Alternative Upgrade Procedure
This chapter describes a Control Center upgrade from 4.1 to 4.3 using a separate instance with Ubuntu 22.04 installed, as an alternative of the in-place upgrade (requiring multiple OS upgrades) described in the Upgrade Procedure chapter.
Packages Installed for 4.3
paa-control-center_4.2.0.54.tar.gz paa-netconf-yang_4.2.0.54.tar.gz paa-test-agent-application_4.2.0.9_all.deb paa-test-agent-plugins_4.2.0.16_all.deb paa-test-agent_4.2.0.11_all.deb
Steps on 4.1 Instance
Backing Up Product Data
sudo ncc services stop --without-timescaledb --with-zookeeper --with-kafka sudo ncc backup sudo ncc services start --without-timescaledb
The backup file is generated in the current working directory and named as follows:
paa-cc-backup-<PAA CC version>-yyyy-dd-mm_hh-MM-ss.tar.gz
Example:
paa-cc-backup-4.1.3.33-2023-16-05_10-21-13.tar.gz
was generated on May, 16th 2023 at 10:21:13.
Backing Up Plugin Service Data
Run this command:
sudo -u postgres pg_dump -t account \ -t user -t test_agent -t task \ -t measurement --data-only paa-plugins > paa_plugins_data.sql
Backing Up the SSL Certificates and Keys
This procedure creates a TAR archive that might contain duplicates as the same cert/key file may be mentioned in multiple configuration files.
-
Create a TAR archive
paa_cc_certs.tar
:export TAR_ARCHIVE="paa_cc_certs.tar" sudo tar -cf "$TAR_ARCHIVE" --files-from /dev/null
-
Collect the secret key path:
- Open the file
etc/netrounds/netrounds.conf
. - Copy the value for the
SECRET_KEY_FILE
setting without single/double quotes (<SECRET_KEY_FILE value
>) -
Paste the value you just obtained at the end of this command:
sudo tar --append --file="$TAR_ARCHIVE" -C / <SECRET_KEY_FILE value>
For example, if the value of
SECRET_KEY_FILE
is/etc/netrounds/secret_key
, the command will be:sudo tar --append --file="$TAR_ARCHIVE" -C / /etc/netrounds/secret_key
Note:The output
tar: Removing leading `/' from member names
is for information only and can be ignored. The command will still add the file as expected.
- Open the file
-
Collect the certificate from the services configuration files:
- Open the file
/etc/netrounds/consolidated.yaml
. -
Copy the value
<cert path>
for bothssl-key
andssl-cert
directives, but only if they are uncommented and have a name different fromssl-cert-snakeoil
.Example:
- Copy this one:
/etc/certs/fullchain.pem
- Don't copy this one:
/etc/ssl/certs/ssl-cert-snakeoil.pem
- Copy this one:
-
Paste the value you just copied at the end of this command:
sudo tar --append --file="$TAR_ARCHIVE" -C / <cert path>
Note:The output
tar: Removing leading `/' from member names
is for information only and can be ignored. The command will still add the file as expected.
- Repeat the steps above for the files
/etc/netrounds/plugin.yaml
and/etc/netrounds/test-agent-gateway.yaml
.
- Open the file
-
Collect the certificates used by the Apache web server:
- Open the file
/etc/apache2/sites-available/netrounds-restol-standalone.conf
. - Copy the value
<cert path>
for bothSSLCertificateFile
andSSLCertificateKeyFile
directives, but only if they are uncommented and have a name different fromssl-cert-snakeoil
. -
Paste the value you just copied at the end of this command:
sudo tar --append --file="$TAR_ARCHIVE" -C / <cert path>
Note:The output
tar: Removing leading `/' from member names
is for information only and can be ignored. The command will still add the file as expected.
- Repeat the steps above for the file
/etc/apache2/sites-available/netrounds-ssl.conf
.
- Open the file
-
Copy the backup files to the Ubuntu 22.04 instance:
paa-cc-backup-<PAA CC version>-yyyy-dd-mm_hh-MM-ss.tar.gz paa_cc_certs.tar paa_plugins_data.sql
Steps on 4.3 Instance
- Installing Required OS and Software
- Restoring Product Backup from Data
- Downloading Control Center and Test Agent Repositories
- Installing Control Center and Related Tasks
- Configuring the Metrics Service
Installing Required OS and Software
Follow the Paragon Active Assurance 4.3 Installation Guide, chapter "Installing Required OS and Software".
