Performing the Diagnostics Server upgrade silently

Use this procedure to upgrade the BMC Application Diagnostics Server to the latest version, including any feature packs.

  • To upgrade to version 2.6.x, you can upgrade from 2.1.x or later, and then apply the POODLE security patch.
  • To upgrade to Feature Pack 1 (version 2.7.01), you must first upgrade to 2.6.x. Version 2.7.01 includes a POODLE security patch that is automatically applied.

You can upgrade the Diagnostics Server components using the silent upgrade procedure and deploy the silent upgrade to several computers, or you can upgrade each server component using the the upgrade wizard procedure.

Note

After you upgrade the BMC Application Diagnostics Server to the current version, earlier Agents send a health event for recording rules that are not supported by earlier versions. 

When you run the silent upgrade, only the Diagnostics Server component or components that are on the computer are upgraded. After you upgrade components, you can run the silent installation to install components that are not on the computer.

The following topics are presented:

Before you begin

  • Download the following options file with the installation files from the Electronic Product Distribution site to a temporary directory on the Diagnostics Server computer:
    • (Windows) adop-silent-option-upgrade.txt
    • (Linux) adop-silent-option-upgrade
  • Obtain an encrypted root password for the MySQL Database.

  • Back up the database.

    Note

    The upgrade process modifies the database schema. You will need the database backup if you want to revert to the previous version.

To upgrade the BMC Application Diagnostics Server silently

  1. In a command line, navigate to the \ADOPServer\Disk1 folder in the installation file structure.
  2. Open the downloaded options file in a text editor:
    • (Windows) adop-silent-option-upgrade.txt
    • (Linux) adop-silent-option-upgrade

  3. Enter the encrypted root password for the MySQL Database to update the database tables.

    If the root password was not changed since installation, do not change the entered password.

  4. If you did not previously upgrade the MySQL to version 5.6.14, select the data management method for the upgrade:
    • copy(Default) The data directory is copied to the new database.
      If you do not have enough space, a warning is displayed and the upgrade script is aborted.
    • move—The data directory is moved to the new database. The previous database is deleted at the end of upgrade process.

  5. To run the silent upgrade, enter the following command:

    • Windows

      setup.cmd -i silent -DOPTIONS_FILE=adop-silent-option-upgrade.txt

    • Linux

      ./setup.sh -i silent -DOPTIONS_FILE=adop-silent-option-upgrade

     

    Notes

    • The Diagnostics Server log files are located in the following directories:
      • (Windows) %temp%\adopserver_install_log.txt
      • (Linux) /tmp/adopserver_install_log.txt

Encrypting the password for silent Diagnostics Server upgrade

The Maintenance Tool enables you to retrieve an encrypted password, which the Diagnostic Server upgrade utility requires to access the MySQL database. You must use an encrypted password so that it is not exposed in the upgrade options file.

You can run the Maintenance Tool in a GUI or from the command line interface (CLI):

To encrypt a password by using the Maintenance Tool GUI (click here to expand steps)
  1. To open the Maintenance Tool, go to the temporaryDirectory/Disk/utilities directory.
    The temporaryDirectory is the place to which you downloaded the installation files.
  2. Run the ADOPServerMaintenanceTool utility and click the Encrypt tab.
  3. Enter your password in the Password and Confirm Password fields and click Encrypt.
  4. Copy and paste the value from the Encrypted Password field to the adop-silent-option file for the proxy_keystore_password_enc parameter.
     For example, if the encrypted password output is DES\:d70cbe3669602717ce66af37cce7ecf0, modify the proxy_keystore_password_enc parameter as follows:
    -J proxy_keystore_password_enc=DES\:d70cbe3669602717ce66af37cce7ecf0
To encrypt a password by using a CLI (click here to expand steps)
  1. To open the Maintenance Tool, go to the temporaryDirectory\Disk\utilities directory.
    The temporaryDirectory is the place to which you downloaded the installation files.

  2. Run the following command, entering your password for the -password and -confirm_password options:

    • Windows

      ADOPServerMaintenanceTool.cmd -silent -encrypt -encrypt -password=<password> -confirm_password=<password>

    • Linux

      ./ADOPServerMaintenanceTool.sh -silent -encrypt -encrypt -password=<password> -confirm_password=<password>

     

    Note

    If the password contains special characters, use quotation marks. For example:

    • Windows 

      ADOPServerMaintenanceTool.cmd -silent -encrypt -encrypt -password="<password>" -confirm_password="<password>"

    • Linux 

      ./ADOPServerMaintenanceTool.sh -silent -encrypt -encrypt -password="<password>" -confirm_password="<password>"
  3. Copy and paste the output to the adop-silent-option file for your silent installation.
    For example, if the encrypted password output is DES\:d70cbe3669602717ce66af37cce7ecf0, modify the proxy_keystore_password_enc parameter as follows:
    -J proxy_keystore_password_enc=DES\:d70cbe3669602717ce66af37cce7ecf0

To patch the Application Diagnostic Server 2.6.x components for POODLE security vulnerability

This patch repairs the POODLE (Padding Oracle On Downgraded Legacy Encryption) security vulnerabilities for communication between Application Diagnostics Agents for Java and Application Diagnostics Server components. Ensure that you select the Patches tab when you download the installation files for BMC Application Diagnostics.

Extract and replace the required file on the Application Diagnostics Portal, Collector, and Proxy servers, and modify the property files as instructed.

If the Portal, Collector, and APM Proxy are installed on the same computer, replace the file once, otherwise, replace it for each installation.

  1. Stop the service or services.
  2. In the server installation directory, under the common/lib directory, replace common-server.jar with the extracted file from this patch.
    The following file paths show the default installation directory:
    • (Windows) C:\Program Files\BMC Software\BMC Application Diagnostics\common\lib
    • (Linux) /opt/bmc/BMC_Application_Diagnostics/common/lib

  3. In the Portal installation directory, under portal/lib directory, replace the portal.jar with the file in this patch.

    The following file paths show the default installation directory:

    (Windows) C:\Program Files\BMC Software\BMC Application Diagnostics\portal\lib

    (Linux) /opt/bmc/BMC_Application_Diagnostics/portal/lib

  4. Open the properties file for each component in a text editor:
    • Portal: installationDirectory\portal\properties\portal.properties
    • Collector: installationDirectory\collector\properties\collector.properties
    • APM Proxy: installationDirectory\apm-proxy\properties\apm-proxy.properties

  5. For each component properties file, add the following lines for the tomcat.ciphers and the tomcat.ssl.enabled.protocols properties:

    # A comma separated list of encryption ciphers to support for HTTPS connections. Spaces between list items are not allowed.
    tomcat.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA

    #The comma separated list of SSL protocols to support for HTTPS connections. Spaces between list items are not allowed.
    #Default Value: TLSv1,TLSv1.1,TLSv1.2
    tomcat.ssl.enabled.protocols=SSLv2Hello,TLSv1,TLSv1.1,TLSv1.2
  6. Restart the service or services.

 

Warning

After upgrading the Diagnostics Server, the system continues to function with Diagnostics Agents from earlier versions, but the server can no longer receive events from agent version 2.1.x.

BMC strongly recommends upgrading all Diagnostics Agents to the latest version.

Where to go from here

Verifying-the-Diagnostics-Server-upgrade

Upgrading-the-Diagnostics-Agent-for-Java

Upgrading-the-Diagnostics-Agent-for-NET

 

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*