Environment
Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 1
OES11SP1 May 2014 Scheduled Maintenance Update - 9151
Pure FTP
OES11SP1 May 2014 Scheduled Maintenance Update - 9151
Pure FTP
Situation
One of the updates released with the 'OES11 SP1 May 2014 OES11SP1 Scheduled Maintenance Update', is an update to the Novell Client for Linux (novfs).
The pre-uninstall section for the current novfsd rpm spec file as it is installed in current environments, contains the following section:
As such, updating the 'novfsd' daemon results in the service being stopped and than uninstalled. This sequence of events will change the chkconfig status for novfsd to "off" for all the sytem run levels.
The solution in place is a post-installation script that will re-enable the run-levels for 'novfsd' after the 'OES11 SP1 May 2014 OES11SP1 Scheduled Maintenance Update' has been installed.
Why is this important know ?
One of the key features of the Novell Pure-FTP service is the remote server navigation functionality, and this service is heavily depending on the novfsd daemon.
With the novfsd daemon being disabled when the maintenance patch is applied, this may result in the FTP service not being able to connect to remote servers. FTP failures such as for example "530 Login authentication failed" may be observed, when the steps listed in the resolution section below are not carefully being taken into consideration.
The pre-uninstall section for the current novfsd rpm spec file as it is installed in current environments, contains the following section:
[code]
"sbin/chkconfig --del novfsd >> /dev/null 2>&1 || true"
[/code]
As such, updating the 'novfsd' daemon results in the service being stopped and than uninstalled. This sequence of events will change the chkconfig status for novfsd to "off" for all the sytem run levels.
E.g.:
chkconfig -list|grep novfsd
novfsd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
The solution in place is a post-installation script that will re-enable the run-levels for 'novfsd' after the 'OES11 SP1 May 2014 OES11SP1 Scheduled Maintenance Update' has been installed.
Why is this important know ?
One of the key features of the Novell Pure-FTP service is the remote server navigation functionality, and this service is heavily depending on the novfsd daemon.
With the novfsd daemon being disabled when the maintenance patch is applied, this may result in the FTP service not being able to connect to remote servers. FTP failures such as for example "530 Login authentication failed" may be observed, when the steps listed in the resolution section below are not carefully being taken into consideration.
Resolution
[*] What to do when installing the 'OES11 SP1 May 2014 OES11SP1 Scheduled Maintenance Update' using :
[*] What to do when installing the 'OES11 SP1 May 2014 OES11SP1 Scheduled Maintenance Update' :
The ZCM patching mechanism delivers patches in a different manner than earlier mentioned script based solutions , and as such is not able to execute any pre- or post patch installation scripts that come with the patch.
Therefor, when patching your servers with the 'OES11 SP1 May 2014 OES11SP1 Scheduled Maintenance Update' using ZCM, there is a manual action _required_ from the administrator which is to manually re-enable the novfsd service in the appropriate system run-levels.
The command '/sbin/chkconfig --add novfsd' needs to be run as root _before_ the server is rebooted.
[*] When using the Pure-FTP service and the Remote Server Navigation functionality, please do _not_ install the 'OES11 SP1 May 2014 OES11SP1 Scheduled Maintenance Update' during production hours with the intention to for example restart the server at a later and more convenient time, as this action will affect the FTP services based on the explanation above.
- zypperIt is advised to restart the server directly _after_ installing the 'OES11 SP1 May 2014 OES11SP1 Scheduled Maintenance Update', since the post installation script will automatically re-enable the novfsd service for the appropriate run-levels, and restarting the server directly after patching will ensure the affected services will properly be restarted again, as such preventing any possible FTP login or other dependent FTP service failures.
- YaST online update.
- SUSE Manager.
[*] What to do when installing the 'OES11 SP1 May 2014 OES11SP1 Scheduled Maintenance Update' :
- using Novell ZENworks Configuration Management (ZCM).
The ZCM patching mechanism delivers patches in a different manner than earlier mentioned script based solutions , and as such is not able to execute any pre- or post patch installation scripts that come with the patch.
Therefor, when patching your servers with the 'OES11 SP1 May 2014 OES11SP1 Scheduled Maintenance Update' using ZCM, there is a manual action _required_ from the administrator which is to manually re-enable the novfsd service in the appropriate system run-levels.
The command '/sbin/chkconfig --add novfsd' needs to be run as root _before_ the server is rebooted.
[*] When using the Pure-FTP service and the Remote Server Navigation functionality, please do _not_ install the 'OES11 SP1 May 2014 OES11SP1 Scheduled Maintenance Update' during production hours with the intention to for example restart the server at a later and more convenient time, as this action will affect the FTP services based on the explanation above.
Additional Information
Note 1 :
This is specific to Open Enterprise Server 11 SP1 and does not apply to Open Enterprise Server 11 SP2.
Note 2:
As stated, this warning is relevant when the remote server navigation functionality is configured.
When in doubt, it is possible to verify if the remote server navigation functionality is enabled, by checking for the 'remote_server' is "yes" parameter in the '/etc/pure-ftpd/pure-ftpd.conf' configuration file.
This is specific to Open Enterprise Server 11 SP1 and does not apply to Open Enterprise Server 11 SP2.
Note 2:
As stated, this warning is relevant when the remote server navigation functionality is configured.
When in doubt, it is possible to verify if the remote server navigation functionality is enabled, by checking for the 'remote_server' is "yes" parameter in the '/etc/pure-ftpd/pure-ftpd.conf' configuration file.