• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

ColdFusion 2021 no internet allowed on server

Community Beginner ,
Oct 29, 2022 Oct 29, 2022

Copy link to clipboard

Copied

So I tried updating CF2021 to update 5 using the command line, you know that tool that is reliable, dependable, and takes 5 minutes but now it doesnt work.  We got these "packages" that "dont install with core."

 

What is the steps to download things onto a local desktop, scan em, copy to servers and install in command line because you all broke what was fast and reliable.  I have no internet allowed on servers policies so Adobe cannot be calling home to Adobe...

 

Views

620

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 29, 2022 Oct 29, 2022

Copy link to clipboard

Copied

What doesn't work for you? Did you pull down the jar, offered on the technote, offline step 1?

 

https://cfdownload.adobe.com/pub/adobe/coldfusion/2021/updates/hotfix-005-330109.jar

 

And you ran that with java -jar (from an admin cmd prompt on windows, or using sudo on Linux)? Fwiw, I've not had to ever run steps 2 and 3, about getting the zip, extracting it, updating the xml, blah blah.

 

Indeed, I just did it on a machine I'd not yet updated. In a couple minutes. 

 

So are you saying the java - jar approach did not work? Or something else?

 

I've seen your other posts. I appreciate how frustrated you are. Some things about the updates are indeed disappointing, but there's a solution for all of them. I'm working on come posts for those other issues you raised.

 

But on this thread, I'm not seeing the problem you do, so help us help you. 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Oct 30, 2022 Oct 30, 2022

Copy link to clipboard

Copied

Charlie,

 

On my Development box, after using the java -jar command line, something that I have done successfully in CF11, CF2016, and CF2018 on all updates, failed.  It left barebones system in place.  Admin API, SAML, one or two other Pacakages.  I hade to uninstall the entire thing and go through the admin URL to update everything.

 

My production instance number 1, the java -jar, left nothing in place.  Exactly like what this one saw.  https://community.adobe.com/t5/coldfusion-discussions/coldfusin-2021-update-2-causes-all-installed-p...

 

My production number 2 box, I tried the admin URL since the java -jar failed, but it hung up on 503 service not availables and failed signature verifications because I upgraded the Java to latest Java 11 (11.0.17) I believe or something is missing Adobe's CA signature.

 

What I would like, is a set of instructions that I can use to install ALL updates to CF2021 Offline.  Its in a hole, no internet, no network, no nothing but files I copied to it.  Nice and secure.  

 

For example, can I export the packages lists from the admin, and using that in XML request on my desktop to download all the update 5 versions into a single package or packages/zip, then deploy that manually to the server and run update scripts with the java -jar? 

 

If yes, cool, can I have those steps or high level so I might attempt some of mine?

 

Basically, I think the major issue is that Adobe needs internet access on the servers and that is not allowed or spotty on our production instances.  We have rules in place that disable the internet on those boxes.  When I ask our groups about it I am told I have no need to know because its security information.   Therefore, I have been using the java -jar method since CF11 because of that rule.  Why doesnt the hotfix inclued all the packages with it or is there a option to force it?  

 

As for replicating this, unless you have a blank 2016 windows server with no CF ever installed on it and disable internet as prereqs, then that would be the start.  Install CF2021 and make sure its OLDER packages are there.  Once there, download the update 5 using desktop, copy it to the server and install it using the java -jar and then try to log back into the admin api which was update 4 or older....  That is only a guess set of steps.  Also, I wouldnt use a server that already had Update 5 successfully done to it because its possible the update 5 packages are still set locally on the box.  I would say you need a complete update 4 install without any connection to internet... 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 31, 2022 Oct 31, 2022

Copy link to clipboard

Copied

Benjamin, here's the solution, for the two issues on each of your boxes. The first is unique to cf2021 (but not new to its update 5), while the second IS new (to the latest jvm) but is NOT unique to cf2021, happening also with cf2018 and earlier. Fwiw, I worked on both over the weekend, to help you and others, so I can confirm here the details and my lessons learned. 

 

1) On the first problem, the focus of this thread, I can concur now that the reason java jar approach has worked for me on cf2021 is that I DID have internet access on the machines where I did that.

 

When I instead tried the cf2021 update on a machine that did NOT have internet access, I experienced the error of loss of admin access. Indeed, what's happening is loss of ALL "packages" in cf2021. 

 

That new notion of "packages" for cf features (about 50 of them) is indeed new to cf2021. And that's why THIS problem is new and unique to cf2021. 

