Scenario A: Upgrade of Ubuntu 16.04 to Ubuntu 18.04
-
Begin by disabling the
apache2andnetrounds-callexecuterservices:sudo systemctl disable apache2 netrounds-callexecuter
-
Stop all Paragon Active Assurance services:
sudo systemctl stop "netrounds-*" apache2 openvpn@netrounds
-
Take backups of Paragon Active Assurance product data.
Note:This is the backup procedure described in the Operations Guide, chapter Backing Up Product Data, only more briefly worded.
Run these commands:
# Back up the PostgreSQL database pg_dump --help pg_dump -h localhost -U netrounds netrounds > ncc_postgres.sql # (Alternatively, to save in binary format:) # pg_dump -h localhost -U netrounds -Fc netrounds > ncc_postgres.binary # Back up OpenVPN keys sudo tar -czf ncc_openvpn.tar.gz /var/lib/netrounds/openvpn # Note: Be sure to store these in a safe place. # Back up RRD files (metrics data) # Check the file size before compressing the RRDs. Use of the tar command is not # recommended if the RRDs are larger than 50 GB; see note below. du -hs /var/lib/netrounds/rrd sudo tar -czf ncc_rrd.tar.gz /var/lib/netrounds/rrd
Note:The
pg_dumpcommand will ask for a password which can be found in/etc/netrounds/netrounds.confunder "postgres database". The default password is "netrounds".Note:For a large-scale setup (> 50 GB), making a tarball of the RRD files might take too long, and taking a snapshot of the volume can be a better idea. Possible solutions for doing this include: using a file system that supports snapshots, or taking a snapshot of the virtual volume if the server is running in a virtual environment.
- Check the integrity of the database using the supplied script
netrounds_2.35_validate_db.sh.
If this script outputs warnings, do not attempt the database migration procedure described below. Contact Juniper support by filing a ticket at https://support.juniper.net/support/requesting-support (supplying the output from the script) to have the problems with the database resolved before you proceed with the upgrade.
-
Take backups of the Control Center configuration files:
/etc/apache2/sites-available/netrounds-ssl.conf/etc/apache2/sites-available/netrounds.conf/etc/netrounds/netrounds.conf/etc/netrounds/probe-connect.conf/etc/netrounds/restol.conf/etc/netrounds/secret_key/etc/netrounds/test-agent-gateway.yaml/etc/openvpn/netrounds.conf
For example:
sudo cp /etc/apache2/sites-available/netrounds-ssl.conf /etc/apache2/sites-available/netrounds-ssl.conf.old
-
Upgrade Ubuntu to version 18.04. A typical upgrade procedure is as follows (adapted from https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes):
- To upgrade on a server system:
- Install
update-manager-coreif it is not already installed. - Make sure the Prompt line in
/etc/update-manager/release-upgradesis set to 'lts' (to ensure that the OS is upgraded to the 18.04, the next LTS version after 16.04). - Launch the upgrade tool with the command
sudo do-release-upgrade. - Follow the on-screen instructions. As far as Paragon Active Assurance is concerned, you can keep the defaults throughout. (It may of course happen that you need to make different choices for reasons unrelated to Paragon Active Assurance.)
- Install
- To upgrade on a server system:
-
Once Ubuntu has been upgraded, reboot the system. Then perform the following steps:
-
Upgrade PostgreSQL.
-
Update PostgreSQL database files from version 9.5 to version 10:
sudo pg_dropcluster 10 main --stop # Shut down server and completely delete cluster# "main" version 10 (this prepares for the upgrade# in the next command) sudo pg_upgradecluster 9.5 main # Upgrade cluster "main" version 9.5 to latest# available version (10) sudo pg_dropcluster 9.5 main # Completely delete cluster "main" version 9.5
-
Remove the outdated version of PostgreSQL:
sudo apt purge postgresql-9.5 postgresql-client-9.5 postgresql-contrib-9.5
-
-
Update Paragon Active Assurance packages.
-
Compute the checksum for the tarball containing the new Control Center version and verify that it is equal to the SHA256 checksum provided on the download page:
sha256sum paa-control-center_${CC_VERSION}.tar.gz -
Unpack the Control Center tarball:
export CC_VERSION=<enter new version here> tar -xzf netrounds-control-center_${CC_VERSION}.tar.gz -
Install new Control Center packages:
sudo apt update sudo apt install ./netrounds-control-center_${CC_VERSION}/*.deb
-
-
Remove the obsolete packages:
Note:It is vital to remove these packages.
# Test Agent Lite support sudo apt purge netrounds-agent-login # Unsupported jsonfield package sudo apt remove python-django-jsonfield
-
Before doing the database migration, you need to perform some additional steps. Go to this Knowledge base article, scroll down to the section Actions if the release has been installed, and perform steps 1 through 4 of those instructions.
Note:Do not perform step 5 at this point.
-
Run the database migration:
Note:Before doing the migration, you must ensure that the database integrity check described above completes without error.
sudo ncc migrate
The
ncc migratecommand takes considerable time to execute (many minutes). It should print the following (details omitted below):Migrating database... Operations to perform: <...> Synchronizing apps without migrations: <...> Running migrations: <...> Creating cache table... <...> Syncing test scripts... <Updating script ...>
-
(Optional) Update the ConfD package if you need ConfD:
tar -xzf netrounds-confd_${NCC_VERSION}.tar.gz sudo apt install ./netrounds-confd_${NCC_VERSION}\_all.deb -
Compare the previously backed-up configuration files with the newly installed ones, and manually merge the contents of the two sets of files (they should remain in the same locations).
-
Enable the
apache2,kafka, andnetrounds-callexecuterservices:sudo systemctl enable apache2 kafka netrounds-callexecuter
-
Start Paragon Active Assurance services:
sudo systemctl start --all "netrounds-*" apache2 kafka openvpn@netrounds
-
To activate the new configuration, you also need to run:
sudo systemctl reload apache2
-
Install new Test Agent repositories:
TA_APPLIANCE_VERSION=<enter version number here> TA_APPLICATION_VERSION=<enter version number here> # For versions prior to 3.0: # Verify the integrity of the repositories (response should be "OK") shasum -c netrounds-test-agent_${TA_APPLIANCE_VERSION}_all.sha256 shasum -c netrounds-test-agent-application_${TA_APPLICATION_VERSION}.sha256.sum # For version 3.0 and later: # Compute checksums for the repositories and verify that they match the # SHA256 checksums provided on the download page sha256sum paa-test-agent_${TA_APPLIANCE_VERSION}_all.deb sha256sum paa-test-agent-application_${TA_APPLICATION_VERSION}.tar.gz # Start the installation sudo apt-get install \ ./netrounds-test-agent_${TA_APPLIANCE_VERSION}_all.deb sudo cp netrounds-test-agent-application_${TA_APPLICATION_VERSION}.tar.gz \ /usr/lib/python2.7/dist-packages/netrounds/static/test_agent/ -
Since support for Test Agent Lite was dropped in version 2.35, you should remove the old Test Agent Lite packages if you have them installed:
sudo rm -rf /usr/lib/python2.7/dist-packages/netrounds/static/test_agent/netrounds-test-agent-lite*
When you upgrade to 3.x later on, you must begin by running this command:
sudo apt-mark unhold python-django python-django-common