User Guide

Single Node Upgrade from 4.22 to 4.23

This guide will lead you through the steps specific for upgrading from a NetEye Single Node installation from version 4.22 to 4.23. You must have successfully completed the Update Procedure before attempting to start the upgrade procedure.

Warning

Remember that you must upgrade sequentially without skipping versions, therefore an upgrade to 4.23 is possible only from 4.22; for example, if you have version 4.14, you must first upgrade to the 4.15, then 4.16, and so on.

Before starting an upgrade, you should very carefully read the latest release notes on NetEye’s blog and check the feature changes and deprecations specific to the version being upgraded. You should check also the whole section Breaking Changes below.

The remainder of this section is organised as follows. Section Breaking Changes introduces substantial changes that users must be aware of before starting the upgrade procedure and may require to carry out some tasks before starting the upgrade; section NetEye Single Node Upgrade Procedure presents the actual procedure, and finally section Additional Tasks shows which tasks must be executed after the upgrade procedure has been successfully executed.

Breaking Changes

New underlying operating system

We recall that the upgrade procedure includes a change of operating system. Therefore, the upgrade consists of 3 steps:

  1. Conversion from CentOS 7 to RHEL 7

  2. Upgrade from RHEL 7 to RHEL 8

  3. NetEye upgrade finalization

A manual reboot of the system is required between each step. The 3-steps procedure can take a long time and must be performed in its entirety in one session, as systems in intermediate state are not supported.

Warning

There will be a downtime for the duration of the procedure until its completion and all NetEye services will be stopped during this period.

NetEye Single Node Upgrade Procedure

Prerequisites

Be sure to meet the following requirements before starting:

  1. NetEye must be version 4.22 fully updated

  2. NetEye must be up and running with no health checks failing

  3. There must be at least 20GB of free space in /

  4. There must be at least 20GB of free space in /var

  5. All nodes must be able to reach the following domains over HTTPS (port 443 TCP):

    • cdn.redhat.com

    • cdn-ubi.redhat.com

    • cert-api.access.redhat.com

    • cert.cloud.redhat.com

    • subscription.rhsm.redhat.com

  6. Have a valid organization ID, activation key and name, which can be obtained through the official channels: sales, consultant or support portal

  7. Kernel requirements:

    • Some kernel modules are incompatible with RHEL 8 and need to be replaced. The system upgrade command will ensure those modules are not active in your installation. However, if any are found, refer to the related troubleshooting section for directions on how to proceed.

    • Ensure the system is running the latest installed kernel. To check this please compare rpm -q kernel with uname -r.

    • Only one unused kernel version should be installed on the system (this is needed to avoid filling the boot partition during the upgrade). To remove all kernels except the currently running version and the previous one you can use the command:

      neteye# package-cleanup --oldkernels --count=1

  8. Filesystem types requirements:

    • Ensure there are no XFS filesystems with ftype=0 mounted.

      Run the script:

      neteye# for dev in $(findmnt -t xfs -n -o SOURCE); do echo "$dev: $(xfs_info $dev | grep -w -o ftype=0)"; done

      Case 1: If no output is reported, then no XFS filesystems with ftype=0 are mounted.

      Case 2: If any output is reported, as in the snippet below, then please refer to XFS ftype=0 case.

      /dev/mapper/rhel-root: ftype=0
/dev/mapper/rhel-usr: ftype=0
/dev/vda1: ftype=0
/dev/mapper/rhel-home: ftype=0
/dev/mapper/rhel-var: ftype=0

    • Ensure no Network filesystems (e.g. NFS, SMB, GlusterFS) are mounted or configured to be mounted on reboot. Otherwise please refer to the support portal for assistance.

  9. Package installation requirements:

    • Ensure there are no unfinished YUM transactions. For that please run the following command:

      neteye# yum-complete-transaction --cleanup-only

    • Ensure no duplicate RPM packages are installed. To check if there are any duplicates you can execute:

      neteye# package-cleanup --dupes

      To remove any discovered duplicates run instead:

      neteye# package-cleanup --cleandupes

    • Ensure urllib3 and requests python modules are only installed via RPM packages. In case urllib3 and requests are installed via pip, please run the following commands:

      neteye# pip2 uninstall requests urllib3

      neteye# yum reinstall python-urllib3.noarch python-requests.noarch

  10. Ensure that there are no customizations or recurring tasks running as they may interfere with the upgrade. This includes for example backups, Beats, custom scripts and so on.

If your NetEye installation uses some custom services or some custom Icinga2 checks, it is possible that you will need to fix them manually during or after the upgrade and you may need the assistance of our support or consultant team.

Warning

The upgrade is not storing a big amount of data in /neteye partition, but during the upgrade some application may write a significant amount of logs. For this reason we suggest to have at least 5GB of free space in /neteye partition and also to have at least 10% of free space in all filesystems not mentioned above.

Step 1: Conversion from CentOS 7 to RHEL 7

To perform the conversion to RHEL 7, run from the command line the command:

# (nohup neteye node system-upgrade --org <organization_id> --key <activation_key> --name <name> &) && tail --retry -f nohup.out

This command takes care of checking the system status and performs the conversion to RHEL 7. We recall that the organization ID and the activation key can be obtained upon request to our service desk.

In case of any errors, the command will show the reason of the failure. After fixing the problem, please repeat Step 1 from the beginning.

At the end of the conversion a success message is shown and you will be prompted to restart the system. To reboot the system run the following command:

# reboot

Step 2: Upgrade from RHEL 7 to RHEL 8

After the previous reboot, it is time to upgrade from RHEL 7 to RHEL 8 by running command:

# (nohup neteye node system-upgrade --org <organization_id> --key <activation_key> --name <name> &) && tail --retry -f nohup.out

During the upgrade the following kernel modules will be removed because they are not compatible with RHEL 8:

  • pata_acpi: pata_acpi is used for device configuration and power management of P-ATA storage devices

  • pam_pkcs11: this Linux-PAM login module allows a X.509 certificate based user login

The command will perform a pre-upgrade in order to check the status of the system; any of the following conditions may prompt a manual intervention:

  • Since a newer kernel version is installed but currently not running, it is necessary to reboot the system, then execute the neteye node system-upgrade command again

  • Some packages not provided by NetEye have been installed and are not compatible with RHEL 8: packages that are not compatible with RHEL 8 must be removed or can be updated by saving a RHEL 8 compatible update package in the folder /var/www/html/rhel8-rpms-migration. Alternatively, additional repositories to be used only during the upgrade can be added to file /etc/leapp/files/leapp_upgrade_repositories.repo.

  • Other system-specific cases: in this case a detailed report of the causes will be generated in /var/log/leapp/leapp-report.txt

In case of any errors, the command will show the reason of the failure. After fixing the problem, please repeat Step 2 from the beginning.

At the end of the upgrade a success message is shown and you will be informed to restart the system. During the reboot further tasks will be performed in order to complete the upgrade to RHEL 8.

Warning

The whole reboot procedure will take at least 35-40 minutes.

To reboot the system run the following command:

# reboot

Step 3: Upgrade finalization

To complete the procedure and finalize the NetEye upgrade, run from the command line the command:

# (nohup neteye node system-upgrade --org <organization_id> --key <activation_key> --name <name> &) && tail --retry -f nohup.out

All the tasks carried out by the command are listed in section neteye upgrade; a dedicated section provides directions in case the command fails.

Additional Tasks

This section lists the tasks that must be carried out manually, because they are not part of the neteye node system-upgrade command.

In this release, no additional task is required.