Sentinel 7 Patch process fails with scriplet failed, exit status 1

  • 7011336
  • 08-Nov-2012
  • 06-Dec-2012

Environment

NetIQ Sentinel 7.0.x Sentinel Server

Situation

The zypper update for 7.0.2 fails with the following error;

error: %postun(novell-Sentineldb-SLES-7.0.1.0-652.x86_64) scriptlet failed, exit status 1
Abort, retry, ignore? [a/r/i] (a): r
Installing: novell-Sentineldb-SLES-7.0.2.0-664 [done]
Additional rpm output:

Resolution

The following steps are results of the configure.sh command. Each step has the required input specified so that the only configuration that should be changed is the dbauser password. If these steps are not followed properly there is a chance Sentinel will not work properly after completion. If there are any questions on this procedure, please call NetIQ technical support.
 
1.Run the configure.sh script E.g. /opt/novell/sentinel/setup # ./configure.sh
===============================================================================
Sentinel Configuration
===============================================================================

A list of questions will now be presented.
Your answers to these questions will be used to configure Sentinel for this
server.

1. Standard configuration
2. Custom configuration

Select the configuration method [1] => 2

1. Use a default 90-day evaluation license key
2. Enter a purchased license key for Sentinel
3. Keep the currently installed license

Select a license method [3] => 3
===============================================================================

The "admin" user is the identity used for initial and subsequent administration
tasks through the Sentinel user interface, including the creation of other user
accounts.

User "admin" has an existing password.

1. Keep the existing password
2. Enter a new password

Select what you want to do [1] => 1
===============================================================================

The "dbauser" user is the identity used by Sentinel configuration commands to
interact with the database. The password you enter here can be used to perform
database maintenance tasks, including resetting the "admin" password if the
"admin" password is forgotten or lost.

User "dbauser" has an existing password.

1. Keep the existing password
2. Enter a new password

Select what you want to do [1] => 2

Enter the password for dbauser... => NewPassword
Confirm the password for dbauser: => NewPassword
===============================================================================

The "appuser" user is an internal identity used by Sentinel Java process to
establish connection and interact with the database. The password you enter
here can be used by Sentinel Java process to perform database tasks.

User "appuser" has an existing password.

1. Keep the existing password
2. Enter a new password

Select what you want to do [1] => 1

===============================================================================

The following menu allows you to change port assignments for Sentinel services.

1. Web Server (8443)
2. Java Message Service (61616)
3. Client Proxy Service (10013, 10014)
4. Database Service (5432)
5. Security Intelligence Database Service (27017)
6. Java Management Extensions (1099, 2000)
7. Done

Select a Sentinel service, or select 'Done' [7] => 7
===============================================================================

Sentinel can authenticate users using its internal database or using an
external LDAP directory. The choices presented below allow you to select the
authentication method.

1. Modify to use database authentication only
2. Use the existing LDAP authentication configuration
3. Edit the existing LDAP authentication configuration

Specify what you would like to do [2] => 2
 
Stopping Sentinel...


Stopped Sentinel.
Starting Sentinel...
Waiting for the Security Intelligence database to start...
Sentinel is running.

===============================================================================

To begin using Sentinel, direct your Web browser to:

https://Sentinel_Server_name:8443

Login parameters are:

Username: admin
Password: <Use the password you entered above>

This URL will be available after the server starts. This might take a few
minutes.
To determine if the server is ready for connections, use the following command:

netstat -an | grep 'LISTEN ' | grep 8443

===============================================================================
Sentinel configuration is complete.
===============================================================================

Cause

While PostgreSQL supports special characters in the password, we store a hash of the password in a hidden file for use within internal processes and scripts. When the hidden file is read the password cannot be parsed correctly thus causing the problem with the Upgrade/Patch process as well as other script usage. Special Characters that can cause problems include '$', '_', & '!'.

Additional Information

The above steps must be followed precisely so that the dbauser password is properly changed in all locations.  If these steps are not followed, you may lose some functionality within sentinel.