Symptoms
Your organization has a tight security policy that mandates a firewall which blocks any external traffic, including that from your SoftNAS instance to/from the outer world. This is preventing receipt of necessary updates.
Purpose
The purpose of this document is to outline the steps required to maintain access to the required IPs for SoftNAS updates without compromising the tight security requirements of organizational policy.More details on our latest releases can be found in Release Notes: repositories
Note: If upgrading from 4.3.0 to 4.3.1 please refer to Section A.
Note: If upgrading from pre-4.3.0 to 4.3.1 or later please refer to Section B.
Note: SoftNAS recommends a reboot of your system be performed prior to performing a system upgrade. This ensures that the upgrade is performed on a stable system.
Note: In addition to this KB; If you are upgrading a HA pair please refer to the link here /wiki/spaces/SD/pages/92999399
Warning: If putting only one node into maintenance mode, synchronization need not occur. If both HA nodes need to be placed into maintenance, a forced synchronization will need to occur.
Resolution
Our goal here, as mentioned, is to translate the mirroring system to a fixed URL or set of URLs that we can use when configuring any firewall. If you have already installed SoftNAS in a secure VPC and are unable to open HTTP traffic to the outside world to proceed with the following steps
Section A: Upgrading from 4.3.0 to 4.3.1 or Later
- Please whitelist the following domains/IPs
# softnas.com IP: 54.88.117.35/32
# mirror.softnas.com IP: 184.73.232.53/32 - Next, you can test the above changes by running the commands below and if your firewall is properly configured you should be able to get some feedback as the screenshot below:
curl -k https://softnas.com
curl -k https://mirror.softnas.com - If steps 2 was successful please head over to Storage Center → Settings → Software updates to begin the upgrade process. If not please check your firewall and network traffic and try step 2 again
Section B: Upgrading from Pre-4.3.0 to 4.3.1 or Later
- This additional step is required for pre-4.3.0 to 4.3.1 or later. that said, please cd into the repo directory
# cd /etc/yum.repos.d - Next, create the repo below
# vim softnas-remi.repo
Paste the content below:[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=https://mirror.softnas.com/epel/6/$basearch
failovermethod=priority
enabled=1
gpgcheck=0[remi-safe]
name=Safe Remi's RPM repository for Enterprise Linux 6 - $basearch
baseurl=http://mirror.softnas.com/remi/enterprise/6/safe/$basearch/
enabled=1
gpgcheck=0[remi-php72]
name=Remi's PHP 7.2 RPM repository for Enterprise Linux 6 - $basearch
baseurl=http://mirror.softnas.com/remi/enterprise/6/php72/$basearch/
enabled=0
gpgcheck=0 run yum repolist to update the cache
# yum repolist- Complete the upgrade process as directed in Section A