Copyright
Copyright © 2019 Balasys IT Ltd.. All rights reserved. This document is protected by copyright and is distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of Balasys.
This documentation and the product it describes are considered protected by copyright according to the applicable laws.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)
Linux™ is a registered trademark of Linus Torvalds.
Windows™ 10 is registered trademarks of Microsoft Corporation.
The Balasys™ name and the Balasys™ logo are registered trademarks of Balasys IT Ltd.
The Zorp™ name and the Zorp™ logo are registered trademarks of Balasys IT Ltd.
The Proxedo™ name and the Proxedo™ logo are registered trademarks of Balasys IT Ltd.
AMD Ryzen™ and AMD EPYC™ are registered trademarks of Advanced Micro Devices, Inc.
Intel® Core™ and Intel® Xeon™ are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.
All other product names mentioned herein are the trademarks of their respective owners.
DISCLAIMER
Balasys is not responsible for any third-party websites mentioned in this document. Balasys does not endorse and is not responsible or liable for any content, advertising, products, or other material on or available from such sites or resources. Balasys will not be responsible or liable for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services that are available on or through any such sites or resources.
2021-12-03 .Copyright
Introduction
This guide describes the necessary steps and commands to upgrade your PAS instance from version 3.2.0 to 3.3.1.
There are four main parts to describe different phases and scenarios of the upgrade.
-
How to create a backup for safety
-
Single node upgrade process
-
Multi node upgrade process
-
How to restore pre-upgrade state in case of upgrade failure
Backup
Before starting the upgrade process, make sure you have a backup from which you can restore the current state of your PAS setup.
The following steps describe how to create a backup of an actual configuration manually.
All instructions need to be executed on the management node even in case of a multi node setup. |
The password for the management component’s admin user will be necessary to be able to backup the running configuration. |
At the end, save both files (bootstrap-config.zip and config.zip in the examples) to a backup server.
|
Bootstrap configuration
-
Install the
zip
package by runningapt install zip
. -
Log in to
pas
user by runningsudo -iu pas
. -
Save the following configuration files on the node in a zip file.
-
/opt/balasys/etc
-
/opt/balasys/.ssh for a multi node setup
-
Parts of the automated core deployment tool
-
/opt/balasys/usr/share/automation/deploy-core.yml
-
/opt/balasys/usr/share/automation/host_vars
-
/opt/balasys/usr/share/automation/inventory.yml
-
/opt/balasys/usr/share/automation/roles/deploy-core/vars/main.yml
-
-
zip --recurse-paths bootstrap-config.zip --symlinks \ /opt/balasys/etc/ \ /opt/balasys/usr/share/automation/{deploy-core.yml,host_vars,inventory.yml} \ /opt/balasys/usr/share/automation/roles/deploy-core/vars/main.yml
zip --recurse-paths bootstrap-config.zip --symlinks \ /opt/balasys/.ssh/ \ /opt/balasys/etc/ \ /opt/balasys/usr/share/automation/{deploy-core.yml,host_vars,inventory.yml} \ /opt/balasys/usr/share/automation/roles/deploy-core/vars/main.yml
Running configuration
-
Log in to the web UI as admin user and discard the admin user’s changes on the Changes Dashboard.
-
Execute the following commands on the management node:
-
Execute the following command to authenticate. This will provide you with two tokens.
