrade the S-TAP at 1AM. Use this general flow to successfully upgrade your S-TAPs.
    1. Schedule your upgrades with GIM.
    2. Disable any GIM upgrades from deploying: configurator.sh --delayed_bundle_deployment enable
    3. Wait for the database maintenance to complete.
    4. Check if A-TAP users are active (assuming the DBs are down, disable them if there are any): <GIM INSTALL DIR>/ATAP/current/files/bin/guardctl list-active
    5. Enable GIM upgrades: configurator.sh --delayed_bundle_deployment disable

Procedure

  1. Upload the S-TAP module for upgrade.
    1. On the Guardium system, go to Manage > Module Installation > Upload Modules.
    2. Click Choose File and select the S-TAP upgrade module.
    3. Click Upload to upload the module to the Guardium system.
      The module is listed in the Import Uploaded Modules table.
    4. In the Import Uploaded Modules table, click the checkbox next to the S-TAP module you want to upgrade to.
      The module is imported and made available for upgrade. After the module is imported, the Upload Modules page is reset and the Import Uploaded Modules table is empty.
  2. Go to Manage > Module Installation > Set up by Client.
  3. In the Choose clients section, select the database servers where you want to update software. Select individual clients with the checkboxes in the table, or use the Select client group menu to select a group of clients.
    Click Next to continue.
  4. In the Choose bundle section, use the Select a bundle menu to identify your upgrade version. Click Next to continue.
  5. Optional: You can modify the flex load mechanism with the parameter KTAP_ALLOW_MODULE_COMBOS in the Choose parameters section. This parameter applies to all servers unless you specify values individually in the Configure clients section.
  6. Click Upgrade to begin the software upgrade. Or use the date picker icon to schedule the installation, then click OK to continue.
  7. To create the Guardium API syntax for the current configuration in the Setup by Client, click Generate GuardAPI. If enough information is available, it generates API commands for multiple clients in the GuardAPI commands dialog. If there isn't enough information, it shows a default template.

What to do next

In the Success popup, click Show Status to open the Status window to monitor the software upgrade. Click Refresh to refresh the results. If an upgrade has a failed status, click Uninstall if you see the button, otherwise, click Reset connection. You can also view the status of the module upgrade by reviewing the report at Manage > Reports > Install Management > GIM Clients Status.

Verify that the S-TAP is communicating with the Guardium system by browsing to Manage > Activity Monitoring > S-TAP Control and reviewing the S-TAPs status and configuration.