How can the embedded Java version be upgraded independently in the Veritas Operations Manager Unix product version 6.1 from Veritas?
Problem
Java is embedded within the Veritas Operations Manager (VOM) application and requires manual steps to upgrade to work with the application.
Error
There are many scans that can alert to vulnerabilities in a Java / JRE version and a patch would be required to upgrade the VOM application to the latest available Java version from Oracle.
Environment
Red Hat Enterprise Linux 5.5+, 6.x+ and Suse Linux Enterprise Server 10 SP2, 11.x hosting the VOM Central Management Server.
As noted in the compatibility guide
Java / JRE from Oracle
VOM 6.1
Cause
Java / JRE is embedded within the VOM application and the installer for Java updater updates a standalone installation
Solution
Note: There are multiple Unix versions available for the Central Management Server (CMS) in VOM. Please select the Java binaries for your version to collect the proper files.
Supported OS:
These versions of the JRE list for Unix are supported on:
Red Hat Enterprise Linux 5.5+, 6.x+ and Suse Linux Enterprise Server 10 SP2, 11.x
Download the latest jre and cryptographic jars from Oracle Jre download site:
http://www.oracle.com/technetwork/java/javase/downloads/index.html picking the version desired with the latest patches desired.
Installation:
As example the 8u66 version but yours may be newer by the time you reference this article.
#### VOM CS 6.1 is running in the test lab.
[root@VxArray12 tmp]# rpm -qa | egrep -i sfm
VRTSsfmcs-6.1.0.0-0
VRTSsfmh-6.1.0.0-0
[root@VxArray12 tmp]# /opt/VRTSsfmh/bin/vomadm service --status ALL
Veritas Operations Manager Services:
Web Server.................................................................[RUNNING]
Authentication Service.....................................................[RUNNING]
Messaging Service..........................................................[RUNNING]
Database Service...........................................................[RUNNING]
Distributed Command Line Daemon............................................[RUNNING]
Watchdog...................................................................[RUNNING]
SNMP Trap Service..........................................................[RUNNING]
#### Procedure steps #######
- Download the Java SE Runtime Environment 8u66
go to http://www.oracle.com/technetwork/java/javase/downloads/index.html
click download JRE
Java SE Runtime Environment 8u66
download - Linux x64 68.4 MB jre-8u66-linux-x64.tar.gz
- Download Java Cryptography Extension (JCE)
go back to http://www.oracle.com/technetwork/java/javase/downloads/index.html
scroll down to download
Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for JDK/JRE 8
jce_policy-8.zip
1] The following steps can be performed in either order.
# tar zxvf jre-8u66-linux-x64.tar.gz
2] Rename the extracted directory "jre1.8.0_66" to "jre"
# mv jre1.8.0_66 jre
3] Update the cryptographic jars
a) Unzip jce_policy-8.zip
This contains two jars in UnlimitedJCEPolicyJDK8
- local_policy.jar
- US_export_policy.jar
b) Copy the above two jars from UnlimitedJCEPolicy/ to jre/lib/security/
4] Backup the current jre folder /opt/VRTSsfmcs/webgui/jre
# tar cvf /var/tmp/old_jre /opt/VRTSsfmcs/webgui/jre
5] Copy the new jre to /opt/VRTSsfmcs/webgui/
6] Restart the VOM webserver
# /opt/VRTSsfmcs/bin/vomsc --restart web
[root@VxArray12 webgui]# /opt/VRTSsfmcs/bin/vomsc --restart web
Veritas Operations Manager Services:
Web Server.................................................................[STOPPED]
Web Server.................................................................[RUNNING]
7) Verify
[root@VxArray12 webgui]# /opt/VRTSsfmh/bin/vomadm service --status ALL
Veritas Operations Manager Services:
Web Server.................................................................[RUNNING]
Authentication Service.....................................................[RUNNING]
Messaging Service..........................................................[RUNNING]
Database Service...........................................................[RUNNING]
Distributed Command Line Daemon............................................[RUNNING]
Watchdog...................................................................[RUNNING]
SNMP Trap Service..........................................................[RUNNING]
Confirmation of the functionality:
Open the VOM 6.1 CMS GUI navigate to a Storage Foundation Managed Host (SFMH) and right click to refresh the host) to initiate a discovery
That will receive new data and update the database. The administrator can also verify that new alerts are received by creating an event by taking down the xprtld process on the SFMH and watching the host for the change in status.
# /opt/VRTSsfmh/adm/xprtldctrl stop – xprtld process
Restart the daemon to initiate communication and remove the alert.
# /opt/VRTSsfmh/adm/xprtldctrl start – xprtld process