Scenario B: Fresh Ubuntu 18.04 Installation
-
On the Ubuntu 16.04 instance, take backups of Paragon Active Assurance product data.
Note:This is the backup procedure described in the Operations Guide, chapter "Backing Up Product Data", only more briefly worded.
Run these commands:
# Back up the PostgreSQL database pg_dump --help pg_dump -h localhost -U netrounds netrounds > ncc_postgres.sql # (Alternatively, to save in binary format:) # pg_dump -h localhost -U netrounds -Fc netrounds > ncc_postgres.binary # Back up OpenVPN keys sudo tar -czf ncc_openvpn.tar.gz /var/lib/netrounds/openvpn # Note: Be sure to store these in a safe place. # Back up RRD files (metrics data) # Check the file size before compressing the RRDs. Use of the tar command is not # recommended if the RRDs are larger than 50 GB; see note below. du -hs /var/lib/netrounds/rrd sudo tar -czf ncc_rrd.tar.gz /var/lib/netrounds/rrd
Note:The
pg_dump
command will ask for a password which can be found in/etc/netrounds/netrounds.conf
under "postgres database". The default password is "netrounds".Note:For a large-scale setup (> 50 GB), making a tarball of the RRD files might take too long, and taking a snapshot of the volume can be a better idea. Possible solutions for doing this include: using a file system that supports snapshots, or taking a snapshot of the virtual volume if the server is running in a virtual environment.
-
On the Ubuntu 16.04 instance, take backups of the Control Center configuration files:
/etc/apache2/sites-available/netrounds-ssl.conf
/etc/apache2/sites-available/netrounds.conf
/etc/netrounds/netrounds.conf
/etc/netrounds/probe-connect.conf
/etc/openvpn/netrounds.conf
For example:
sudo cp /etc/apache2/sites-available/netrounds-ssl.conf /etc/apache2/sites-available/netrounds-ssl.conf.old
-
On the Ubuntu 16.04 instance, back up the license file.
-
The new instance needs to satisfy at least the same hardware requirements as the old one.
-
On the new instance, install Ubuntu 18.04. We recommend the following tutorial:
As far as Paragon Active Assurance is concerned, you can keep the defaults throughout. (It may of course happen that you need to make different choices for reasons unrelated to Paragon Active Assurance.)
-
Once Ubuntu 18.04 is installed, reboot the system.
-
The following disk partitioning is recommended, especially for snapshot backups (but it is up to you as a user to decide):
- Recommended partitioning for lab setup:
/
: Whole disk, ext4.
- Recommended partitioning for production setup:
/
: 10% of disk space, ext4./var
: 10% of disk space, ext4./var/lib/netrounds/rrd
: 80% of disk space, ext4.
- No encryption
- Recommended partitioning for lab setup:
-
Set the time zone to UTC, for example as follows:
sudo timedatectl set-timezone Etc/UTC
-
Set all locales to
en_US.UTF-8
.-
One way to do this is to manually edit the file
/etc/default/locale
. Example:LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LANGUAGE=en_US.UTF-8
-
Make sure the following line is NOT commented out in the /etc/locale.gen:
en_US.UTF-8 UTF-8
-
Regenerate the locale files to make sure the selected language is available:
sudo apt-get install locales sudo locale-gen
-
-
-
Make sure that traffic on the following ports are allowed to and from Control Center:
- Inbound:
- TCP port 443 (HTTPS): Web interface
- TCP port 80 (HTTP): Web interface (used by Speedtest, redirects other URLs to HTTPS)
- TCP port 830: ConfD (optional)
- TCP port 6000: Encrypted OpenVPN connection for Test Agent Appliances
- TCP port 6800: Encrypted WebSocket connection for Test Agent Applications
- Outbound:
- TCP port 25 (SMTP): Mail delivery
- UDP port 162 (SNMP): Sending SNMP traps for alarms
- UDP port 123 (NTP): Time synchronization
- Inbound:
-
Install NTP:
-
First disable
timedatectl
:sudo timedatectl set-ntp no
-
Run this command:
timedatectl
and verify that
systemd-timesyncd.service active: no
-
Now you can run the NTP installation:
sudo apt-get install ntp
-
Make sure that the configured NTP servers are reachable:
ntpq -np
The output should normally be "all ones" expressed in octal. 1
-
-
Install PostgreSQL and set up a user for Control Center:
sudo apt-get update sudo apt-get install postgresql sudo -u postgres psql -c "CREATE ROLE netrounds WITH ENCRYPTED PASSWORD 'netrounds' SUPERUSER LOGIN;" sudo -u postgres psql -c "CREATE DATABASE netrounds OWNER netrounds ENCODING 'UTF8' TEMPLATE 'template0';"
Using an external PostgreSQL server is not recommended.
