Source Server: OES 2018 SP2 or OES 2018 SP3.
Ensure that the CIS server is upgraded to OES 2023 and patched with the latest patch.
Ensure to follow this sequence when upgrading CIS:
Infrastructure servers
CIS servers
Data Scale servers
To find out whether the server is an Infrastructure or CIS or Data Scale, execute the following command on the server:
cat /etc/opt/novell/cis/configurationStatus.json
The configType parameter displays the following:
"configType":"infraHA" - This is an Infrastructure server.
"configType":"core" - This is a CIS server.
"configType":"scale" - This is a Data Scale server.
Prerequisite
After upgrading to OES 2023, ensure to check the data path port of each infrastructure server, and if the port number is missing in the firewall, add it.
Check the data path port.
docker info | grep "Data Path Port:"
Add the data path port in UDP Ports section using yast2 firewall.
Procedure
Stop the infrastructure services on any one of the node with the following command:
sh /opt/novell/cis/bin/cis_ext_service.sh stop
To verify that infrastructure services are stopped, run the following command:
sh /opt/novell/cis/bin/cis_ext_service.sh status
The output displays, “nothing found in stack: cis”.
Ensure that all the infrastructure nodes are on OES 2023 and patched. Run the following commands on all the infrastructure nodes (3/ 5/ 7 - based on the configuration) to upgrade the service:
sh /opt/novell/cis/bin/cis_ext_service.sh upgrade
The output displays, “Upgrade completed successfully.”
After the upgrade is completed, run the following command to copy the latest configuration files:
cp /etc/opt/novell/cis/newcis3.yml /etc/opt/novell/cis/cis3.yml
cp /etc/opt/novell/cis/newcis5.yml /etc/opt/novell/cis/cis5.yml
cp /etc/opt/novell/cis/newcis7.yml /etc/opt/novell/cis/cis7.yml
Run the following command on any one of the node to start the infrastructure service:
sh /opt/novell/cis/bin/cis_ext_service.sh start
Run the following command to display the status of all the CIS services:
docker ps
On node 1, upgrade the CIS server to OES 2023.
If CIS servers are configured with OES Cluster Services (NCS), then migrate the cluster resource to the upgraded node 1. This causes cluster resource to go to comatose because the CIS services are not updated with the latest changes that are done with OES 2023.
Make the CIS cluster resource offline and manually mount the volumes (where CIS is configured).
Stop the dashboard service by using the command systemctl stop oes-dashboard.service.
Upgrade CIS by running the following script:
sh /opt/novell/cis/bin/cis_upgrade.sh
Modify the Load, Unload and Monitor script.
Log in to iManager.
Under Roles and Tasks, select Clusters > My Clusters, then select the cluster.
If the cluster does not appear in your personalized list of clusters to manage, you can add it. Click Add, browse and select the cluster, then click OK. Wait for the cluster to appear in the list and report its status, then select the cluster.
On the Cluster Manager page or Cluster Options page, select the CIS cluster resource to view its properties, then click the Scripts tab.
Click the Load Script, Unload, or Monitor Script links to view or modify the scripts. If you modify a script, click Apply to save your changes before you leave the page.