Restoring Product Backup from Data
-
Drop the main PostgreSQL database and plugin database:
sudo -u postgres psql -c "DROP DATABASE IF EXISTS netrounds;"
sudo -u postgres psql -c 'DROP DATABASE IF EXISTS "paa-plugins";'
-
Recreate the main PostgreSQL database and plugin database as described in the 4.3 Operations Guide:
sudo -u postgres psql -c "CREATE DATABASE netrounds OWNER netrounds ENCODING 'UTF8' TEMPLATE 'template0';" sudo -u postgres psql -c 'CREATE DATABASE "paa-plugins" OWNER netrounds ENCODING "UTF8" TEMPLATE "template0";'
-
Uncompress the backup archive and enter into the backup archive directory:
tar -xzf paa-cc-backup-<PAA CC version/>-yyyy-dd-mm_hh-MM-ss.tar.gz cd ./paa-cc-backup-<PAA CC version>-yyyy-dd-mm_hh-MM-ss
-
Restore the main PostgreSQL database and plugin database:
sudo -u postgres psql --set ON_ERROR_STOP=on netrounds < paa_cc_postgres.sql sudo -u postgres psql --set ON_ERROR_STOP=on paa-plugins < paa_cc_plugins.sql
-
Restore plugin signing keys:
sudo tar -xzf paa_cc_plugin_keys.tar.gz -C /
-
Restore Control Center configurations:
sudo tar -xzf paa_cc_configs.tar.gz -C /
-
Restore Control Center SSL certificates and secret key:
cd .. sudo tar -xf paa_cc_certs.tar -C /
Downloading Control Center and Test Agent Repositories
Follow the 4.3 Installation Guide.
Installing Control Center and Related Tasks
-
Install Control Center
Follow the procedure in the 4.3 Installation Guide. Below are some specifics of updating configuration files:
- For
/etc/netrounds/restol.conf
, pressN
. -
For
/etc/netrounds/netrounds.conf
, pressD
, thenZ
.-
Back up the current version:
cp /etc/netrounds/netrounds.conf /etc/netrounds/netrounds-41.conf
-
Edit
/etc/netrounds/netrounds.conf
as follows:- Replace
AXES_LOGIN_FAILURE_LIMIT
withAXES_FAILURE_LIMIT
. - Replace
X_FRAME_OPTIONS_HEADER
withX_FRAME_OPTIONS
-
Replace this
# Number of days a password reset link is valid. PASSWORD_RESET_TIMEOUT_DAYS = x
with this:
# Number of seconds a password reset link is valid. # This is equal to x * 24 * 60 * 60, where x is the number of days. Enter the calculated value. PASSWORD_RESET_TIMEOUT =
where
x
is the value ofPASSWORD_RESET_TIMEOUT_DAYS
.
- Replace
-
Compare the two versions of the file:
diff /etc/netrounds/netrounds-41.conf /etc/netrounds/netrounds.conf
- Type
exit
and validate current changes withN
.
-
-
For
/etc/apache2/sites-available/netrounds-ssl.conf
, pressD
, thenZ
.-
Back up the current version:
cp /etc/apache2/sites-available/netrounds-ssl.conf \ /etc/apache2/sites-available/netrounds-ssl-41.conf
-
Replace the Python 3.6 path with one for Python 3.10:
sed -i 's/python3.6/python3.10/g' /etc/apache2/sites-available/netrounds-ssl.conf
-
Compare the two versions of the file:
diff /etc/apache2/sites-available/netrounds-ssl-41.conf \ /etc/apache2/sites-available/netrounds-ssl.conf
-
Type exit and validate current changes with
N
.
