Alternative Upgrade Procedure

Backing Up Product Data

The backup file is generated in the current working directory and named as follows:

Example:

was generated on May, 16th 2023 at 10:21:13.

Backing Up Plugin Service Data

Run this command:

Backing Up the SSL Certificates and Keys

Note:

This procedure creates a TAR archive that might contain duplicates as the same cert/key file may be mentioned in multiple configuration files.

1. Create a TAR archive paa_cc_certs.tar:

2. Collect the secret key path:

   • Open the file etc/netrounds/netrounds.conf.
   • Copy the value for the SECRET_KEY_FILE setting without single/double quotes (<SECRET_KEY_FILE value>)

   • Paste the value you just obtained at the end of this command:

     For example, if the value of SECRET_KEY_FILE is /etc/netrounds/secret_key, the command will be:

     Note:

     The output

     is for information only and can be ignored. The command will still add the file as expected.

3. Collect the certificate from the services configuration files:

   • Open the file /etc/netrounds/consolidated.yaml.

   • Copy the value <cert path> for both ssl-key and ssl-cert directives, but only if they are uncommented and have a name different from ssl-cert-snakeoil.

     Example:

     • Copy this one: /etc/certs/fullchain.pem
     • Don't copy this one: /etc/ssl/certs/ssl-cert-snakeoil.pem

   • Paste the value you just copied at the end of this command:

     Note:

     The output

     is for information only and can be ignored. The command will still add the file as expected.

   • Repeat the steps above for the files /etc/netrounds/plugin.yaml and /etc/netrounds/test-agent-gateway.yaml.

4. Collect the certificates used by the Apache web server:

   • Open the file /etc/apache2/sites-available/netrounds-restol-standalone.conf.
   • Copy the value <cert path> for both SSLCertificateFile and SSLCertificateKeyFile directives, but only if they are uncommented and have a name different from ssl-cert-snakeoil.

   • Paste the value you just copied at the end of this command:

     Note:

     The output

     is for information only and can be ignored. The command will still add the file as expected.

   • Repeat the steps above for the file /etc/apache2/sites-available/netrounds-ssl.conf.

5. Copy the backup files to the Ubuntu 22.04 instance:

Installing Required OS and Software

Follow the Paragon Active Assurance 4.3 Installation Guide, chapter "Installing Required OS and Software".

Restoring Product Backup from Data

1. Drop the main PostgreSQL database and plugin database:

2. Recreate the main PostgreSQL database and plugin database as described in the 4.3 Operations Guide:

3. Uncompress the backup archive and enter into the backup archive directory:

4. Restore the main PostgreSQL database and plugin database:

5. Restore plugin signing keys:

6. Restore Control Center configurations:

7. Restore Control Center SSL certificates and secret key:

Downloading Control Center and Test Agent Repositories

Follow the 4.3 Installation Guide.

Installing Control Center and Related Tasks

1. Install Control Center

   Follow the procedure in the 4.3 Installation Guide. Below are some specifics of updating configuration files:

   • For /etc/netrounds/restol.conf, press N.

   • For /etc/netrounds/netrounds.conf, press D, then Z.

     • Back up the current version:

     • Edit /etc/netrounds/netrounds.conf as follows:

       • Replace AXES_LOGIN_FAILURE_LIMIT with AXES_FAILURE_LIMIT.
       • Replace X_FRAME_OPTIONS_HEADER with X_FRAME_OPTIONS

       • Replace this

         with this:

         where x is the value of PASSWORD_RESET_TIMEOUT_DAYS.

     • Compare the two versions of the file:

     • Type exit and validate current changes with N.

   • For /etc/apache2/sites-available/netrounds-ssl.conf, press D, then Z.

     • Back up the current version:

     • Replace the Python 3.6 path with one for Python 3.10:

     • Compare the two versions of the file:

     • Type exit and validate current changes with N.

   • For /etc/apache2/sites-available/netrounds.conf, press D, then Z.

     • Back up the current version:

     • Replace the Python 3.6 path with one for Python 3.10:

     • Compare the two versions of the file:

     • Type exit and validate current changes with N.

   • For /etc/openvpn/netrounds.conf, press D, then Z.

     • Update the file to have:

       • the value of cert pointing to the same name CRT file but under openvpn/issued
       • the value of key pointing to the same name KEY file but under openvpn/private.

       Type exit and validate current changes with N.

   • For /etc/netrounds/test-agent-gateway.yaml, press N.
   • For /etc/netrounds/metrics.yaml, press N.
2. Restore post-installation config

   Run the following commands:

3. Run the database migration (and change ownership for one file)

   Run the following commands:

4. Install the Test Agent repositories and plugins

   Run the following commands:

   Do the following to enable the latest version of all plugins in all accounts:

   For more information on how to manage plugins using the Control Center CLI, see the in-app help under "Plugins".

   Log in to the Control Center GUI and go to the Test Agents view. Next to each Test Agent for which an upgrade is available, an up-arrow icon appears. Click that icon to go ahead with the upgrade.

5. If the ConfD service was enabled in 4.1, install ConfD. Follow the instructions in the Installation Guide, chapter Installing Control Center and Related Tasks, section "Installing ConfD", with one modification: The installation of ConfD from deb packages needs to be done with the command

   All other commands in the Installation Guide should be applied unchanged.

   Note:

   Some additional configuration is needed; again, see the Installation Guide for details.

Configuring the Metrics Service

If the metrics service was enabled in 4.1, the following steps need to be applied in order to restore the data collected in the TimescaleDB database.

1. Enable and start the timescaledb service:

2. Restore TimescaleDB from backup:

3. Enable and start the metrics service: