Network Guys

Share your knowledge!

Rescue Sophos UTM HA Slave Node with manual update

Last week I needed to reinstall one node within a Sophos UTM HA system. The new node had three missing updates, compared to the live system. I reconfigured the HA configuration to “automatic” and connected both UTMs together at the HA interface. They could see each other but the slave device couldn’t get updates. So I needed to install the updates manually. This was my situation:

<M> utm:/root # ha_utils
– Status ———————————————————————–
Current mode: HA MASTER with id 1 in state ACTIVE
— Nodes ———————————————————————–
MASTER: 1 Node1 198.19.250.1 9.407003 ACTIVE since Mon Oct 10 13:17:26 2016
SLAVE: 2 Node2 198.19.250.2 9.357001 UP2DATE since Mon Oct 10 13:17:43 2016
— Load ————————————————————————
Node 1: [1m] 1.12 [5m] 0.96 [15m] 0.93
Node 2: [1m] 0.02 [5m] 0.05 [15m] 0.06

– Kernel ———————————————————————–
Current mode: enabled master
interface: eth3
Local ID: 198.19.250.1
debug: off
verbose: off
ppp sync: off
port smtp: 25
port pop3: 8110
port ftp: 2121

– PostgreSQL ————————————————————————
(N/A)

I tried to connect via SSH but I got always this error message:

<M> utm:/root # ha_utils ssh

Connecting to slave 198.19.250.2
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
40:5d:86:75:60:74:60:47:7e:53:78:1f:e6:20:a2:e0 [MD5].
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /etc/ssh/ssh_known_hosts:22
ECDSA host key for 198.19.250.2 has changed and you have requested strict checking.
Host key verification failed.

I renamed the trustet hosts file to establish a new connection:

<M> utm:/root # mv /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts_backup
<M> utm:/root # ha_utils ssh

Connecting to slave 198.19.250.2
The authenticity of host ‘198.19.250.2 (198.19.250.2)’ can’t be established.
ECDSA key fingerprint is 40:5d:86:75:60:74:60:47:7e:53:78:1f:e6:20:a2:e0 [MD5].
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘198.19.250.2’ (ECDSA) to the list of known hosts.
loginuser@198.19.250.2’s password:

I downloaded the specific update files to the tmp-folder of the master UTM:

<M> utm:/tmp # mkdir my-updates
<M> utm:/tmp # cd my-updates/
<M> utm:/tmp/my-updates # wget ftp://ftp.utm.de/UTM/v9/up2date/u2d-sys-9.357001-404005.tgz.gpg
<M> utm:/tmp/my-updates # wget ftp://ftp.utm.de/UTM/v9/up2date/u2d-sys-9.405005-406003.tgz.gpg
<M> utm:/tmp/my-updates # wget ftp://ftp.utm.de/UTM/v9/up2date/u2d-sys-9.406003-407003.tgz.gpg

after this I copied the files via SCP to the slave unit:

<M> utm:/tmp/my-updates # scp u2d-sys-9.357001-404005.tgz.gpg loginuser@198.19.250.2:/tmp
<M> utm:/tmp/my-updates # scp u2d-sys-9.405005-406003.tgz.gpg loginuser@198.19.250.2:/tmp
<M> utm:/tmp/my-updates # scp u2d-sys-9.406003-407003.tgz.gpg loginuser@198.19.250.2:/tmp

then I moved all files to the sys-folder and installed the updates:

<M> utm:/tmp/my-updates # ha_utils ssh
<S> utm:/tmp # mv u2d-sys-9.357001-404005.tgz.gpg /var/up2date/sys/u2d-sys-9.357001-404005.tgz.gpg
<S> utm:/tmp # mv u2d-sys-9.405005-406003.tgz.gpg /var/up2date/sys/u2d-sys-9.405005-406003.tgz.gpg
<S> utm:/tmp # mv u2d-sys-9.406003-407003.tgz.gpg /var/up2date/sys/u2d-sys-9.406003-407003.tgz.gpg
<S> shb:/var/up2date/sys-install # auisys.plx

after a restart and the sync process, the cluster works again properly:

<M> utm:/tmp/my-updates # ha_utils
– Status ———————————————————————–
Current mode: HA MASTER with id 1 in state ACTIVE
— Nodes ———————————————————————–
MASTER: 1 Node1 198.19.250.1 9.407003 ACTIVE since Mon Oct 10 13:17:26 2016
SLAVE: 2 Node2 198.19.250.2 9.407003 ACTIVE since Tue Oct 11 09:22:33 2016
— Load ————————————————————————
Node 1: [1m] 0.98 [5m] 1.60 [15m] 2.03
Node 2: [1m] 0.18 [5m] 1.12 [15m] 1.18

– Kernel ———————————————————————–
Current mode: enabled master
interface: eth3
Local ID: 198.19.250.1
debug: off
verbose: off
ppp sync: off
port smtp: 25
port pop3: 8110
port ftp: 2121

– PostgreSQL ————————————————————————
primary | standby | lag | bytelag
———+———+————–+———-
1 | 2 | 00:00:00.5 | 0

Leave a Reply

Click on the button to load the content from jetpack.wordpress.com.

Load content

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Certificates

ekahau Certified Survey Engineer
ATP_wsrgb
ACMP2
suca
Post Categories
Post Archives