Upgrading silently using the unified product installer

As an alternative to performing an interactive upgrade, you can perform an unattended (silent) upgrade of TrueSight Server Automation on 64-bit Linux and Windows platforms. In a silent installation, you run the unified product installer through a command line.

This topic includes the following sections:

• • Before you begin
  • To upgrade in silent mode
  • Where to go from here

Before you begin

Ensure that your environment meets the requirements discussed in Preparing-for-a-Windows-upgrade-using-the-unified-product-installer and Preparing-for-a-Linux-or-UNIX-upgrade-using-the-unified-product-installer.

To encrypt your database password in preparation for specifying it in the options file (see step 4 below), use the BSAOneClickInstallMaintenanceTool utility provided in the installation package. After extracting the package (step 1 below), you can find this utility in the temporary directory: \Disk1\utility\BSAOneClickInstallMaintenanceTool.cmd (for Windows) or /Disk1/utility/BSAOneClickInstallMaintenanceTool.sh (for Linux).
You can run this utility in the following ways:

• Interactively - Run the utility, enter your password on the Encrypt tab, and click Encrypt
• Silently - Run the following command from the directory where the utility is located:
  
  • (Windows) BSAOneClickInstallMaintenanceTool.cmd -silent -encrypt -encrypt -password=<password> -confirm_password=<password>
  • (Linux) ./BSAOneClickInstallMaintenanceTool.sh -silent -encrypt -encrypt -password=<password> -confirm_password=<password>

To upgrade in silent mode

1. Download and extract the installation package appropriate for the operating system level and hardware platform in a temporary directory. The package follows the naming convention BSA<version>-<platform>.zip, and contains the unified product installation program files.
   Download this package to the host computer of the Application Server that was set up as a configuration server (for more about this type of Application Server setup, see Application Server types). If this is a Linux computer, ensure that it has an RSCD agent installed and running.

1. Extract the RSCDAgent.zip file and copy the rscd folder to one of the following locations before running the unified product installer (The unified product installer uses the RSCD installers while installing or upgrading TrueSight Server Automation in your environment):
   • (Windows) <temporary location>/Disk1/files/installers
   • (Linux) <temporary location>/Disk1/files/installers
     

2. If you are on a Linux machine, assign executable permission to the temporary directory by entering the following command:

   chmod +x -R <temporary directory> 

   In addition, if the temporary directory is at the end of a path (that is, has at least one parent directory), assign read permission to the others class (which includes the bladmin system user) for all directories in the path. To do this, execute the following command on the top-level directory in the path:

   chmod o+r -R <top-level directory>

3. In a text editor, create an options file and define values for the relevant upgrade options. Define each option on a separate line. Below is a list of available upgrade options, by category:SRP authentication
   

   Use the following options to enable access to the Application Server during the upgrade:

   Option	Description of value
   -J BSA_APPSERVER_PROFILE	Name of a profile on the Application Server to use during the upgrade for SRP authentication. The profile that you specify must be associated with the same Application Server where you are performing the upgrade.
   -J BSA_APPSERVER_PROFILE_USER	Name of a user for SRP authentication. For example: -J BSA_APPSERVER_PROFILE_USER=BLAdmin
   -J BSA_APPSERVER_PROFILE_USER_PASSWORD	A valid password for the specified user.

   PXE Server option
   

   Use the following option to specify a list of remote PXE servers during upgrade of TrueSight Server Automation:

   Option

   Description of value

   -J LIST_OF_REMOTE_PXE_SERVER

   A list of PXE servers that reside on hosts that are separate from the current Application Server. This enables the installer to copy installation files to the remote hosts.To specify the remote PXE servers, use the following format:"host1;host2;host3"Use semicolons between hosts, and enclose the full list in quotation marks.Note the following additional scenarios:  If you do not have any PXE server in your TrueSight Server Automation environment, do not use this option. If you have one or more PXE servers in your TrueSight Server Automation environment, but they are not remote (that is, they reside together with the Application Server), specify this option with an empty value: -J LIST_OF_REMOTE_PXE_SERVER=

   Agent options
   

   Use the following options to authorize the installer to install an RSCD Agent on any remote server where an RSCD Agent is not yet installed (as will be detected by the installer during the upgrade):

   Option	Description of value
   -J AGENT_MAPPING_LOCAL_ADMIN_USERNAME	The name of the local super user — root or root-equivalent user on Linux, local Administrator or Administrator-equivalent local user on Windows — to which the RSCD Agent should map incoming connections during the installation.
   -J PSEXEC_SERVER_HOSTNAME	Host name or IP address of the PSExec host computer.
   -J USE_COMMON_CREDENTIALS_FOR _APPSERVERS_WHERE_RSCD_AGENT _NOT_REACHABLE	Whether to use the same credentials (user name and password) to access all remote servers where the RSCD Agent is not yet installed — either true or false.
   The following options are relevant only when USE_COMMON_CREDENTIALS_FOR_APPSERVERS_WHERE_RSCD_AGENT_NOT_REACHABLE=true
   -J REMOTE_CONNECTION_COMMON_USERNAME	The name of a user authorized to establish an SSH connection with all remote hosts where the RSCD Agent is not yet installed.
   -J REMOTE_CONNECTION_COMMON_PASSWORD	A valid password for the specified user name.
   -J REMOTE_CONNECTION_COMMON _CONFIRM_PASSWORD	The password once again, for confirmation.
   The following options is relevant only when USE_COMMON_CREDENTIALS_FOR_APPSERVERS_WHERE_RSCD_AGENT_NOT_REACHABLE=false
   -J LIST_OF_APPSERVER_CREDENTIALS _WHERE_RSCD_AGENT_NOT_REACHABLE	A list of the remote hosts where an RSCD Agent is not yet installed, along with separate credentials for each of these hosts.To specify the hosts and logon credentials, use the following format: "host1,user1,password1;host2,user2,password2" Use commas within each set of credentials (for each separate host). Use semicolons between sets of credentials. Enclose the full list in quotation marks.

