Upgrade Procedure
If you are upgrading from 2.34, please make sure you use the special upgrade procedure described in the document Upgrading Control Center from Version 2.34.
Below are general instructions for upgrading Control Center. Note that for specific releases, additional actions may be required; separate instructions are then given in each case in what follows.
Be sure to refer to the current Paragon Active Assurance Installation Guide.
-
Disable the
apache2andnetrounds-callexecuterservices completely:sudo systemctl disable apache2 sudo systemctl disable netrounds-callexecuter
-
Stop all Paragon Active Assurance services:
sudo systemctl stop "netrounds-*" apache2 openvpn@netrounds
-
Make backups according to the Operations Guide, chapter Backing Up Product Data, starting with the section "Backing Up the PostgreSQL Database".
-
Verify the integrity of the tarball containing the new Control Center version:
# Compute the checksum for the tar file and verify that it is equal to the SHA256 # checksum provided on the download page export CC_VERSION=3.2.2 sha256sum paa-control-center_${CC_VERSION}.tar.gz -
Unpack the Control Center tarball:
tar -xzf paa-control-center_${CC_VERSION}.tar.gz -
Install new Control Center packages:
sudo apt-get update sudo apt-get install ./paa-control-center_${CC_VERSION}/*.debYou will be asked how to proceed with the configuration files. In most cases you will want to keep your old settings. We recommend that you inspect the difference between your old configuration and the new one using the "D" choice.
New optional and updated settings may be available in the example configuration files provided in the packages. Feel free to review these and add new options as appropriate for your installation.
Warning:For the file
/etc/netrounds/netrounds.confyou need to choose "Y" in order to pick up the mandatory newSPEEDTEST_ADDRESSsetting. Therefore, if you have made other modifications to this file, be sure to first copy those and reinsert them afterwards. As a side note, we may mention that theSTRICT_TRANSPORT_SECURITY_HEADERsetting has been removed.Warning:For the Apache configuration files found in
/etc/apache2/sites-available/
you need to choose "Y", which is the "package maintainer's version".
If you have installed proper SSL certificates (as recommended) instead of the default snakeoil ones, you will have to modify the file again to point to the correct path in the
SSLCertificateFileandSSLCertificateKeyFilesettings after the Debian package installation has completed. See the Installation Guide, chapter Service Configuration, section "SSL Certificate Configuration". -
Run the database migration:
Warning:If you have changed the database password from the default, make sure you also change this in the
db-passwordsetting in the/etc/netrounds/plugin.yamlfile before runningncc migrate. Otherwise, the command will fail.Note:This is a sensitive command, and care should be taken when executing it on a remote machine. In such a scenario it is strongly recommended that you use a program like
screen(generally installed by default on popular Linux distributions) ortmux(runsudo apt-get install tmuxto install) so that the migrate command will continue running even if the ssh session breaks.Note:This command takes considerable time to execute.
sudo ncc migrate
-
Install the new Test Agent repository and plugins.
The plugins are used by Test Agent Applications.
TA_APPLIANCE_BUILD=3.2.1.15 TA_APPLICATION_BUILD=3.2.1.2 PLUGIN_BUILD=3.2.1-66 # Compute checksums for the repositories and verify that they match the # SHA256 checksums provided on the download page sha256sum paa-test-agent_${TA_APPLIANCE_BUILD}_all.deb sha256sum paa-test-agent-application_${TA_APPLICATION_BUILD}_all.deb sha256sum paa-test-agent-plugins_${PLUGIN_BUILD}_all.deb # Start the installation sudo apt-get install ./paa-test-agent_${TA_APPLIANCE_BUILD}_all.deb sudo apt-get install ./paa-test-agent-application_${TA_APPLICATION_BUILD}_all.deb sudo apt-get install ./paa-test-agent-plugins_${PLUGIN_BUILD}_all.deb
-
Enable the
apache2,kafka, andnetrounds-callexecuterservices:sudo systemctl enable apache2 sudo systemctl enable kafka sudo systemctl enable netrounds-callexecuter
-
Start all Paragon Active Assurance services:
Note:You must do this to get the services up and running again after the upgrade.
sudo systemctl start --all "netrounds-*" apache2 kafka openvpn@netrounds
-
To activate the new configuration, you also need to run:
sudo systemctl reload apache2
-
Check that the system is up and running with the commands
sudo ncc status sudo systemctl status "netrounds-*"
- Log in to the Control Center GUI and go to the Test Agents view. Next to each Test Agent for which an upgrade is available, an up-arrow icon appears. Click that icon to go ahead with the upgrade.
Troubleshooting
Password Authentication Failed For User
If the ncc migrate command fails with an error message
Failed to connect to database error="pq: password authentication failed for user \"netrounds\"" db-host=localhost db-name=paa-plugins db-port=5432 ...
you must update the variable db-password in the
/etc/netrounds/plugin.yaml file as explained in the warning above. Edit this
file and then rerun ncc migrate.
Target WSGI Script Not Found
If you accidentally selected "N" for the Apache configuration files (see this step above) and got an error message like the one below
[wsgi:error] [pid 29401:tid 140567451211520] [client 127.0.0.1:37172] Target WSGI script not found or unable to stat: /usr/lib/python2.7/dist-packages/netrounds/wsgi.py
run the following commands to get back on track:
export CC_VERSION=3.2.2
dpkg-deb --fsys-tarfile paa-webapp_${CC_VERSION}_all.deb | tar -x --wildcards ./etc/apache2/sites-available/*.conf --strip-components 4
sudo mv netrounds*.conf /etc/apache2/sites-available/
sudo chown -R root:root /etc/apache2/sites-available/
sudo systemctl reload apache2This overwrites the old configuration with the new one in the updated package.
Again, if you have installed proper SSL certificates (as recommended) instead of the
default snakeoil ones, you will have to modify the file again to point to the correct path
in the SSLCertificateFile and SSLCertificateKeyFile
settings after the Debian package installation has completed. See the Installation Guide,
chapter Service Configuration, section "SSL
Certificate Configuration".