curl <frontend_baseurl>/api/v1/auth/login --request POST \ --data '{"user":"admin","password":"<admin_password>"}'
-
To export the running configuration, run the following command with the access token extracted from the previous command’s output. This will save the running configuration to a file named
config.zip
in the working directory.curl <frontend_baseurl>/api/v1/config_backup --request GET \ --header "Authorization: Bearer <access_token>" \ --output config.zip
-
$ curl example.localdomain/api/v1/auth/login --request POST \ --data '{"user":"admin","password":"be8f3c04-fcbf-4fae-aa97-d669cd29e046"}' {"access_token": "eyJhbGciOiJBMjU2S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIn0.ZaXXP1lnu5JkmrQdAQmJuwh2AoxaFm5dzjrTLhB2LylfjY_fBOM2akLJrKuGs6lhSus0T9rrB8JYFJqpWgjaHjmECc_Nqclu.Zi41Q2pj_Kc7K3sBnT89YA._OXAT4OWmINd3zuiGfqe7__HMXt_1HTTe_8FMEDpH7fqjJcvjPmnGXkYvJdWboSJwYdI97i4fqQjCfzhU37g81xo5yTpy3PxUgfrVcvpskx00GKTesTeaU8kG6FxHRFCa0WcxKZi5TVNtxijjSs7MO2QjPargIuJRjaElE5ZId3GOWfX0hhDdY9VO3zwVsRA2dnlZz2Z61-oqBOxuA1UkMBrYv13xvnjPee8H2oT95v_oKdVNeYUKKMdpwWJ5irNhsVTRKU1_OIkGYzsLOeQ7A.2CNoIioh2K43EJXBy2gTwU49NPyMW6yCE5xJBh8inSM", "renew_token": "eyJhbGciOiJBMjU2S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIn0.n-GWEDgZcGc1qc2CAXlGDsV_JUgoUVYqjv0txl531BO75QbTxmSkzZMMzD5NkT74fwMpECU1zRhVOwOSzPRwgwimxZPvhzuk.bwrqmwR3feWVXarEeGAlZA.6197IwyzfhYo0OWxBW6fb0pMTR3-mTAu6pcSOZvxogO_S_EvpkKYu8HYciavDA0OOK5IHhY9Eem5uCEVxjZmMO2YDVuNMni9SbJ85soc2ydPBObvbo8A1eoVI2xsYW9NCQ9PEchL0UT1pBTUGp6Sj2exGODFKxh06nbGO7lvDMJLHeZh9Tp0Q9NiaWUrsKRk66ZRD9_yvGkcABTmHCd7PzPkA560LDwmnzsKOLnxvn0.PCWG1mH59YaGt3cLXmCrsYOsYqjFrqkgHhI1uZBjIAY"} $ curl example.localdomain/api/v1/config_backup --request GET \ --header "Authorization: Bearer eyJhbGciOiJBMjU2S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIn0.ZaXXP1lnu5JkmrQdAQmJuwh2AoxaFm5dzjrTLhB2LylfjY_fBOM2akLJrKuGs6lhSus0T9rrB8JYFJqpWgjaHjmECc_Nqclu.Zi41Q2pj_Kc7K3sBnT89YA._OXAT4OWmINd3zuiGfqe7__HMXt_1HTTe_8FMEDpH7fqjJcvjPmnGXkYvJdWboSJwYdI97i4fqQjCfzhU37g81xo5yTpy3PxUgfrVcvpskx00GKTesTeaU8kG6FxHRFCa0WcxKZi5TVNtxijjSs7MO2QjPargIuJRjaElE5ZId3GOWfX0hhDdY9VO3zwVsRA2dnlZz2Z61-oqBOxuA1UkMBrYv13xvnjPee8H2oT95v_oKdVNeYUKKMdpwWJ5irNhsVTRKU1_OIkGYzsLOeQ7A.2CNoIioh2K43EJXBy2gTwU49NPyMW6yCE5xJBh8inSM" \ --output config.zip
To restore the backup, follow the instructions in Restoring the pre-upgrade state.
Single node upgrade process
This section describes how to upgrade PAS in a single node setup. In case any problem occurs during the upgrade and the version 3.2.0 needs to be restored, follow the instructions in Restoring the pre-upgrade state.
Prerequisites
The following requirements need to be met before carrying out the upgrade process:
-
The management, storage and core components of version 3.2.0 are running and healthy.
-
The password for the admin user of the management component is available.
-
The new Debian packages are downloaded and available for installation on the node:
-
proxedo-api-security_3.3.1_all.deb
-
proxedo-api-security-mgmt_3.3.1_all.deb
-
proxedo-api-security-storage_3.3.1_all.deb
-
Upgrade steps
-
Install the new Proxedo API Security packages as
root
user. This will not restart systemd services.-
Use the simplified installer windows for a directed and easier way of installing the PAS packages.
-
When the installer asks whether the existing configuration files shall be overwritten, select 'yes'. This question will be asked for each package.