-
Install and configure an email server.
-
Control Center will send emails to users:
- when they are invited to an account,
- when sending email alarms (i.e. if email rather than SNMP is used for this purpose), and
- when sending periodic reports.
-
Run the command
sudo apt-get install postfix
-
For a simple setup where postfix can send directly to the destination email server, you can set General type of mail configuration to "Internet Site", and System mail name can usually be left as-is. Otherwise, postfix needs to be configured according to the environment. For guidance, refer to the official Ubuntu documentation at https://help.ubuntu.com/lts/serverguide/postfix.html.
-
-
Install Control Center on the Ubuntu 18.04 instance.
This procedure also installs the Paragon Active Assurance REST API.
export CC_VERSION=<enter new version here> # Compute the checksum for the tar file and verify that it is equal to the SHA256 # checksum provided on the download page sha256sum paa-control-center_${CC_VERSION}.tar.gz # Unpack the tarball tar -xzf netrounds-control-center_${CC_VERSION}.tar.gz # Make sure packages are up to date sudo apt-get update # Start the installation sudo apt-get install ./netrounds-control-center_${CC_VERSION}/*.deb
-
Stop all Paragon Active Assurance services:
sudo systemctl stop "netrounds-*" apache2 openvpn@netrounds
-
Restore database backup:
sudo -u postgres psql --set ON_ERROR_STOP=on netrounds < ncc_postgres.sql
-
Before doing the database migration, you need to perform some additional steps. Go to this Knowledge base article, scroll down to the section Actions if the release has been installed, and perform steps 1 through 4 of those instructions.
Note:Do not perform step 5 at this point.
-
Run the database migration:
Note:This is a sensitive command, and care should be taken when executing it on a remote machine. In such a scenario it is strongly recommended that you use a program like
screen
ortmux
so that the migrate command will continue running even if the ssh session breaks.sudo ncc migrate
The
ncc migrate
command takes considerable time to execute (many minutes). It should print the following (details omitted below):Migrating database... Operations to perform: <...> Synchronizing apps without migrations: <...> Running migrations: <...> Creating cache table... <...> Syncing test scripts... <Updating script ...>
-
Transfer the backup data to the 18.04 instance using
scp
or some other tool. -
Restore the OpenVPN keys:
# Remove any existing OpenVPN keys sudo rm -rf /var/lib/netrounds/openvpn # Unpack the backed-up keys sudo tar -xzf ncc_openvpn.tar.gz -C /
-
Restore RRD data:
# Remove any existing RRDs sudo rm -rf /var/lib/netrounds/rrd # Unpack the backed-up RRDs sudo tar -xzf ncc_rrd.tar.gz -C /
-
Compare the backed-up configuration files with the newly installed ones, and manually merge the contents of the two sets of files (they should remain in the same locations).
-
Activate the product license using the license file taken from the old instance:
ncc license activate ncc_license.txt
-
Start Paragon Active Assurance services:
sudo systemctl start --all "netrounds-*" apache2 kafka openvpn@netrounds
-
To activate the new configuration, you also need to run:
sudo systemctl reload apache2
-
Install new Test Agent repositories:
TA_APPLIANCE_VERSION=<enter version number here> TA_APPLICATION_VERSION=<enter version number here> # For versions prior to 3.0: # Verify the integrity of the repositories (response should be "OK") shasum -c netrounds-test-agent_${TA_APPLIANCE_VERSION}_all.sha256 shasum -c netrounds-test-agent-application_${TA_APPLICATION_VERSION}.sha256.sum # For version 3.0 and later: # Compute checksums for the repositories and verify that they match the # SHA256 checksums provided on the download page sha256sum paa-test-agent_${TA_APPLIANCE_VERSION}_all.deb sha256sum paa-test-agent-application_${TA_APPLICATION_VERSION}.tar.gz # Start the installation sudo apt-get install \ ./netrounds-test-agent_${TA_APPLIANCE_VERSION}_all.deb sudo cp netrounds-test-agent-application_${TA_APPLICATION_VERSION}.tar.gz \ /usr/lib/python2.7/dist-packages/netrounds/static/test_agent/
-
(Optional) Follow the NETCONF & YANG API Orchestration Guide to install and configure ConfD if you need it.
When you upgrade to 3.x later on, you must begin by running this command:
sudo apt-mark unhold python-django python-django-common