User Guide

Update Procedure

This section contains an overview of the CentOS and NetEye update procedure. Please read it carefully before actually starting the update procedure.

CentOS Operating System Updates

Operating system updates often address security vulnerabilities that have been recently discovered or not previously disclosed. If operating system updates are not installed in a timely manner, you run the risk of unauthorized access as well as the theft or destruction of personal and/or confidential data.

NetEye base OS packages published in the official public repository are updated on a regular weekly basis. Indeed, the latest updates available of the current minor CentOS release are fetched and tested within Würth Phoenix testing area; after a week of successful testing, they are released to the public. Also, the published NetEye ISO is updated during this regular weekly process.

CentOS minor upgrades are delivered after an extended testing phase during the release cycle currently in progress. If the testing phase is successful, the CentOS minor upgrade is published on the repo for the current minor release. Also, the NetEye ISO is updated accordingly.

Additional information about CentOS versioning is available in the official documentation.

NetEye installations can be updated by using the command neteye update, which will carry out a number of tasks, some of which on Clusters only. The command requires almost no interaction and should normally conclude successfully, except for the following situations:

  1. A (health) check fails

  2. An .rpmnew and/or .rpmsave file is found

  3. The elected NetEye Master node is in standby mode

Check the sections NetEye Single Instance and NetEye Cluster for details on the tasks executed and section Troubleshooting for directions on how to tackle these problems.

NetEye Single Instance

On a NetEye Single Instance, the update procedure is carried out by running:

# nohup neteye update

All the tasks carried out by the command are listed in section neteye update.

If the command is successful, a message will inform you that the update procedure has concluded successful; otherwise, check section Troubleshooting to fix the problems, then run the command again.

Finally, to ensure that any potentially stopped and/or newly installed NetEye services are running, use the command

# neteye start

NetEye Cluster

Updating a cluster will take a nontrivial amount of time, however no downtime needs to be planned. During the cluster update, individual nodes will be put into standby mode and so overall cluster performance will be degraded until the update procedure is completed and all nodes are removed from standby mode.

An estimate for the time needed for a full upgrade (update + upgrade) when the cluster is healthy, there is no additional NetEye modules installed, and the procedure is successful is approximately 30 minutes, plus 15 minutes per node.

Warning

This estimate does not include the time required to download the packages and for any manual intervention due to failure of tasks during the execution of the neteye update and neteye upgrade commands.

Prerequisites

Kernel and DRBD version

It is critical that the versions of the Linux kernel and drbd match. Clusters must not be updated If an package update would cause a version mismatch.

You can find the currently installed and the available package versions by running the following two commands, then checking that the version numbers reported in the line Installed Packages match those reported on the last line of the Available Packages column.

# yum list kernel --show-duplicates
Installed Packages
kernel.x86_64      3.10.0-1160.42.2.el7      @updates
# yum list kmod-drbd --show-duplicates
Installed Packages
kmod-drbd.x86_64      9.0.30_3.10.0_1160.42.2-1      @neteye-os

In this case, the versions match: 3.10.0-1160.42.2.el7 9.0.30_3.10.0_1160.42.2-1

If yum reports that either the kernel or drbd has a newer version available, you need to check that after an update their versions will again be the same.

Running the Update

On a NetEye Single Instance, the update procedure is carried out by running:

# nohup neteye update

All the tasks carried out by the command are listed in section neteye update.

If the command is successful, a message will inform you that the update procedure has concluded successful; otherwise, check section Troubleshooting to fix the problems, then run the command again.

Cluster Reactivation

You can now restore the cluster to high availability operation.

  • Run the following command to remove all nodes from standby mode (it doesn’t matter which node this command is run on):

    # pcs node unstandby --all
    
  • Please ensure your cluster is healthy by checking the standard procedure described in the section How to check the NetEye Cluster status.

  • If you previously disabled stonith above to disable fencing, re-enable it:

    # pcs property set stonith-enabled=true
    

NetEye Satellites

To update a Satellite it is required to have the configuration archive located in /root/satellite-setup/config/<neteye_release>/satellite-config.tar.gz.

To automatically download the latest update you can run the following command on the Satellite:

neteye satellite update

The command will download and install the latest version of both Operating System packages and NetEye stable packages.

Please check for any .rpmnew and .rpmsave files (see the Migrate RPM Configuration section for further information).

If the command is successful, a message will inform you that it is possible to continue the update procedure.

Execute the command below to setup the Satellite with the new updates:

neteye satellite setup