   
   
   Additional artifacts 
   Add all or any of the following parameters to upgrade the optional artifacts. By default, these artifacts are not upgraded. Set the value of a parameter to true to upgrade the associated artifact.

   Parameter name	Description
   -J IMPORT_ZIPKITS	ZipKit packages are used for operating systems and common enterprise applications and databases.
   -J IMPORT_BLCONTENT	The blconnect script is used to create groups, folders, and smart groups that are commonly used by organizations.
   -J CREATE_CONTAINER_COMPLIANCE_ARTIFACTS	SCAP container compliance jobs are created.
   -J ENABLE_QUICK_START_PAGE	The Quick Start page supports the common use cases of TrueSight Server Automation.

4. Change directory (cd) to the location where the installation file (setup.exe for Windows or setup.bin for Linux) resides in the temporary directory.

5. Run the installation program with the -i silent option, using the following command. Use an absolute path to the options file. Enclose the path in double quotation marks (" ").
   setup.exe|setup.bin -i silent -DOPTIONS_FILE="<OptionsFilePath>"

   Example

   (Windows)setup.exe -i silent -DOPTIONS_FILE="C:\Program Files\BMC Software\BladeLogic\silentinstall_win_options.txt"

   (Linux) setup.bin -i silent -DOPTIONS_FILE="/opt/bmc/bladelogic/silentinstall_linux_options.txt"

   Note

   If product components are detected during the upgrade on remote Windows machines in the TrueSight Server Automation environment, installers are automatically copied to the C:\BSAInstallerDumpDir directory on the remote machines. These installers are used to automatically upgrade product components on those machines.

   During the upgrade, the original Application Server deployments are backed up. The backup files are stored in <installation directory>/br.

   The installation log file, bsainstallupgrade.log, is stored in %TEMP% (on Windows) or in /tmp (on Linux).

Where to go from here

1. The unified product installer automatically installs agent installer jobs and depot objects such as agent installers and agent bundles that can be used for installing or upgrading agents on servers in the environment. The agent installers, agent bundles, and agent installer jobs are present in the following locations:

   Object	Depot Path	Can be used for
   Installers	/Depot/BMC Maintenance/Agent Installers/	Agent install and upgrade
   Bundles	/Depot/BMC Maintenance/Agent Bundles/	Agent upgrade
   Jobs	/BMC Maintenance/Agent Installer Jobs/	Agent upgrade

   NoteThe agent installer for the Solaris platform requires additional configuration before first use. See Additional information for Solaris installation packages.
   For more information about using these objects, see Installing one or more agents using the TrueSight Server Automation Console and Upgrading-the-RSCD-Agent-using-an-Agent-Installer-Job.
   WarningModifying the name or path of these depot objects may cause errors in the agent installation process.
2. Upgrade any remaining product components that were not upgraded by the unified product installer. 
3. If you adjusted security settings before the upgrade, remember to re-adjust your security settings, based on your unique needs and the IT security policies at your organization.

4. Starting from version 22.2, Server Automation by default restricts access to the Application Server file system by using a low privilege user named bluser for executing external commands. After you upgrade to 22.2, you can allow unrestricted access by updating the BLASAdmin parameter, EnableLowPrivUser in the Appserver module. For more information, see Restricting-access-to-the-Application-Server-file-system.

   Important (Windows)

   Before you run the NSH Script Jobs, Compliance Jobs or External Commands, ensure the following: 

   • The bluser user has Deny log on locally and Log on as a batch job User Rights, and no other rights.
   • If the Deny log on locally and Log on as a batch job User Rights are managed via a GPO, then ensure to update the GPO so that bluser user has these rights in the GPO.
   • Ensure that any groups bluser user belongs to, does not have the Deny log on as a batch job right.

5. When you upgrade to version 23.1, by default, the existing bladelogic.keystore file is not updated with the new cipher suits. If you want to use the new ciphers (which offer stronger security) for the webservices communication, you need to recreate this file and update it manually after upgrade for any customizations done before upgrade.

   To use the latest ciphers, perform the following steps:

   1. Back up the existing bladelogic.keystore file, located in the <installDirectory>/NSH/br/deployments directory.
   2. Recreate the bladelogic.keystore file using the blmkcert utility, located in the <installDirectory>/NSH/bin/blmkcert directory. For more information, see To generate the keystore using blmkcert.
   3. Import your other certificates (for example, certificates for integrations with TSAC, TSO, etc.) from the backed up file into the bladelogic.keystore file.
   4. Copy the bladelogic.keystore file in the <installDirectory>/NSH/br/deployments directory on all the Application Servers in a Multiple Application Server (MAS) environment.
6. Starting from version 21.3, TrueSight Server Automation no longer support 32-bit DLLs when using ActivClient or 90meter for PKI authentication. Therefore, after you upgrade the TrueSight Server Automation console to 21.3 or later, update the sunpkcs11.cfg file to the store the path to the 64-bit DLLs. For instructions, see Implementing-PKI-authentication.
7. If TrueSight Server Automation is integrated with TrueSight Orchestration, enable the HTTPS support for TrueSight Orchestration on TrueSight Server Automation again.