Edit the load script for the Cluster Pool and add oes-dashboard.service as below:
#update the links /bin/bash /opt/novell/cis/bin/update_cislinks.sh cis <New media path> # start the services exit_on_error /usr/bin/systemctl start oes-cis-fluentbit.service exit_on_error /usr/bin/systemctl start oes-cis-configuration.service exit_on_error /usr/bin/systemctl start oes-cis-auth.service exit_on_error /usr/bin/systemctl start oes-cis-data.service exit_on_error /usr/bin/systemctl start oes-cis-metadata.service exit_on_error /usr/bin/systemctl start oes-cis-policy.service exit_on_error /usr/bin/systemctl start oes-cis-mgmt.service exit_on_error /usr/bin/systemctl start oes-dashboard.service exit_on_error /usr/bin/systemctl start oes-cis-aggregator.service exit_on_error /usr/bin/systemctl start oes-cis-collector.service exit_on_error /usr/bin/systemctl start oes-cis-repaggregator.service exit_on_error /usr/bin/systemctl start oes-cis-repcollector.service exit_on_error /usr/bin/systemctl start oes-cis-gateway.service # wait before checking their status sleep 5 # check the services exit_on_error /usr/bin/systemctl is-active oes-cis-fluentbit.service exit_on_error /usr/bin/systemctl is-active oes-cis-configuration.service exit_on_error /usr/bin/systemctl is-active oes-cis-auth.service exit_on_error /usr/bin/systemctl is-active oes-cis-data.service exit_on_error /usr/bin/systemctl is-active oes-cis-metadata.service exit_on_error /usr/bin/systemctl is-active oes-cis-policy.service exit_on_error /usr/bin/systemctl is-active oes-cis-mgmt.service exit_on_error /usr/bin/systemctl is-active oes-dashboard.service exit_on_error /usr/bin/systemctl is-active oes-cis-aggregator.service exit_on_error /usr/bin/systemctl is-active oes-cis-collector.service exit_on_error /usr/bin/systemctl is-active oes-cis-repaggregator.service exit_on_error /usr/bin/systemctl is-active oes-cis-repcollector.service exit_on_error /usr/bin/systemctl is-active oes-cis-gateway.service # restart firewall if its running systemctl status firewalld.service if [ $? -eq 0 ]; then ignore_error systemctl restart firewalld.service fi
Edit the unload script for the Cluster Pool and add oes-dashboard.service as below:
ignore_error /usr/bin/systemctl stop oes-cis-fluentbit.service ignore_error /usr/bin/systemctl stop oes-cis-auth.service ignore_error /usr/bin/systemctl stop oes-cis-data.service ignore_error /usr/bin/systemctl stop oes-cis-metadata.service ignore_error /usr/bin/systemctl stop oes-cis-policy.service ignore_error /usr/bin/systemctl stop oes-cis-mgmt.service ignore_error /usr/bin/systemctl stop oes-dashboard.service ignore_error /usr/bin/systemctl stop oes-cis-aggregator.service ignore_error /usr/bin/systemctl stop oes-cis-collector.service ignore_error /usr/bin/systemctl stop oes-cis-repaggregator.service ignore_error /usr/bin/systemctl stop oes-cis-repcollector.service ignore_error /usr/bin/systemctl stop oes-cis-gateway.service ignore_error /usr/bin/systemctl stop oes-cis-configuration.service
Edit the monitor script for the Cluster Pool and add oes-dashboard.service as below:
exit_on_error /usr/bin/systemctl is-active oes-cis-fluentbit.service exit_on_error /usr/bin/systemctl is-active oes-cis-auth.service exit_on_error /usr/bin/systemctl is-active oes-cis-data.service exit_on_error /usr/bin/systemctl is-active oes-cis-metadata.service exit_on_error /usr/bin/systemctl is-active oes-cis-policy.service exit_on_error /usr/bin/systemctl is-active oes-cis-mgmt.service exit_on_error /usr/bin/systemctl is-active oes-dashboard.service exit_on_error /usr/bin/systemctl is-active oes-cis-aggregator.service exit_on_error /usr/bin/systemctl is-active oes-cis-collector.service exit_on_error /usr/bin/systemctl is-active oes-cis-repaggregator.service exit_on_error /usr/bin/systemctl is-active oes-cis-repcollector.service exit_on_error /usr/bin/systemctl is-active oes-cis-gateway.service exit_on_error /usr/bin/systemctl is-active oes-cis-configuration.service
Changes do not take effect until you take the resource offline, and bring it online again.
Verify the CIS services are successfully upgraded by using the following command:
cishealth
When the status displays “Healthy”, then the CIS server is successfully upgraded.
Restart the agent services.
systemctl restart oes-core-agent.service oes-dashboard-agent.service oes-cis-agent.service oes-cis-recall-agent.service oes-cis-scanner.service
systemctl status oes-core-agent.service oes-dashboard-agent.service oes-cis-agent.service oes-cis-recall-agent.service oes-cis-scanner.service
Depending on your environment, run the commands to start the service:
If Gateway and Data Scale Services: Run the Gateway first and then Data Scale command.
systemctl status oes-cis-gatewayforscale.service
systemctl status oes-cis-dataatscale.service
Restart the services
systemctl restart oes-cis-gatewayforscale.service
systemctl restart oes-cis-dataatscale.service