By agreeing the installer to overwrite the existing files, the installer creates a working, single node configuration, consequently, there is no need to complete any manual updates. The newly created configuration is saved in a backup subdirectory next to its original location.
-
/opt/balasys/etc/infrastructure/storage/backups for storage infrastructure configuration
-
/opt/balasys/etc/storage/backups for storage configuration
-
/opt/balasys/etc/infrastructure/mgmt/backups for management infrastructure configuration
-
/opt/balasys/etc/mgmt/backups for management configuration
-
/opt/balasys/etc/infrastructure/core/backups for core infrastructure configuration
Figure 1. Question about overriding existing files -
-
When the Debian installer asks what to do with the new versions of configuration files, select
N
for keeping installed versions:Example question from the Debian installerInstalling new version of config file /opt/balasys/etc/infrastructure/storage/docker-compose.conf ... Configuration file '/opt/balasys/etc/storage/config.yml' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** config.yml (Y/I/N/O/D/Z) [default=N] ?
-
-
Log in to
pas
user by executingsudo -iu pas
. Carry out the following operations aspas
user. -
Run
pas-mgmt-upgrade-config pre-upgrade
. This will guide you through the pre-upgrade process. Once the pre-upgrade finishes, you will find apas-config-3.2.0.zip
in your working directory.The old administrator password needs to be used, even if you provided a new one during the installation. -
Run
pas-mgmt-upgrade-config convert-config
in the same directory. It will convert your old running configuration to be compatible with the new version. The new configuration will be saved aspas-config-3.2.0.upgraded-to-3.3.1.zip
. -
Update the bootstrap configuration of the management component available at /opt/balasys/etc/mgmt/config.yml.
-
Rename the LDAP authentication parameter names to their corresponding new names. They are all attributes of the
configapi.ldap
configuration object.-
server_cert
→ca_certs_file
-
user_object_type
→user_object_class
-
group_object_type
→group_object_class
-
-
Remove the
configapi.htpasswd
andconfigapi.htpasswd.htpasswd_file
parameters from the file. These values are not available anymore. -
If you had the
configapi.htpasswd.htpasswd_file
parameter set to a path different from the default, move your htpasswd file to /opt/balasys/etc/mgmt/users.htpass.
-
-
Make sure the
DOCKER_IMAGE_TAG
variable is updated to 3.3.1 in alldocker-compose.conf
files. If the installer was enabled to overwrite existing configuration files, this step is not necessary. The affected files are the following:-
/opt/balasys/etc/infrastructure/pas/docker-compose.conf for the core component
-
/opt/balasys/etc/infrastructure/mgmt/docker-compose.conf for the management component
-
/opt/balasys/etc/infrastructure/storage/docker-compose.conf for the storage component
-
-
Run the update command for each component
As a result of the update commands the following warning will be displayed, please ignore it: "WARNING: The PAS_HOSTNAME variable is not set. Defaulting to a blank string." -
pas-update
for core -
pas-mgmt-update
for management -
pas-storage-update
for storage
-
-
Run the check config command for each component for which it is available
-
pas-mgmt-checkconfig
for management -
pas-storage-checkconfig
for storage
-
-
Restart the PAS management and storage components.
-
Stop the PAS core component.
By stopping the core component, the proxy functionality is hung up, and network traffic going through is interrupted. Traffic will be served again when the core component is restarted in the last step. -
Run
pas-mgmt-upgrade-config post-upgrade
in the same directory where the pre-upgrade and configuration conversion steps were performed. Follow the instructions of the script to complete.If a new administrator password was provided in the installer, that one needs to be used. -
Start the PAS core component.
Multi node upgrade process
This section describes how to upgrade PAS in a multi node setup. In case any problem occurs during the upgrade and the version 3.2.0 needs to be restored, follow the instructions in Restoring the pre-upgrade state.
Prerequisites
The following requirements need to be met before carrying out the upgrade process:
-
The management and storage components of version 3.2.0 are running and healthy on the management node.
If the core component is also run on the management node, it needs to be running and functioning too. -
The storage and core components of version 3.2.0 are running and healthy on the core node.
-
The password for the admin user of the management component is available.
