Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Upgrade Procedure

Below are instructions for upgrading Control Center. This is the procedure that should normally be followed. An alternative procedure is described in the next chapter.

Be sure to refer to the current Paragon Active Assurance Installation Guide.

  • Make backups according to the Operations Guide, chapter Backing Up Product Data, starting with the section "Backing Up the PostgreSQL Database".

    In addition, back up the file /etc/netrounds/secret_key and keep it with the backup archives:

    Note:

    Taking backup of certificates and secret key files are required only if you are upgrading from Release 4.1 or earlier releases.

  • Make backups of the disks or disk partitions used by Control Center (or take a VM snapshot).

  • Disable the apache2 and netrounds-callexecuter services completely:

  • Stop all Paragon Active Assurance services:

  • Verify that all services are stopped:

    If some service is not in status stopped, run the following command once more:

    If the problem persists, please contact Juniper technical support.

  • Upgrade Ubuntu from version 18.04 to version 22.04. This can be done in two steps as described on the pages linked below:

  • Verify the integrity of the tarball containing the new Control Center version:

  • Unpack the Control Center tarball:

  • Install new Control Center packages.

    Note the following:

    • In the file /etc/netrounds/netrounds.conf you need to replace the setting PASSWORD_RESET_TIMEOUT_DAYS with PASSWORD_RESET_TIMEOUT. The former gives the timeout in days, whereas the latter has seconds as unit.
    • In the file /etc/netrounds/netrounds.conf you can also optionally configure the SPEEDTEST_ADDRESS setting (if you are going to use Speedtest). This can either point to the same IP address that SITE_URL resolves to, or it can have a hostname of its own.
    Warning:

    You will be prompted about overwriting existing configuration files. Before proceeding, please read all the information about settings below.

    Note:
    • We highly recommend that you first inspect the difference between your old configuration and the new one using the "D" choice. In most cases you will then want to keep your old settings by pressing "N" (do not overwrite).
    • New optional and updated settings may be available in the example configuration files provided in the packages. We recommend that you review these and add new options as appropriate for your installation.
    Warning:

    For the Apache configuration files found in

    you need to press "Y", which is the "package maintainer's version".

    If you have installed proper SSL certificates (as recommended) instead of the default snakeoil ones, you will have to modify the file again to point to the correct path in the SSLCertificateFile and SSLCertificateKeyFile settings after the Debian package installation has completed. See the Installation Guide, chapter Service Configuration, section "SSL Certificate Configuration".

  • Run the database migration:

    Warning:

    If you have changed the database password from the default, make sure you also change this in the db-password setting in the /etc/netrounds/plugin.yaml file before running ncc migrate. Otherwise, the command will fail.

    Note:
    • This is a sensitive command, and care should be taken when executing it on a remote machine. In such a scenario it is strongly recommended that you use a program like screen (generally installed by default on popular Linux distributions) or tmux (run sudo apt-get install tmux to install) so that the migrate command will continue running even if the ssh session breaks.
    • This command takes considerable time to execute.
  • Change the /var/lib/netrounds/openvpn owner to netrounds:

  • Restart all Paragon Active Assurance services:

  • Install the new Test Agent repository and plugins.

    The plugins are used by Test Agent Applications.

  • Enable services as follows:

    Note:

    If the TimescaleDB and Metrics services are expected to be running after the upgrade, you need to enable these as well since they are not enabled by default:

  • Restart all Paragon Active Assurance services:

    Note:

    You must do this to get the services up and running again after the upgrade.

  • To activate the new configuration, you also need to run:

  • Check that the system is up and running with the commands

  • Run the following script to enable the latest version of all plugins in all accounts:

    If you encounter the following error after you run the script, create a support case by attaching the script output in order to troubleshoot the error.

    For more information on how to manage plugins using the Control Center CLI, see the in-app help under "Plugins".

  • Log in to the Control Center GUI and go to the Test Agents view. Next to each Test Agent for which an upgrade is available, an up-arrow icon appears. Click that icon to go ahead with the upgrade.

Upgrading Postgres

In this section we will upgrade the netrounds and paa-plugins databases to use Postgres 14 instead of Postgres 10.

Work through the following steps:

  • Verify that Postgres 10 is currently used:

    The expected output is:

    If the above command reports Postgres 14, don't take any further actions.

  • Stop Control Center servies:

  • Stop both Postgres clusters:

  • Before doing the actual upgrade, run the following check:

    If the pg_upgrade check reports errors that are not easily fixable, contact Juniper technical support.

    If there are no errors and pg_upgrade reported that the clusters are compatible, you can proceed with the upgrade.

  • Upgrade Postgres:

  • Change the port assignment so that Postgres 10 uses port 5434 and Postgres 14 uses port 5432.

    Update the value of port in /etc/postgresql/14/main/postgresql.conf to 5432:

    Update the value of port in /etc/postgresql/10/main/postgresql.conf to 5434:

  • Start the postgresql service:

  • Alter the password for the netrounds user:

  • Run the statistics optimizer:

  • Start Control Center services:

  • Verify that Postgres 14 is now being used for netrounds database:

    Expected output:

    Expected output:

  • Verify that Control Center is functional and remove old cluster data:

  • Optionally remove postgresql-10 and postgresql-12 client/server packages:

Upgrading ConfD

If the ConfD service is installed in Control Center, do the following:

Troubleshooting

Password Authentication Failed For User

If the ncc migrate command fails with an error message

you must update the variable db-password in the /etc/netrounds/plugin.yaml file as explained in the warning above. Edit this file and then rerun ncc migrate.

Target WSGI Script Not Found

If you accidentally selected "N" for the Apache configuration files (see this step above) and got an error message like the one below

run the following commands to get back on track:

This overwrites the old configuration with the new one in the updated package.

Again, if you have installed proper SSL certificates (as recommended) instead of the default snakeoil ones, you will have to modify the file again to point to the correct path in the SSLCertificateFile and SSLCertificateKeyFile settings after the Debian package installation has completed. See the Installation Guide, chapter Service Configuration, section "SSL Certificate Configuration".

Same Origin Policy Disallows Reading the Remote Resource

This or some similar error may occur if you have set SITE_URL and SPEEDTEST_ADDRESS to different values in /etc/netrounds/netrounds.conf. You then need to change ALLOWED_ORIGINS in /etc/netrounds/restol.conf to allow both of these values in the restol.conf file. The simplest way to achieve this is to delete any value previously assigned to ALLOWED_ORIGINS. That setting will then get a default value which allows SITE_URL and SPEEDTEST_ADDRESS as found in /etc/netrounds/netrounds.conf.

openvpn@netrounds Service Fails to Find dh.pem File

If this happens, output like that below will be given:

To resolve, run the following commands:

openvpn@netrounds Service Reports Weak CA Key

In this case, the output will look like this:

What you need to do is to modify the /etc/openvpn/netrounds.conf file by appending the line below at the end of the file:

Then restart the openpvn service:

Control Center Installation Fails Due to the Conflict with the containers-common Package

Sometimes, during the Ubuntu system upgrade, not all deprecated packages are removed and therefore the Control Center installation fails with the following error message:

In this case, run the apt-cache rdepends --installed containers-common command to check which package holds containers-common package. If this command returns the following output, then you can delete the containers-common package, and reinstall Control Center.

To delete the containers-common package, run the following command: