If you are upgrading from OES 23.4 or earlier release, see OES 23.4: CIS Administration Guide.
If you are upgrading from OES 24.3 to OES 24.4 then ensure that CIS multi-server with Docker Swarm configuration is moved to K3s.
Ensure to follow this sequence when upgrading CIS:
Infrastructure servers
CIS servers
Data Scale servers
To find out whether the server is an Infrastructure or CIS or Data Scale, execute the following command on the server:
cat /etc/opt/novell/cis/configurationStatus.json
The configType parameter displays the following:
"configType":"infraHA" - This is an Infrastructure server.
"configType":"core" - This is a CIS server.
"configType":"scale" - This is a Data Scale server.
Procedure
Stop the infrastructure services on any one of the node with the following command:
cis_ext_service.sh stop
To verify that infrastructure services are stopped, run the following command:
cis_ext_service.sh status
The output displays, “nothing found in stack: cis”.
Ensure that all the infrastructure nodes are on OES 24.4. Run the following command on all the infrastructure nodes (3/ 5/ 7 - based on the configuration) to upgrade the service:
cis_ext_service.sh upgrade
The output displays, “Upgrade completed successfully.”
Run the following command on any one of the node to start the infrastructure service:
cis_ext_service.sh start
Run the following command to display the status of all the CIS services:
kubectl get pods
On node 1, upgrade the CIS server to OES 24.4.
If CIS servers are configured with OES Cluster Services (NCS), then migrate the cluster resource to the upgraded node 1. Cluster resource will be up and running or might go to comatose because the CIS services are not updated with the latest changes that are done with OES 24.4.
Make the CIS cluster resource offline and manually mount the volumes (where CIS is configured).
Upgrade CIS by running the following script:
sh /opt/novell/cis/bin/cis_upgrade.sh
Modify the Load, Unload and Monitor script.
Log in to iManager.
Under Roles and Tasks, select Clusters > My Clusters, then select the cluster.
If the cluster does not appear in your personalized list of clusters to manage, you can add it. Click Add, browse and select the cluster, then click OK. Wait for the cluster to appear in the list and report its status, then select the cluster.
On the Cluster Manager page or Cluster Options page, select the CIS cluster resource to view its properties, then click the Scripts tab.
Click the Load Script, Unload, or Monitor Script links to view or modify the scripts. If you modify a script, click Apply to save your changes before you leave the page.
Edit the load script for the Cluster Pool as shown below:
# update the links
/bin/bash /opt/novell/cis/bin/update_cislinks.sh cis <New media path>
# Verify the cis subnet address
/bin/bash /opt/novell/cis/bin/update_docker_subnet.sh
# start the services
exit_on_error /usr/bin/systemctl start oes-cis-fluentbit.service
exit_on_error /usr/bin/systemctl start oes-cis-configuration.service
exit_on_error /usr/bin/systemctl start oes-cis-auth.service
exit_on_error /usr/bin/systemctl start oes-cis-data.service
exit_on_error /usr/bin/systemctl start oes-cis-metadata.service
exit_on_error /usr/bin/systemctl start oes-cis-policy.service
exit_on_error /usr/bin/systemctl start oes-cis-mgmt.service
exit_on_error /usr/bin/systemctl start oes-dashboard.service
exit_on_error /usr/bin/systemctl start oes-cis-aggregator.service
exit_on_error /usr/bin/systemctl start oes-cis-collector.service
exit_on_error /usr/bin/systemctl start oes-cis-repaggregator.service
exit_on_error /usr/bin/systemctl start oes-cis-repcollector.service
exit_on_error /usr/bin/systemctl start oes-cis-gateway.service
# wait before checking their status
sleep 5
# check the services
exit_on_error /usr/bin/systemctl is-active oes-cis-fluentbit.service
exit_on_error /usr/bin/systemctl is-active oes-cis-configuration.service
