How To Upgrade Shield - Legacy Mode

Ericom Shield comes with a built-in Upgrade mechanism. This makes the process of upgrade much simpler as essentially it is an in-place upgrade, no need to uninstall / reinstall new versions.

The upgrade is done seamlessly, component by component. The process works as follows: the orchestrator checks if a certain component has a newer version and if one is found then the component is upgraded to it.

Once the upgraded component is up and running, the orchestrator continues to check all the other components and upgrades each one where it finds a newer version.

If the upgrade fails for some reason, the upgrade process is stopped and rolled back to the last functioning version.

In addition, there is an Auto Update service. This service allows the system to be always up-to-date with the latest changes.

When the Auto Update service is enabled (see below), the upgrade happens in the background. The service checks for updates and once an update exists, the service runs and upgrades the environment to the latest version.

During the upgrade process, whether initiated manually or automatically, components are switched instantly with little or no downtime.

The Shield system uses the Auto Update mechanism to keep itself updated when the system is running.

Manual Upgrade

Note

Commands should be run as default user. Do not use sudo su since it should NOT be run as root. Instead use the syntax sudo <command> <parameters>.

To initiate an upgrade manually, enter the following commands:

cd /usr/local/ericomshield
sudo wget ericom.com/shield/updater.sh
sudo chmod +x updater.sh
sudo ./updater.sh sshkey
sudo ./updater.sh

Advanced Configuration

The Shield updater service runs in the background and is started each time the host machine is started. Check the status of this service at any time using the following command:

sudo service ericomshield-updater status

The Shield updater service can be stopped with this command:

sudo service ericomshield-updater stop

And started with this command:

sudo service ericomshield-updater start

The service checks for a file in the ericomshield folder and will only start the update process if the file exists. The easiest way to control auto updates, is to add or remove the hidden file.

To enable the Auto Update service, run the following commands:

sudo su
echo "ES_AUTO_UPDATE" >> /usr/local/ericomshield/.autoupdate

To disable the Auto Update service, run the following command:

sudo rm /usr/local/ericomshield/.autoupdate

Note

.autoupdate is a hidden file. To see if the file exists enter the following command: sudo ls /usr/local/ericomshield/ -a

Update Shield Certificate

For existing Shield systems that require Shield certificate update, please follow these steps:

1. Download the updated certificate from here.
2. Create a new GPO (or update the existing one) as described here to use this certificate.
3. In the Admin | Settings | SSL select the Restore Shield Default Certificates option.

Updated certificate is installed to all users.

Troubleshooting Of Upgrade Failure

If, for some reason the upgrade process fails, please check the lastoperation.log file (in the same folder) for additional information.

Upgrade Failed: Pre-Installation Checks

If the service failed due to the pre-installation checks, try to solve the issues that were found in these checks. However, it is possible to run the service again, excluding these checks. Run the same command, this time use the --no-check argument to avoid executing these pre-installation checks.

It is also possible to follow these steps:

1. Stop the Shield updater service:

   sudo service ericomshield-updater stop
   

2. Download the latest deployment file and run it, using the following commands:

   cd /usr/local/ericomshield
   sudo wget ericom.com/shield/setup.sh
   sudo chmod +x setup.sh
   sudo ./setup.sh -force
   

The process should complete with a message similar to the one shown below:

Ericom Shield Version: - SHIELD_VER=(# version info) is up and running

Upgrade Failed: SSL Certificate

If the upgrade failed with the following error:

HTTPSConnectionPool(host='raw.githubusercontent.com', port=443): Max retries exceeded with url: /EricomSoftwareLtd/Shield/master/Setup/shield-version.txt (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:847)'),))

Run the following commands:

sudo python3 -m pip install 'urllib3<1.25' --force-reinstall
sudo ./updater.sh

Upgrade Failed: Missing Admin Data

If, after upgrading Shield there is missing data in the Administration Console, use the Restore service:

cd /usr/local/ericomshield
sudo ./restore.sh

Upgrade CDR Version

During Shield upgrade, make sure the installed CDR solution version is the one recommended to be used with the new Shield version, according to this list. If current CDR installation should be upgraded as well, uninstall current version and install the recommended version:

• Go to the selected version download folder and download all files locally.
• Run and install all packages included in the installation. Click Next until installation is complete.