-
The new Debian packages are downloaded and available for installation on the management node:
-
proxedo-api-security_3.3.1_all.deb
-
proxedo-api-security-mgmt_3.3.1_all.deb
-
proxedo-api-security-storage_3.3.1_all.deb
-
Upgrade steps
Execute all steps on the management node.
-
Make sure local PAS management and storage components of version 3.2.0 are running.
-
Make sure remote PAS storage and core components of version 3.2.0 are running.
-
Install the new Proxedo API Security packages locally as
root
user. This will not restart systemd services.The simplified installer is designed to help single node installation. Ignore all questions asked by the installer during the upgrade and select "No" where possible. Ignore any questions asked twice and any error prompts. -
When the Debian installer asks what to do with the new versions of the configuration files, select
N
for keeping the installed versions.Example question from the Debian installerInstalling new version of config file /opt/balasys/etc/infrastructure/storage/docker-compose.conf ... Configuration file '/opt/balasys/etc/storage/config.yml' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** config.yml (Y/I/N/O/D/Z) [default=N] ?
-
-
Log in to
pas
user by executingsudo -iu pas
. Carry out the following operations aspas
user. -
Run
pas-mgmt-upgrade-config pre-upgrade
. This will guide you through the pre-upgrade process. Once the pre-upgrade finishes, you will find apas-config-3.2.0.zip
in your working directory. -
Run
pas-mgmt-upgrade-config convert-config
in the same directory. It will convert your old running configuration to be compatible with the new version. The new configuration will be saved aspas-config-3.2.0.upgraded-to-3.3.1.zip
. -
Update the bootstrap configuration of the management component available at /opt/balasys/etc/mgmt/config.yml.
-
Rename LDAP authentication parameter names to their corresponding new names. They are all attributes of the
configapi.ldap
configuration object.-
server_cert
→ca_certs_file
-
user_object_type
→user_object_class
-
group_object_type
→group_object_class
-
-
Remove the
configapi.htpasswd
andconfigapi.htpasswd.htpasswd_file
parameters from the file. These values are not available anymore. -
If the
configapi.htpasswd.htpasswd_file
parameter was set to a path different from the default, move the htpasswd file to /opt/balasys/etc/mgmt/users.htpass.
-
-
Update the bootstrap configuration of the storage component available at /opt/balasys/etc/storage/config.yml.
-
Set the
common.standalone_mode
variable tofalse
explicitly. The empty curly braces{}
also need to be deleted from thecommon
variable.Example standalone_mode parameter valuecommon: standalone_mode: false
-
-
Update the configuration of the automated deployment tool.
-
At /opt/balasys/etc/automation/common_vars.yml
-
Update the
storage_deb_path
to the new.deb
file. -
Update the
core_deb_path
to the new.deb
file. -
Update the
common.docker.PAS_IMAGE_TAG
to 3.3.1. -
Replace the docker password for the on encrypted by Ansible vault.
-
Run
ansible-vault encrypt_string
. First provide the vault password which will be used to encrypt your docker password. Then provide the docker password itself.From version 3.3.1 the docker registry password is stored encrypted in the /opt/balasys/etc/automation/common_vars.yml file. This also means that the pas-mgmt-deploy-core
command will now ask for the ansible vault password at the beginning. -
Set the
common.docker.password
attribute to the final output of the command. In the end, the password field should be set like in the following example.
