Unable to install 8.1.02 Platform Update: failed to update operating system RPMs

Document ID : KB000057341
Last Modified Date : 14/02/2018
Show Technical Document Details

Solution

Background

The CA API Gateway is engineered to accept Platform Updates that update particular RPM packages on the Gateway appliance for functional and security deficiencies. CA Support distributes these Platform Updates as provided by the engineering team for the API Management suite. Additionally, Platform Updates are released for product updates and single-scope vulnerabilities on an as-needed basis. Installing a particular Platform Update before another particular Platform Update can result in the patching system not installing patches correctly.

For example, take the following patch files:

  1. Layer7_PlatformUpdate_64bit_v8.1-04-24-2014.L7P
  2. Layer7_PlatformUpdate_64bit_v8.1.02.L7P
According to the most updated article for Installing Platform Updates for the Layer 7 Gateway product suite, the Gateway Platform must be upgraded to 8.1.02 before the Platform Security Update for April can be applied. If this process is not adhered to then the patching subsystem may fail.

Presentation

The following error messages may appear if this issue occurs in an environment being upgraded improperly:
Patch ID Layer7_PlatformUpdate_64bit_v8.1.02 (Upgrades the Layer 7 64bit Platform to the 8.1.02 version. This patch requires that the 8.1.0 Platform Update be installed first. It also requires a restart of the Layer 7 Appliance.) is ERROR, last modified on 2014-05-09T11:34:41+0100, Status message is:
/opt/SecureSpan/Appliance/libexec/patch_launcher: line 69: [: /opt/SecureSpan/Controller/etc/l7trustedcerts: binary operator expected
Error installing patch: Error executing patch task: 'doupdate.sh', error message: /tmp/patchertemp7104769468248330164.tmp /opt/SecureSpan/Controller
/tmp/patchertemp7104769468248330164.tmp /opt/SecureSpan/Controller
warning: bind-libs-9.8.2-0.23.rc1.el6_5.1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
Preparing...??????????????? ##################################################
? ? ? ? package openssl-1.0.1e-16.el6_5.7.x86_64 (which is newer than openssl-1.0.1e-16.el6_5.4.x86_64) is already installed
? ? ? ? package kernel-firmware-2.6.32-431.11.2.el6.noarch (which is newer than kernel-firmware-2.6.32-431.5.1.el6.noarch) is already installed
? ? ? ? package kernel-2.6.32-431.11.2.el6.x86_64 (which is newer than kernel-2.6.32-431.5.1.el6.x86_64) is already installed
? ? ? ? package tzdata-2014b-1.el6.noarch (which is newer than tzdata-2013i-2.el6.noarch) is already installed
ERROR?? : failed to update operating system RPMs
There were errors during the patch operation.

Resolution

The resolution of this issue will involve the removal of certain RPMs that are conflicting so that the updated versions can be installed.
  1. Ensure that the following patches are uploaded to the Gateway before proceeding:
  • Layer7_PlatformUpdate_64bit_v8.1.02.L7P (8.1.02 Platform Update)
  • Layer7_PlatformUpdate_64bit_v8.1-04-24-2014.L7P (8.1.0 April Platform Security Update)
  1. Remove the applicable RPMs.

rpm -e kernel-firmware kernel openssl tzdata --nodeps

  1. Reset the Gateway appliance?patch statuses.
rm -rf /opt/SecureSpan/Controller/var/patches/*
rm -rf /tmp/patch*
  1. Exit the privileged shell and re-attempt to upload and install?the 8.1.02 Platform Update
  2. Re-attempt to upload and install the 8.1.0 April Platform Security Update.
  3. Restart the Gateway appliance.
At this point, the Gateway appliance will have had its platform updated to the appropriate version with all of the accompanying RPMs updated correctly.