Hi Mark, On 04/17/2012 10:11 AM, Mark Holmes wrote: > I'm in the middle of upgrading a 2.2.0 installation to 3.3.1 > > I've been working my way through the upgrade guide > http://mtn.inverse.ca/revision/file/31606a1f3090d583a80c7c6b0fff6796b69e9a37/pf/UPGRADE >
New UPGRADE guide is available here since our migration to git: https://raw.github.com/inverse-inc/packetfence/stable/UPGRADE You'll be *at least* missing another SQL schema update. We have updated the reference to the guide in our news entry on the website. Is there another location I need to update?.. Ahh the FAQ entry. I'll do that one later today. Anything else? > and have completed all the steps I think I need (upgrading schema, adjusting > custom.pm etc etc) > > When I do a sanity check of the config (./pfcmd checkup or on starting > PacketFence) I get > > FATAL - invalid network type registration for interface eth0.0050 > FATAL - unknown configuration parameter scan.ssl if you added the parameter > yourself make sure it is present in conf/documentation.conf > FATAL - Uncaught exception while trying to identify authentication::ldap > module version: Can't locate object method "new" via package > "authentication::ldap" at /usr/local/pf/lib/pf/pfcmd/checkup.pm line 676, > <DATA> line 225. > WARNING - Violation 1100005 is ignored: Invalid trigger id: VENDORMAC::9078 > at /usr/local/pf/lib/pf/trigger.pm line 211. > WARNING - Violation 1100001 is ignored: Invalid trigger type (scan) at > /usr/local/pf/lib/pf/trigger.pm line 202. > > I have looked through the upgrade guide and can't figure out what I need to > change here - what should type=registration be changed to in pf.conf? type=internal enforcement=inline type=registration is for conf/networks.conf. type=vlan-registration is the new name that won't issue warnings. > > I can't find scan.ssl - according to the upgrade guide that's OK but I'm > seeing the error listed above " unknown configuration parameter scan.ssl" etc > get rid of [scan] ssl=... statement from your conf/pf.conf. It's deprecated. > - Scan configuration changes > - scan.ssl no longer exists, get rid of it, it never really did anything > since 1.8.3. > I can't find any reference in the upgrade guide as to why I might be getting > the other errors either. > Your LDAP module will need to be migrated to an object. The related entry is this one: > - Changes to authentication modules API > - $name is now a package global (declared with our) instead of a local > variable. > - authenticate returns only a true or false value. Errors meant for > users > should be set with $this->_setLastError("string") in authenticate() > sub. > - Some modules will require the import of pf::config. Add to the use > section on top: use pf::config qw($FALSE $TRUE); > Once the migration done, bump $VERSION to 1.10. You will *not* have to do > this if you made no customization to the conf/authentication/... files. > > - Authentication modules interface change > All authentication modules (conf/authentication/*) were migrated into > objects. Please carefully merge any module you were using by comparing > the .rpmnew version and your version. If you are unsure, replace your > module with the .rpmnew one and re-apply configuration parameters > afterwards. If you know you where not doing anything fancy with it, just move over your LDAP settings to the .rpmnew file and rename it to ldap.pm Unsure about the VENDORMAC trigger.. I bet you have an extra empty space at the end of the line. If it's the case let me know I'll fix the parser to deal with it. Trigger type scan is now either openvas or nessus. Here's the related entry: > - new trigger types (no more scan type) > The trigger type "Scan" has been removed to leave place to two new types > (Nessus and Openvas). Due to that change, modification to existing > violations.conf is required to change all existing "Scan" type to > "Nessus". > You can run the following command that will do the job. Make sure to > backup > your existing violations.conf file. > /usr/bin/perl -p -i -e "s/Scan::/Nessus::/ig" > /usr/local/pf/conf/violations.conf Any specific suggestions on making upgrades smoother while minimizing impacts on our operations are more than welcome! -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