-
-
For
/etc/apache2/sites-available/netrounds.conf
, pressD
, thenZ
.-
Back up the current version:
cp /etc/apache2/sites-available/netrounds.conf \ /etc/apache2/sites-available/netrounds-41.conf
-
Replace the Python 3.6 path with one for Python 3.10:
sed -i 's/python3.6/python3.10/g' /etc/apache2/sites-available/netrounds.conf
-
Compare the two versions of the file:
diff /etc/apache2/sites-available/netrounds-41.conf \ /etc/apache2/sites-available/netrounds.conf
-
Type
exit
and validate current changes withN
.
-
-
For
/etc/openvpn/netrounds.conf
, pressD
, thenZ
.-
Update the file to have:
- the value of
cert
pointing to the same name CRT file but underopenvpn/issued
- the value of
key
pointing to the same name KEY file but underopenvpn/private
.
Type
exit
and validate current changes withN
. - the value of
-
- For
/etc/netrounds/test-agent-gateway.yaml
, pressN
. - For
/etc/netrounds/metrics.yaml
, pressN
.
- For
- Restore post-installation config
Run the following commands:
cd ./paa-cc-backup-<PAA CC version>-yyyy-dd-mm_hh-MM-ss sudo tar -xzf paa_cc_plugins.tar.gz -C / sudo tar -xzf paa_cc_license.tar.gz -C / sudo tar -xzf paa_cc_rrd.tar.gz -C / sudo tar -xzf paa_cc_openvpn.tar.gz -C /
- Run the database migration (and change ownership for one file)
Run the following commands:
sudo ncc migrate sudo chown -R netrounds: /var/lib/netrounds/openvpn sudo ncc services restart sudo -u postgres psql paa-plugins < paa_plugins_data.sql
- Install the Test Agent repositories and plugins
Run the following commands:
export TA_APPLIANCE_BUILD=4.3.0.X export TA_APPLICATION_BUILD=4.3.0.X export PLUGIN_BUILD=4.3.0-X # Compute SHA256 checksums for the repositories and verify that they match the # SHA256 checksums provided on the download page sha256sum paa-test-agent_${TA_APPLIANCE_BUILD}_all.deb sha256sum paa-test-agent-application_${TA_APPLICATION_BUILD}_all.deb sha256sum paa-test-agent-plugins_${PLUGIN_BUILD}_all.deb # Start the installation sudo apt-get install ./paa-test-agent_${TA_APPLIANCE_BUILD}_all.deb sudo apt-get install ./paa-test-agent-application_${TA_APPLICATION_BUILD}_all.deb sudo apt-get install ./paa-test-agent-plugins_${PLUGIN_BUILD}_all.deb # Restart the services sudo ncc services restart
Do the following to enable the latest version of all plugins in all accounts:
ncc plugins edit enabled-version --all-plugins --latest-version --all-accounts
For more information on how to manage plugins using the Control Center CLI, see the in-app help under "Plugins".
Log in to the Control Center GUI and go to the Test Agents view. Next to each Test Agent for which an upgrade is available, an up-arrow icon appears. Click that icon to go ahead with the upgrade.
-
If the ConfD service was enabled in 4.1, install ConfD. Follow the instructions in the Installation Guide, chapter Installing Control Center and Related Tasks, section "Installing ConfD", with one modification: The installation of ConfD from deb packages needs to be done with the command
sudo CONFD_FORCE_CC_CONFIGURE="true" apt-get install ./paa-netconf-yang_4.3.0.0/*.deb
All other commands in the Installation Guide should be applied unchanged.
Note:Some additional configuration is needed; again, see the Installation Guide for details.
Configuring the Metrics Service
If the metrics service was enabled in 4.1, the following steps need to be applied in order to restore the data collected in the TimescaleDB database.
-
Enable and start the timescaledb service:
sudo ncc services enable timescaledb sudo ncc services start timescaledb
-
Restore TimescaleDB from backup:
cd <backup folder location>/paa-cc-backup-<PAA CC version>-yyyy-dd-mm_hh-MM-ss sudo tar zxf paa_cc_timescaledb.tar.gz \ -C /var/lib/netrounds/rrd/timescaledb/pgbackrest/repo sudo /etc/netrounds/backup-restore-timescaledb.sh \ --restore paa-cc-timescaledb/data-yyyy-dd-mm_hh-MM-ss
-
Enable and start the metrics service:
sudo ncc services enable metrics sudo ncc services start metrics