exit_on_error /usr/bin/systemctl is-active oes-cis-auth.service
exit_on_error /usr/bin/systemctl is-active oes-cis-data.service
exit_on_error /usr/bin/systemctl is-active oes-cis-metadata.service
exit_on_error /usr/bin/systemctl is-active oes-cis-policy.service
exit_on_error /usr/bin/systemctl is-active oes-cis-mgmt.service
exit_on_error /usr/bin/systemctl is-active oes-dashboard.service
exit_on_error /usr/bin/systemctl is-active oes-cis-aggregator.service
exit_on_error /usr/bin/systemctl is-active oes-cis-collector.service
exit_on_error /usr/bin/systemctl is-active oes-cis-repaggregator.service
exit_on_error /usr/bin/systemctl is-active oes-cis-repcollector.service
exit_on_error /usr/bin/systemctl is-active oes-cis-gateway.service
# restart firewall if its running
systemctl status firewalld.service
if [ $? -eq 0 ]; then
ignore_error systemctl restart firewalld.service
fiEdit the unload script for the Cluster Pool as shown below:
ignore_error /usr/bin/systemctl stop oes-cis-fluentbit.service ignore_error /usr/bin/systemctl stop oes-cis-auth.service ignore_error /usr/bin/systemctl stop oes-cis-data.service ignore_error /usr/bin/systemctl stop oes-cis-metadata.service ignore_error /usr/bin/systemctl stop oes-cis-policy.service ignore_error /usr/bin/systemctl stop oes-cis-mgmt.service ignore_error /usr/bin/systemctl stop oes-dashboard.service ignore_error /usr/bin/systemctl stop oes-cis-aggregator.service ignore_error /usr/bin/systemctl stop oes-cis-collector.service ignore_error /usr/bin/systemctl stop oes-cis-repaggregator.service ignore_error /usr/bin/systemctl stop oes-cis-repcollector.service ignore_error /usr/bin/systemctl stop oes-cis-gateway.service ignore_error /usr/bin/systemctl stop oes-cis-configuration.service
Edit the monitor script for the Cluster Pool as shown below:
exit_on_error /usr/bin/systemctl is-active oes-cis-fluentbit.service exit_on_error /usr/bin/systemctl is-active oes-cis-auth.service exit_on_error /usr/bin/systemctl is-active oes-cis-data.service exit_on_error /usr/bin/systemctl is-active oes-cis-metadata.service exit_on_error /usr/bin/systemctl is-active oes-cis-policy.service exit_on_error /usr/bin/systemctl is-active oes-cis-mgmt.service exit_on_error /usr/bin/systemctl is-active oes-dashboard.service exit_on_error /usr/bin/systemctl is-active oes-cis-aggregator.service exit_on_error /usr/bin/systemctl is-active oes-cis-collector.service exit_on_error /usr/bin/systemctl is-active oes-cis-repaggregator.service exit_on_error /usr/bin/systemctl is-active oes-cis-repcollector.service exit_on_error /usr/bin/systemctl is-active oes-cis-gateway.service exit_on_error /usr/bin/systemctl is-active oes-cis-configuration.service
Changes do not take effect until you take the resource offline, and bring it online again.
Verify the CIS services are successfully upgraded by using the following command:
cishealth
When the status displays “Healthy”, then the CIS server is successfully upgraded.
Restart the agent services.
systemctl restart oes-core-agent.service oes-dashboard-agent.service oes-cis-agent.service oes-cis-recall-agent.service oes-cis-scanner.service
systemctl status oes-core-agent.service oes-dashboard-agent.service oes-cis-agent.service oes-cis-recall-agent.service oes-cis-scanner.service
Prerequisite:
After upgrading to OES 24.4, ensure to check the gatewayforscale (8346) and dataatscale (8347) port on the configured server, and if the port number is missing in the firewall, add it.
Procedure:
Restart the services.
If both gatewayforscale and dataatscale services are available in the same server then you must start the gatewayforscale service first followed by dataatscale service.
systemctl status oes-cis-gatewayforscale.service
systemctl status oes-cis-dataatscale.service
Verify the status of the service.
systemctl restart oes-cis-gatewayforscale.service
systemctl restart oes-cis-dataatscale.service