-
-
Set the value of
common.storage.config.common.standalone_mode
tofalse
explicitly. It should look like the following.Example extract of values for the updated attributesstorage_deb_path: /tmp/proxedo-api-security-storage_{new_version}_all.deb core_deb_path: /tmp/proxedo-api-security_{new_version}_all.deb common: docker: PAS_IMAGE_TAG: {new_version} password: !vault | $ANSIBLE_VAULT;1.1;AES256 62623166386564303866653766656133616463633035643134313062383634336363633836336661 6566323331306635613034653062396166316262383535660a323433663261663435323962633430 32636236393966643636636534626466626166366337303936386339663335653739306661303731 6162633732366234630a373364343536376336383035666165383533313530653463653162316461 65323731633135613330343334663231316135343464373738383962303165393236 storage: config: common: standalone_mode: false
-
-
-
Make sure the
DOCKER_IMAGE_TAG
variable is updated to 3.3.1 in alldocker-compose.conf
files.-
/opt/balasys/etc/infrastructure/pas/docker-compose.conf for core
-
/opt/balasys/etc/infrastructure/mgmt/docker-compose.conf for management
-
/opt/balasys/etc/infrastructure/storage/docker-compose.conf for storage
-
-
Run the update command for each component:
As a result of the update commands the following warning will be displayed, please ignore it: "WARNING: The PAS_HOSTNAME variable is not set. Defaulting to a blank string." -
pas-update
for core if you also run core on the management node -
pas-mgmt-update
for management -
pas-storage-update
for storage
-
-
Run the check config command for each component for which it is available
-
pas-mgmt-checkconfig
for management -
pas-storage-checkconfig
for storage
-
-
Restart the local PAS management and storage components.
By stopping the local core component, the proxy functionality is hung up, and the network traffic going through is interrupted. The traffic will only be served again when the local core component is restarted after the post-upgrade
command.This step will inherently restart the HA component if it was running. -
Restart the remote core component by running
pas-mgmt-deploy-core --restart-core
. This will restart the remote nodes with PAS version 3.2.0 but that is expected. Upgrading the remote components will be done in a later step.By stopping the remote core component, the proxy functionality is hung up, and the network traffic going through is interrupted. The traffic will only be served again when the remote core component is restarted after the post-upgrade
command.This step will inherently restart the HA component if it was running. -
Run
pas-mgmt-upgrade-config post-upgrade
in the same directory where you performed the pre-upgrade and convert steps. Follow the instructions of the script to complete. -
Restart the local PAS core component.
-
If you are running HA, also restart the local HA component.
-
Upgrade and restart the remote PAS core component by running
pas-mgmt-deploy-core --deploy-core --restart-core
. -
If you are running HA, also upgrade and restart the remote HA component by running
pas-mgmt-deploy-core --deploy-ha --restart-ha
. -
Open the UI as admin user and go to the Status Dashboard. If you see
FAILED
in theReload success
column, go to the Changes Dashboard, and click Config Apply even if there are no pending changes.
Restoring the pre-upgrade state
Cleanup
-
Stop all PAS services on all nodes.
-
systemctl stop proxedo-api-security
for core -
systemctl stop proxedo-api-security-mgmt
for management -
systemctl stop proxedo-api-security-storage
for storage
-
-
Remove PAS packages as
root
user on all nodes. Remove packages only from those nodes where they are installed.-
apt remove --purge proxedo-api-security
for core -
apt remove --purge proxedo-api-security-mgmt
on management -
apt remove --purge proxedo-api-security-storage
on storage
-
-
Remove the
pas
user by runninguserdel --force --remove pas
Restore
All instructions need to be executed on the management node.
-
Reinstall PAS version 3.2.0 packages.
-
Log in to
pas
user by runningsudo -iu pas
. -
Copy the files saved during the backup to the
pas
user’s home directory.
Bootstrap configuration
It is important to run all commands as pas user to prevent from accidentally overwriting system files.
|
-
Unzip the saved bootstrap configuration files in the /opt/balasys directory as
pas
user by runningunzip -u -o bootstrap-config.zip -d /
.Example bootstrap configuration restore command and output$ unzip -u -o bootstrap-config.zip -d / Archive: bootstrap-config.zip creating: /opt/balasys/etc/ creating: /opt/balasys/etc/ha/ inflating: /opt/balasys/etc/ha/config.yml creating: /opt/balasys/etc/mgmt/ extracting: /opt/balasys/etc/mgmt/users.htpass inflating: /opt/balasys/etc/mgmt/config.yml creating: /opt/balasys/etc/storage/ [...]
-
Start all PAS services including the HA component if you previously ran a HA setup.
-
If you are restoring a multi node setup, also deploy the remote node by running the remote deployment command.
pas-mgmt-deploy-core --deploy-core
-
If you run an HA setup, also start the HA service on the remote node.
pas-mgmt-deploy-core --deploy-ha
Running configuration
-
Execute the following commands on the management node.
-
To authenticate, execute the following command. This will provide you with two tokens.
curl <frontend_baseurl>/api/v1/auth/login --request POST \ --data '{"user":"admin","password":"<admin_password>"}'
-
To import the running configuration, run the following command with the access token extracted from the previous command’s output.
curl <frontend_baseurl>/api/v1/config_backup --request POST \ --header "Authorization: Bearer <access_token>" \ --data "$(base64 config.zip)"
Example commands to import configuration$ curl example.localdomain/api/v1/auth/login \ --request POST \ --data '{"user":"admin","password":"be8f3c04-fcbf-4fae-aa97-d669cd29e046"}' {"access_token": "eyJhbGciOiJBMjU2S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIn0.ZaXXP1lnu5JkmrQdAQmJuwh2AoxaFm5dzjrTLhB2LylfjY_fBOM2akLJrKuGs6lhSus0T9rrB8JYFJqpWgjaHjmECc_Nqclu.Zi41Q2pj_Kc7K3sBnT89YA._OXAT4OWmINd3zuiGfqe7__HMXt_1HTTe_8FMEDpH7fqjJcvjPmnGXkYvJdWboSJwYdI97i4fqQjCfzhU37g81xo5yTpy3PxUgfrVcvpskx00GKTesTeaU8kG6FxHRFCa0WcxKZi5TVNtxijjSs7MO2QjPargIuJRjaElE5ZId3GOWfX0hhDdY9VO3zwVsRA2dnlZz2Z61-oqBOxuA1UkMBrYv13xvnjPee8H2oT95v_oKdVNeYUKKMdpwWJ5irNhsVTRKU1_OIkGYzsLOeQ7A.2CNoIioh2K43EJXBy2gTwU49NPyMW6yCE5xJBh8inSM", "renew_token": "eyJhbGciOiJBMjU2S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIn0.n-GWEDgZcGc1qc2CAXlGDsV_JUgoUVYqjv0txl531BO75QbTxmSkzZMMzD5NkT74fwMpECU1zRhVOwOSzPRwgwimxZPvhzuk.bwrqmwR3feWVXarEeGAlZA.6197IwyzfhYo0OWxBW6fb0pMTR3-mTAu6pcSOZvxogO_S_EvpkKYu8HYciavDA0OOK5IHhY9Eem5uCEVxjZmMO2YDVuNMni9SbJ85soc2ydPBObvbo8A1eoVI2xsYW9NCQ9PEchL0UT1pBTUGp6Sj2exGODFKxh06nbGO7lvDMJLHeZh9Tp0Q9NiaWUrsKRk66ZRD9_yvGkcABTmHCd7PzPkA560LDwmnzsKOLnxvn0.PCWG1mH59YaGt3cLXmCrsYOsYqjFrqkgHhI1uZBjIAY"} curl example.localdomain/api/v1/config_backup --request POST \ --header "Authorization: Bearer eyJhbGciOiJBMjU2S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIn0.ZaXXP1lnu5JkmrQdAQmJuwh2AoxaFm5dzjrTLhB2LylfjY_fBOM2akLJrKuGs6lhSus0T9rrB8JYFJqpWgjaHjmECc_Nqclu.Zi41Q2pj_Kc7K3sBnT89YA._OXAT4OWmINd3zuiGfqe7__HMXt_1HTTe_8FMEDpH7fqjJcvjPmnGXkYvJdWboSJwYdI97i4fqQjCfzhU37g81xo5yTpy3PxUgfrVcvpskx00GKTesTeaU8kG6FxHRFCa0WcxKZi5TVNtxijjSs7MO2QjPargIuJRjaElE5ZId3GOWfX0hhDdY9VO3zwVsRA2dnlZz2Z61-oqBOxuA1UkMBrYv13xvnjPee8H2oT95v_oKdVNeYUKKMdpwWJ5irNhsVTRKU1_OIkGYzsLOeQ7A.2CNoIioh2K43EJXBy2gTwU49NPyMW6yCE5xJBh8inSM" \ --data "$(base64 config.zip)"
-
-
Login to the web UI as admin user, go to the Changes Dashboard and apply the configuration.