 

For now, the steps you seek are indeed those documented in the cf2021 update technotes and its section on offline updating. (It's indeed NOT enough to JUST do the Java jar--if your machine is offline.)

 

You need to a) download the repo zip they offer there, then b) extract that (I did it such that I copied the one "bundles" folder in that zip over top of the one in coldfusion2021/bundles). That's where cf looks for those. And you'll see in there BOTH the hotfix jar (so you really don't need to download it separately) and all the various package-related jars for this and previous cf2021 updates. 

 

But there's still one more important change needed, whether you prefer to do the java-jar or use the admin to do the update "install" step.

 

Because the cf admin currently has a setting that points it to a url online to get that stuff, you need to change it to point to this bundles folder instead. More specifically, you need to point it the bundlesdependency.json file WITHIN that folder. 

 

And you could either do that in the cf admin settings tab (of its "package manager" page), or using the new cf2021 tool called cfpm, as in (for windows, assuming use of the c drive for cf): 

 

C:\ColdFusion2021\cfusion\bin\cfpm updaterepopath C:\ColdFusion2021\bundles\bundlesdependency.json

 

(On Linux, just change the paths.) This approach can of course be used when the admin can't be reached because of the original problem. (Sadly, the update technotes propose editing the xml file that this would update. That seems brittle.) 

 

That command should report:

 

The packages repository path is updated.

Restart the ColdFusion server for these changes to take effect. 

 

 

Then on restarting cf, you child find that the update install will now work... again whether you prefer to use the cf admin update install button or the Java -jar manual approach. Or indeed you could use the cfpm install all command. 

 

Again, the whole package mgr thing is new to cf2021. That's why the processes, experience, and help resources are not as refined as they could be.

 

Hope this contributes to the community understanding. I plan to do a blog post with more. 

 

2) Moving on now to the second issue (signature verification failure), I can report that it's NOT new or unique to cf2021. It would have happened on cf2018. I understand it's ONLY happened to you on cf2021, but that's only because you a) updated your cf2021 to use that latest Java update from teo weeks ago (11.0.17), then you b) restarted cf, then you c) tried to download the cf update from the cf admin.

 

That sequence of events will indeed currently fail with that error, "Failed Signature Verification".  This is due to a change in that latest jvm, which causes that verification to fail on the download within the cf admin. I discuss this more in a detailed blog post last night: https://www.carehart.org/blog/2022/10/31/solving_new_failed_signature_verification_on_cf_updates 

 

I discuss there 3 workarounds until Adobe addresses it with a new signature for their update jars--for cf2021 AND cf2018.

 

Let me know if all this gets you going. 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Oct 31, 2022 Oct 31, 2022

Copy link to clipboard

Copied

Charlie,

 

Thank you for the verification. 

 

1) I also had the same mindset of how to get the packages offline this morning and attempted it with something similar to Adobes Package Manager, Offline repository.

https://helpx.adobe.com/coldfusion/using/coldfusion-package-manager.html#interactive

Search: Configure Local Repository

 

I dont know if supported but I copied the Cfusion folder to a temp desktop with internet and run that downloadrepo command to a local folder.  Then copied the folder to a web server like IIS.  I will attempt to update things once I schedule an outage.

 

2) I agree with you.  The sequence of events etc would have caused my issue there. 

 

Hopefully with the copy of the offline packages and java -jar installation, we can fix some of these from pure cli.

One of these if I can figure out how to setup the CF update on the same repo otherwise maybe java -jar and then the cfpm update packages command...

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 31, 2022 Oct 31, 2022

Copy link to clipboard

Copied

LATEST

If you're open to feedback, or at least to help other readers:

 

While the doc page covers the cfpm tool, that section you point to is shockingly brief. It doesn't cover either what little is covered in the update technote, let alone what I elaborated (and not at all the cfpm updaterepopath command--even when it shows the cfpm downloadrepo command I'd failed to mention ). 

 

As for your copying the cfusion folder, that was totally unnecessary, as perhaps now you realize. 

 

BTW, one need not "wait for an outage" on a prod server, to experience these things. One can install the cf free trial (for 30 days) or the free developer edition (with no expiration) on any machine (like a local dev machine or a vm--and in a matter of minutes) , where one could easily turn off the network while trying such updates. No offense intended if you "already knew this". Again, I'm speaking as much to others who may find this discussion.

 

And finally, on your last point, I hope you see now that yes, you can do that entirely via the cli. 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation